upload
好好学习不好吗?
这个作者很懒,什么都没留下…
展开
-
大家好,我换博客了 嘻嘻
我的新博客原创 2019-11-15 09:54:24 · 162 阅读 · 0 评论 -
upload pass20
$is_upload = false; $msg = null; if(!empty($_FILES['upload_file'])){ //检查MIME $allow_type = array('image/jpeg','image/png','image/gif'); if(!in_array($_FILES['upload_file']['type'],$allow_...原创 2019-11-07 17:05:26 · 346 阅读 · 0 评论 -
upload pass-16
#upload-labs pass-16 在这里必须好好诉诉苦,弄了好久/(ㄒoㄒ)/~~ 首先上网弄一张.gif的图片,往里面弄一句话木马 直接上传,然而发现C刀连接不了,查看源代码。发现有二次渲染在搞鬼,猜测它将我在1.gif最后的一句话给渲染没了,所以我只能将靶机上的图片跟我上传的图片进行对比,看看哪些是渲染前后都没有改变的,然后往1.gif没有改变的区域再加入一句话木马,然后直接上传,最后...原创 2019-11-07 15:55:12 · 178 阅读 · 0 评论 -
upload-labs pass19
upload -labs pass19 $is_upload = false; $msg = null; if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml"...原创 2019-11-07 14:17:11 · 372 阅读 · 0 评论 -
upload -labs pass17
#upload -labs pass17 ####################### unlink() 函数删除文件。 若成功,则返回 true,失败则返回 false。 语法 unlink(filename,context) ####################### $is_upload = false; $msg = null; if(isset($_POST['submit']...原创 2019-11-07 13:06:02 · 580 阅读 · 0 评论 -
upload-labs pass13
#upload-labs pass 13 function getReailFileType($filename){ $file = fopen($filename, "rb"); $bin = fread($file, 2); //只读2字节 fclose($file); $strInfo = @unpack("C2chars", $bin); $...原创 2019-11-06 15:33:28 · 493 阅读 · 0 评论 -
upload -labs 4-10
upload -labs Pass -04 $is_upload = false; $msg = null; if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { $deny_ext = array(".php",".php5",".php4",".php3",".php2",".php1",".htm...原创 2019-11-06 11:00:50 · 414 阅读 · 0 评论 -
#upload -labs Pass01-03
#upload-labs pass-01 首先先直接上传hack.php(<?php eval($_POST['READER']);?>),一句话木马试试水 结果出错 “该文件不允许上传,请上传.jpg|.png|.gif类型的文件,当前文件类型为:.php” 盲猜是前端代码所致,所以采用通用做法先上传一句话木马图片hack.jpg 然后通过抓包 上传成功,后面就用Cknife连接...原创 2019-11-06 10:08:17 · 215 阅读 · 0 评论 -
upload labs pass11-12(00截断)
#upload-labs pass 11 $is_upload = false; $msg = null; if(isset($_POST['submit'])){ $ext_arr = array('jpg','png','gif'); $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['uploa...原创 2019-11-06 13:40:07 · 541 阅读 · 0 评论