当前位置:网站首页>File upload vulnerability test based on DVWA
File upload vulnerability test based on DVWA
2022-07-06 01:07:00 【wishLifeJumP】
Catalog
DVWA
Low
DVWA Security Of “low” Levels can be uploaded directly “ In a word ” Trojan horse .
1.1 Write test Trojan
<?php
phpinfo();
?>1.2 Upload directly without suffix filtering
1.3 Echo the upload path , Just visit directly
http://localhost/dvwa/hackable/uploads/info.php
Medium
Medium Level different from Low Level ,Medium The sector imposes upload restrictions on the front end , By bypassing the detection mechanism , Capture packets and change the suffix to achieve the upload effect .
2.1 Upload legal files , Open the agent
2.2 After catching the packet ,send to repeater
info.png Change it to info.php
The response code is 200 Instructions uploaded successfully .
2.3 perform php Script
https://localhost/dvwa/hackable/uploads/info.php
边栏推荐
- Arduino hexapod robot
- Convert binary search tree into cumulative tree (reverse middle order traversal)
- The growth path of test / development programmers, the problem of thinking about the overall situation
- cf:D. Insert a Progression【关于数组中的插入 + 绝对值的性质 + 贪心一头一尾最值】
- FFT 学习笔记(自认为详细)
- 如何制作自己的機器人
- Intensive learning weekly, issue 52: depth cuprl, distspectrl & double deep q-network
- KDD 2022 | EEG AI helps diagnose epilepsy
- Differences between standard library functions and operators
- Idea remotely submits spark tasks to the yarn cluster
猜你喜欢
282. Stone consolidation (interval DP)
关于#数据库#的问题:(5)查询库存表中每本书的条码、位置和借阅的读者编号
Exciting, 2022 open atom global open source summit registration is hot
Five challenges of ads-npu chip architecture design
Dedecms plug-in free SEO plug-in summary
Dede collection plug-in free collection release push plug-in
Browser reflow and redraw
Recoverable fuse characteristic test
MIT博士论文 | 使用神经符号学习的鲁棒可靠智能系统
Recursive method to realize the insertion operation in binary search tree
随机推荐
curlpost-php
程序员搞开源,读什么书最合适?
WordPress collection plug-in automatically collects fake original free plug-ins
Spark AQE
Mysql--- query the top 5 students
FFT learning notes (I think it is detailed)
In the era of industrial Internet, we will achieve enough development by relying on large industrial categories
Meta AI西雅图研究负责人Luke Zettlemoyer | 万亿参数后,大模型会持续增长吗?
Interview must brush algorithm top101 backtracking article top34
Idea remotely submits spark tasks to the yarn cluster
[simple implementation of file IO]
Promise
Xunrui CMS plug-in automatically collects fake original free plug-ins
synchronized 和 ReentrantLock
Distributed base theory
Recoverable fuse characteristic test
猿桌派第三季开播在即,打开出海浪潮下的开发者新视野
KDD 2022 | 脑电AI助力癫痫疾病诊断
图解网络:TCP三次握手背后的原理,为啥两次握手不可以?
The inconsistency between the versions of dynamic library and static library will lead to bugs