Is there a way to upload to a webserver without using forms, namely just giving a file path through a GET variable in PHP?
That's what I thought at first. The thing is that this is uploading to a server and the server still needs the script that allows the uploading, so it can't be automated. I figured that something would allow that to happen, but I still wouldn't be surprised if it isn't.
Yeah, but say I post a link http://evilsite.com/?file=usr/etc/pwd and you click it. Doesn't matter whether it's automated or not if you click it.
I see now. Although why I didn't see before is beyond me. Maybe I do need an hour more of sleep... Well, even so, this would be the optimal way, otherwise I guess I'll use FTP...
jpez wrote:
Yeah, but say I post a link http://evilsite.com/?file=usr/etc/pwd and you click it. Doesn't matter whether it's automated or not if you click it.
But we're talking about uploading via a $_GET variable. Yes, this is possible, but it would require some kind of client-side script to paste the hex contents of the file into the url as a get-variable. Not very efficient if you ask me. 
Of course, if you already have the file, you can just have an <input type="text" name="file" value="Insert Hex Data Here" /> tag. 
That would be an option, but these may get over a MB in size, so that won't be too nice. I think that if I can get an FTP account where I can restrict who accesses it (since it is open source), I'll just use that. Plus, I was hoping to just completely forgo the HTML thing and make everything do-able from PokéModrPC and not have the user have to upload through their web browser.
KermMartian wrote:
jpez wrote:
Yeah, but say I post a link http://evilsite.com/?file=usr/etc/pwd and you click it. Doesn't matter whether it's automated or not if you click it.
But we're talking about uploading via a $_GET variable. Yes, this is possible, but it would require some kind of client-side script to paste the hex contents of the file into the url as a get-variable. Not very efficient if you ask me. Of course, if you already have the file, you can just have an <input type="text" name="file" value="Insert Hex Data Here" /> tag.
I read it differently:
kirb wrote:
Is there a way to upload to a webserver without using forms, namely just giving a file path through a GET variable in PHP?
I know that he was talking about filename, not the file contents, but you can't really do it with just the filename... jpez wrote:
Sir, I direct you here. 
Nope, still wrong. Imho you completely misinterpreted what he was saying. That's just me, though. 
Python's httplib module can send POST variables in the exact same way that a webbrowser would handle a FORM send....not sure if that helps or not though
Depends. Only if you are spamming through a web based e-mail account like, say, hotmail, yahoo, or gmail. Or you could just use the built in email module.
Register to Join the Conversation
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Advertisement