[Gloucs] Website upload

Matthew Phillips phillips321 at gmail.com
Mon Jul 18 22:06:26 UTC 2011


Uploading to your web server is defiantly doable but you'll need to
use php and modify the file upload limits in the configs. If I can
recall there are 2 section you need to modify.

There are many simple php upload scripts available on the net (I'm
writing this from iPad so can't link you to one sorry). You'll need to
ensure the directory for upload is writable by the http user. It'll be
a ball ache for the user though, they will unlikely have a progress
bar and if something goes wrong they'll have to upload from 1% again!

Better option, use a service such as rapid upload or megashare, the
user uploads to that and then provides you with the link. Much easier
for them, but not as fun for you!

And the pentester in me is saying those dirty php upload scripts are
exactly that, DIRTY! They usually have no input validation and are
trivial for a malicious user to exploit. Not something i'd ever like
to leave running connected to my home network....

Hope this helps

Matthew Phillips
phillips321 at gmail.com
07818233332 (+44)

On 18 Jul 2011, at 22:07, Glyn Davies <glynd at walmore.com> wrote:

> 'lo,
>
> I have some family in Australia who have some digital photos I want to
> get my hands on. They've been uploaded to Facebook but the resolution
> on the download is way below what I imagine the originals were.
>
> So, I have a webserver on my SLUG (lighthttpd) and it would seem
> simple to have a little page which allowed the Aussies to upload a zip
> of the photos to the SLUG.
>
> Where do I start to achieve this (in the simplest, quickest way)?
>
> P.S. I know all about the NATting and the firewalling, etc. It's the
> easiest way to 'configure' the webserver.
>
> --
> Best Regards
> Glyn Davies
>
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs



More information about the gloucs mailing list