The first level （ Bypass js）

When uploading a php In a word, it doesn't allow us to upload
Check the source code and find that the format has been limited

Prompt indicates yes js Limit our upload format

Then we should try to get around js Query for
My method is to upload in the correct format and use burp Carry out the bag , Then change it to php Format for packaging

What will be written php Copy the conversion format for uploading
Capture packets and modify the format
After you put the bag in, you have finished php A sentence in this format is sent to the server

The second level （ File types bypass ）

The same is to grab and put bags （ The process is the same as that of the first stage ）
But what this question taught me is that it is not only possible to change the file suffix
You can also change the file type （ It is equivalent to directly telling the server that this file meets your conditions ）

The third level （ Bypass php The blacklist ）

Upload PHP File failed , According to the returned page data , The judgment should be simple blacklist processing . So we can use some other parseable files
So I can find other suffixes as php File execution .
Suffixes that match include php、php3、php4、php5、phtml、pht etc. , Sometimes you need to try one by one