upload-labs
m0_62094846
这个作者很懒,什么都没留下…
展开
-
Pass-19,20
首先要匹配image/jpeg,image/png,image/gif。保存文件时系统把/.删除,文件就变成php保存。然后后缀要有jpg.png,gif。php/.不等于php,绕过检验。按照上题思路做,文件名拆成数组。直接在php后面加/.原创 2022-07-17 16:05:25 · 160 阅读 · 0 评论 -
Pass-10
$is_upload = false;$msg = null;if (isset($_POST['submit'])) { if (file_exists($UPLOAD_ADDR)) { $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax",".原创 2021-12-06 21:59:57 · 96 阅读 · 0 评论 -
Pass-09
$is_upload = false;$msg = null;if (isset($_POST['submit'])) { if (file_exists($UPLOAD_ADDR)) { $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml","..原创 2021-12-06 21:51:58 · 54 阅读 · 0 评论 -
Pass-08
$is_upload = false;$msg = null;if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHt.原创 2021-12-06 17:59:21 · 48 阅读 · 0 评论 -
Pass-06
$is_upload = false;$msg = null;if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHt.原创 2021-12-06 17:48:09 · 54 阅读 · 0 评论 -
Pass-13
上传一个带有木马的png文件原创 2021-12-06 13:29:41 · 2934 阅读 · 0 评论 -
Pass-07
$is_upload = false;$msg = null;if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".p...原创 2021-12-06 09:41:15 · 55 阅读 · 0 评论 -
Pass-4
直接上传php不能成功原创 2021-11-08 22:23:27 · 85 阅读 · 0 评论 -
Pass-05
把php其中一个字母改成大写原创 2021-11-07 22:38:08 · 747 阅读 · 0 评论 -
Pass-03
直接上传php不能成功改包,将php改成php3(其实也可以成功,用buu)上传成功了,但是查看源代码发现没有被php解析,而且蚁剑显示“返回值为空”再试试用phtml(有时约等于php2)但是如果换成buuctf的靶场就可以成功,我在视频上看那个老师在自己的靶场上也没有成功,也是在buu上用的...原创 2021-11-07 22:29:55 · 118 阅读 · 0 评论 -
Pass-02
删除了onsubmit="return checkFile()"仍然无法上传php文件抓包,把php的Content-Type改成图片的Content-Type常见的Content-Type媒体格式类型如下:text/html : HTML格式 text/plain :纯文本格式 text/xml : XML格式 image/gif :gif图片格式 image/jpeg :jpg图片格式 image/png:png图片格式以application开头的媒体格式类...原创 2021-11-05 17:59:18 · 84 阅读 · 0 评论 -
Pass-01
这一种是属于javascript只允许上传jpg,png,gif,如果要用php,要修改限制打开开发者工具,把限制文件传入的代码删除,就可以上传带有木马的php文件了打开页面是空白的,php中的代码已经被读取了,用蚁剑就可以获得数据...原创 2021-11-05 17:25:47 · 131 阅读 · 0 评论