Testing Upload Functionality

[Galloglaigh]

HI, New to the forum.


Just wondering when testing Upload functionality on a website using an ASP Shell, will the shell automatically open if successfully uploaded or do you need to figure out the location of the file on the server and somehow opening it up?


this upload feature doesnt give any message about where the file was uploaded to.


Thanks in advance.

[Kulverstukas]

You need to figure it out yourself. If you're mimicking an image, look at where images are stored, same for files that are for public download.

[d4rkcat]

Any security aware website will be renaming uploaded files and hiding them in randomly named directories for this very reason,
But as Kulverstukas said, it is possible to figure it out by looking at other files that have been uploaded that you can locate on the main webpage, or if you are in the admin panel, you should be able to use the uploaded files on the website, for example put an image on a page, then go to the page and check the link of the image ect.

[M1lak0]

Of course you have to figure out the location where the shell is been uploaded only then you can access it. Also when any upload option is given you generally get to know where it is uploaded as they show you the file. They can allow you with any extension suppose .jpeg (Excluding the bypass techniques)so when you'll upload the file it'll show you some where that here is the file uploaded or else it will show you the broken image so just get the location of the image and get access also just use temper data and get the location.

Hope it helped..

[Galloglaigh]

Thanks alot of the comments and help. As you can tell, Im pretty new to this so I appreciate the answers.