0xploit.com

session hijacking

  1. H

    Web LFI via PHP session upload progress

    LFI via PHP session upload progress It is possible to exploit LFI by forcibly creating a session (without session_start()!) by sending the PHP_SESSION_UPLOAD_PROGRESS parameter. The splice also uses a filter combination trick to create the desired prefix in the shellcode, but this is not so...
Top