This exploit demonstrates a file upload bypass in dirList v0.3.0 by appending a semicolon to a banned PHP file extension, allowing remote command execution. The vulnerability leverages Apache's handling of multiple file extensions to execute PHP code.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:dirList v0.3.0
No auth needed
Prerequisites:Access to the dirList file upload functionality