当前位置:网站首页>I include of spring and Autumn
I include of spring and Autumn
2022-07-05 15:11:00 【Golden silk】
Open the connection , The title prompt is a File Inclusion Vulnerability
First try to visit flag.php, What also have no
Continue to look at flag Is it in the front directory , utilize include structure payload
url?path=../flag.php
Try another layer of directory , Nothing at all
So I have to change my mind
Come to the original page , Find out
allow_url_include = ON
It's time to take advantage of PHP flow input La
structure payload
url?path=php://input
Re pass post The ginseng
<?php echo system('ls');?>
Check all the files in the current file directory ,
system Function is to execute system commands
ls yes Linux System commands
Because I'm hot hackbar I don't know why it can't pass POST Pass no = Parameters of
So I used it fiddler The ginseng , It can also be used. burpsuite
ls -a yes Linux The order of , Follow ls almost
ls command - Linux Complete tutorial of commands (yiibai.com)
Click on execute
View the returned packets
Only found dle345aae.php This document can , Check this file again
Reuse file streams php://input, Again, this time it's used fiddler
Pass on POST, use Linux in cat The order of
cat command - Linux Complete tutorial of commands (yiibai.com)
Check the returned data again
Get flag
Of course we know flag Name of file , You can also use another method to view flag
utilize PHP flow filter
?path=php://filter/convert.base64-encode/resource= file a
It means that base64 View the file in the form of encoding a
structure payload
url?path=php://filter/convert.base64-encode/resource=dle345aae.php
The obtained code is base64 Decoding can see flag 了
边栏推荐
- TS所有dom元素的类型声明
- 【华为机试真题详解】欢乐的周末
- 可转债打新在哪里操作开户是更安全可靠的呢
- 超越PaLM!北大硕士提出DiVeRSe,全面刷新NLP推理排行榜
- 机器学习笔记 - 灰狼优化
- sql server char nchar varchar和nvarchar的区别
- Photoshop plug-in action related concepts actionlist actiondescriptor actionlist action execution load call delete PS plug-in development
- Install PHP extension spoole
- Magic methods and usage in PHP (PHP interview theory questions)
- Your childhood happiness was contracted by it
猜你喜欢
Ctfshow web entry explosion
"Sequelae" of the withdrawal of community group purchase from the city
Au - delà du PARM! La maîtrise de l'Université de Pékin propose diverse pour actualiser complètement le classement du raisonnement du NLP
P1451 calculate the number of cells / 1329: [example 8.2] cells
ionic cordova项目修改插件
NBA赛事直播超清画质背后:阿里云视频云「窄带高清2.0」技术深度解读
Ten billion massage machine blue ocean, difficult to be a giant
机器学习笔记 - 灰狼优化
当代人的水焦虑:好水究竟在哪里?
CPU design related notes
随机推荐
机器学习框架简述
Shanghai under layoffs
Au - delà du PARM! La maîtrise de l'Université de Pékin propose diverse pour actualiser complètement le classement du raisonnement du NLP
Bugku's steganography
Database learning - Database Security
一键更改多个文件名字
Cartoon: what are the attributes of a good programmer?
ICML 2022 | 探索语言模型的最佳架构和训练方法
通过npm 或者 yarn安装依赖时 报错 出现乱码解决方式
【華為機試真題詳解】歡樂的周末
JS bright blind your eyes date selector
Photoshop插件-动作相关概念-ActionList-ActionDescriptor-ActionList-动作执行加载调用删除-PS插件开发
CODING DevSecOps 助力金融企业跑出数字加速度
How to paste the contents copied by the computer into mobaxterm? How to copy and paste
Using tensorboard to visualize the training process in pytoch
Machine learning notes - gray wolf optimization
Selection and use of bceloss, crossentropyloss, sigmoid, etc. in pytorch classification
Detailed explanation of QT creator breakpoint debugger
CPU design related notes
I want to inquire about how to ensure data consistency when a MySQL transaction updates multiple tables?