THC MIMEMagic Introduction

In this documentation, we will go through the functionality of the thc_mm module.

THC MIMEMagic is a tool designed to exploit vulnerabilities in file upload mechanisms by sending files with forged MIME headers. This technique can be used to bypass validation scripts, potentially allowing unauthorized file uploads.

Interface Parameters:

1. upload handler: full URL including query
2. user agent: browser string
3. cookie: in case you need to identify yourself with a login or any other cookie, you can add a cookie string
4. upload: select a shell or upload a file
5. type of application: set a fake MIME header for the upload
6. send as filename: set the filename for the upload
7. upload varname: the variable that the server is expecting to hold the file upload
8. referer: optional referer page, previous page
9. other variables: if the server expects more variables you can specify them in this field, make use of this format: var1=value1&var2=value2

ModGlue Variables:

1. $_CONTEXT['thc_mm']['urlparts']: (array) parse_url data of url
2. $_CONTEXT['thc_mm']['payloadfile']: (string) path to payload file
3. $_CONTEXT['thc_mm']['posted_vars']: (array) variable data posted from form
4. $_CONTEXT['thc_mm']['media']: (array) contains the type of mime and its name
5. $_CONTEXT['thc_mm']['payloadfilesize']: (string) filesize of payload
6. $_CONTEXT['thc_mm']['curlhandle']: (resource) curl connection
7. $_CONTEXT['thc_mm']['postvalues']: (array) variable data to send to target

Resource Settings:

• time limit: PHP default
• memory limit: PHP default

Expanding THC MIMEMagic:

N/A

Dependencies:

Curl

Known Issues:

N/A