当前位置:网站首页>基于DVWA的文件上传漏洞测试
基于DVWA的文件上传漏洞测试
2022-07-06 01:06:00 【wishLifeJumP】
目录
DVWA
Low
DVWA Security的“low”级别可以直接上传“一句话”木马。
1.1 编写测试木马
<?php
phpinfo();
?>
1.2 没有后缀过滤直接上传
1.3回显上传路径,直接访问即可
http://localhost/dvwa/hackable/uploads/info.php
Medium
Medium级别不同于Low级别,Medium界别对前端做了上传限制,通过绕过检测机制,抓包更改后缀名达到上传效果。
2.1 上传合法文件,此时打开代理
2.2 待抓到数据包后,send to repeater
info.png 改为info.php
响应码为200说明书上传成功。
2.3 执行php脚本
https://localhost/dvwa/hackable/uploads/info.php
边栏推荐
- Interview must brush algorithm top101 backtracking article top34
- Beginner redis
- Leetcode study - day 35
- JVM_ 15_ Concepts related to garbage collection
- Dynamic programming -- linear DP
- 有谁知道 达梦数据库表的列的数据类型 精度怎么修改呀
- Building core knowledge points
- View class diagram in idea
- Fibonacci number
- Cglib dynamic agent -- example / principle
猜你喜欢
Finding the nearest common ancestor of binary search tree by recursion
servlet(1)
For a deadline, the IT fellow graduated from Tsinghua suddenly died on the toilet
Leetcode study - day 35
Five challenges of ads-npu chip architecture design
Xunrui CMS plug-in automatically collects fake original free plug-ins
Installation and use of esxi
Ubantu check cudnn and CUDA versions
BiShe - College Student Association Management System Based on SSM
The inconsistency between the versions of dynamic library and static library will lead to bugs
随机推荐
新手入门深度学习 | 3-6:优化器optimizers
The third season of ape table school is about to launch, opening a new vision for developers under the wave of going to sea
Mlsys 2020 | fedprox: Federation optimization of heterogeneous networks
Ubantu check cudnn and CUDA versions
Natural language processing (NLP) - third party Library (Toolkit):allenlp [library for building various NLP models; based on pytorch]
Xunrui CMS plug-in automatically collects fake original free plug-ins
The inconsistency between the versions of dynamic library and static library will lead to bugs
282. Stone consolidation (interval DP)
2020.2.13
Intensive learning weekly, issue 52: depth cuprl, distspectrl & double deep q-network
Cf:c. the third problem
Pbootcms plug-in automatically collects fake original free plug-ins
ADS-NPU芯片架构设计的五大挑战
Spark AQE
How to extract MP3 audio from MP4 video files?
[groovy] compile time metaprogramming (compile time method interception | find the method to be intercepted in the myasttransformation visit method)
Dedecms plug-in free SEO plug-in summary
在产业互联网时代,将会凭借大的产业范畴,实现足够多的发展
如何制作自己的机器人
NLP text processing: lemma [English] [put the deformation of various types of words into one form] [wet- > go; are- > be]