当前位置:网站首页>File upload vulnerability test based on DVWA
File upload vulnerability test based on DVWA
2022-07-06 01:07:00 【wishLifeJumP】
Catalog
DVWA
Low
DVWA Security Of “low” Levels can be uploaded directly “ In a word ” Trojan horse .
1.1 Write test Trojan
<?php
phpinfo();
?>1.2 Upload directly without suffix filtering
1.3 Echo the upload path , Just visit directly
http://localhost/dvwa/hackable/uploads/info.php
Medium
Medium Level different from Low Level ,Medium The sector imposes upload restrictions on the front end , By bypassing the detection mechanism , Capture packets and change the suffix to achieve the upload effect .
2.1 Upload legal files , Open the agent
2.2 After catching the packet ,send to repeater
info.png Change it to info.php
The response code is 200 Instructions uploaded successfully .
2.3 perform php Script
https://localhost/dvwa/hackable/uploads/info.php
边栏推荐
- VMware Tools安装报错:无法自动安装VSock驱动程序
- Obstacle detection
- MYSQL---查询成绩为前5名的学生
- Construction plan of Zhuhai food physical and chemical testing laboratory
- IP storage and query in MySQL
- Four dimensional matrix, flip (including mirror image), rotation, world coordinates and local coordinates
- The detailed page returns to the list and retains the original position of the scroll bar
- Dede collection plug-in free collection release push plug-in
- [Arduino syntax - structure]
- After 95, the CV engineer posted the payroll and made up this. It's really fragrant
猜你喜欢
如何制作自己的機器人
Beginner redis
KDD 2022 | EEG AI helps diagnose epilepsy
Four commonly used techniques for anti aliasing
![[groovy] JSON string deserialization (use jsonslurper to deserialize JSON strings | construct related classes according to the map set)](/img/bf/18ef41a8f30523b7ce57d03f93892f.jpg)
[groovy] JSON string deserialization (use jsonslurper to deserialize JSON strings | construct related classes according to the map set)
MCU realizes OTA online upgrade process through UART
ubantu 查看cudnn和cuda的版本
关于#数据库#的问题:(5)查询库存表中每本书的条码、位置和借阅的读者编号
Pbootcms plug-in automatically collects fake original free plug-ins
vSphere实现虚拟机迁移
随机推荐
在产业互联网时代,将会凭借大的产业范畴,实现足够多的发展
新手入门深度学习 | 3-6:优化器optimizers
MYSQL GROUP_ The concat function realizes the content merging of the same ID
[groovy] JSON serialization (convert class objects to JSON strings | convert using jsonbuilder | convert using jsonoutput | format JSON strings for output)
Who knows how to modify the data type accuracy of the columns in the database table of Damon
95后CV工程师晒出工资单,狠补了这个,真香...
Recursive method to realize the insertion operation in binary search tree
MCU realizes OTA online upgrade process through UART
Leetcode daily question solution: 1189 Maximum number of "balloons"
[groovy] compile time metaprogramming (compile time method interception | find the method to be intercepted in the myasttransformation visit method)
Four dimensional matrix, flip (including mirror image), rotation, world coordinates and local coordinates
1791. Find the central node of the star diagram / 1790 Can two strings be equal by performing string exchange only once
Dedecms plug-in free SEO plug-in summary
China Taiwan strategy - Chapter 8: digital marketing assisted by China Taiwan
《强化学习周刊》第52期:Depth-CUPRL、DistSPECTRL & Double Deep Q-Network
Mobilenet series (5): use pytorch to build mobilenetv3 and learn and train based on migration
Recursive method converts ordered array into binary search tree
Mlsys 2020 | fedprox: Federation optimization of heterogeneous networks
The detailed page returns to the list and retains the original position of the scroll bar
Vulhub vulnerability recurrence 74_ Wordpress