Infiltration learning diary day20

Make pictures of horses , Older technology

I used to use ew Produced , This is directly over here cmd perform ：

copy /b 1.jpg+2.php=3.jpg

Upload files + The file contains the following information

upload-labs The first 14 topic ：

Picture horse before uploading successfully

here upload-labs There are files in the directory. The contents of the files are as follows ：

After the file upload is successful, a path will be returned

Therefore, we can successfully parse the image in the file by uploading the image php sentence

http://192.168.70.34/upload-labs/include.php?file=upload/5620220215143847.png

summary ：

File upload vulnerability ：

front end js verification ,content-type verification , Blacklist, whitelist ,::$DATA,.htaccesss Parsing vulnerabilities , Double write , Case around ,%00 truncation ( Hexadecimal modification ), Picture horse ...