.htaccess to allow extension

Add Type application/x-httpd-php .evil

# Check the extension type
cat .htaccess 

AddType application/x-httpd-php .evil

Check the upload location.

gobuster dir -u http://192.168.120.107 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Upload the .htaccess.

Hit Ctr + h key to show dot extension for file upload.

Then you can upload the file.

Or, use a BURP to change the name and add the content to the request.

Upload shell.evil (php file, etc.)

Rename the file to whatever you have defined in .htaccess and upload the file.

PreviousFile Upload BypassNextFile Upload Bypass Checklist

Last updated