当前位置:网站首页>I spring web upload
I spring web upload
2022-07-05 15:10:00 【Golden silk】
According to the prompt , Visit directly first flag.php file
Looking at the source code, I didn't find anything , So it can only be accessed through file upload flag.php file
Upload the file
Click on the uploaded file , Find out <? and php Filtered , You can't use it directly
hold php Switch to PHP Continue to upload , Find out PHP Not filtered out ,
So it can be used strtolower Function Dodge php The filter , Change species PHP How to write the code
There is the following code
Upload again , Open the uploaded file and find flag
Try another method , In one sentence
Upload files
Open the Chinese ant sword , Right mouse button , Add data , Copy file location URL, Input password abc
Click Add
Then go in and check, and you'll find flag La
边栏推荐
- Reasons and solutions for redis cache penetration and cache avalanche
- 机器学习框架简述
- What are CSRF, XSS, SQL injection, DDoS attack and timing attack respectively and how to prevent them (PHP interview theory question)
- [recruitment position] Software Engineer (full stack) - public safety direction
- Long list optimized virtual scrolling
- DVWA range clearance tutorial
- go学习 ------jwt的相关知识
- Photoshop插件-动作相关概念-ActionList-ActionDescriptor-ActionList-动作执行加载调用删除-PS插件开发
- [detailed explanation of Huawei machine test] happy weekend
- Redis' transaction mechanism
猜你喜欢
超越PaLM!北大碩士提出DiVeRSe,全面刷新NLP推理排行榜
MySQL----函数
Au - delà du PARM! La maîtrise de l'Université de Pékin propose diverse pour actualiser complètement le classement du raisonnement du NLP
百亿按摩仪蓝海,难出巨头
Huiyuan, 30, is going to have a new owner
CODING DevSecOps 助力金融企业跑出数字加速度
Ecotone technology has passed ISO27001 and iso21434 safety management system certification
P1451 求细胞数量/1329:【例8.2】细胞
MySQL之CRUD
市值蒸发超百亿美元,“全球IoT云平台第一股”赴港求生
随机推荐
Super wow fast row, you are worth learning!
Photoshop插件-动作相关概念-ActionList-ActionDescriptor-ActionList-动作执行加载调用删除-PS插件开发
qt creater断点调试程序详解
MySQL----函数
Run faster with go: use golang to serve machine learning
P1451 calculate the number of cells / 1329: [example 8.2] cells
The difference between abstract classes and interfaces in PHP (PHP interview theory question)
美团优选管理层变动:老将刘薇调岗,前阿里高管加盟
Differences between IPv6 and IPv4 three departments including the office of network information technology promote IPv6 scale deployment
Visual task scheduling & drag and drop | scalph data integration based on Apache seatunnel
"Sequelae" of the withdrawal of community group purchase from the city
[12 classic written questions of array and advanced pointer] these questions meet all your illusions about array and pointer, come on!
Common MySQL interview questions (1) (written MySQL interview questions)
GPS original coordinates to Baidu map coordinates (pure C code)
P6183 [USACO10MAR] The Rock Game S
Photoshop plug-in action related concepts actionlist actiondescriptor actionlist action execution load call delete PS plug-in development
基于TI DRV10970驱动直流无刷电机
Install and configure Jenkins
I want to inquire about how to ensure data consistency when a MySQL transaction updates multiple tables?
Behind the ultra clear image quality of NBA Live Broadcast: an in-depth interpretation of Alibaba cloud video cloud "narrowband HD 2.0" technology