We need you to penetrate the following case scenario:
Suppose there is a PHP script file "[login to view URL]" which takes a param i.e $_GET["profilePic"], which is image file path and then it generates a PDF with this image using FPDF library.
If the image file doesn't exist, it will throw an error like:
Warning: getimagesize(uploads/X/[login to view URL]): failed to open stream: No such file or directory in /home/X/public_html/[login to view URL] on line 1202
FPDF error: Missing or incorrect image file: uploads/X/[login to view URL]
We need a proof of concept that this unhandled warning can result into server being pwned/allowing execution of PHP code.
You will be rewarded with a bounty and this may lead to more projects in future!
Hi, As per our discussion yesterday I am already working on this and I expect this to be completed by 9 pm. I will share the report to you. Kindly initiate personal chat to discuss. Thanks Avinash
Bu iş için 10 freelancer ortalamada $161 teklif veriyor
Hello Sir. I can do this project right now. I am a professional Linux and developer in PHP, Wordpress, Laravel, Magento, Joomla, Prestashop, OpenCart, Yii, NodeJS, Angular, Vue.js, HTML5, CSS3 and jQuery. I can do this Daha Fazla