Upload Breakthrough Study Notes

Upload place, upload path, upload verification, upload breakthrough
analysis vulnerability: backdoor format, the backdoor must be executed in script format to execute the code effect.
The asp Trojan horse format must be executed in asp. It is impossible to execute in jpg, gif, txt and other formats. The parsing vulnerability can be parsed across formats.
The following is a platform parsing vulnerability
iis 6.0: file format and folder format
File format: x.asp => x.asp; x.jpg (gif, txt, png, etc.) asp execution (meaning script format x.asp but change the format to x.asp; x.jsp executes the following url to access)
http://www.xxx .com//Uplod/image/x.asp;1.jpg
Folder form: xx/xx.asp => xx.asp/xx.jpg asp execute
http://www.xxx.com//Uplod/image/ shell.asp/asp.jpg
iis7.X: Since only pictures, MP4, and other formats are allowed to be uploaded when uploading, the Trojan horse statement is written into the picture
http://www.xxx.com/logo.gif
Parsing vulnerability: http://www.xxx.com/logo.gif www.xxx.com/logo.gif/x.php (use php script to execute logo.gif)
The uploaded image is Trojan
apache: the uploaded file is logo.php.dsadasdasd
Parsing vulnerability: First determine whether the system recognizes the suffix name, If you don't know it, look for the last suffix
http://www.xxx.com/logo.php.dsadasdasd
uginx: similar to the
actual breakthrough process of iis 7.x
Generally, the site has permission and permission to upload, and the upload page can be found without permission. For permission upload, you need to log in to the background. You can obtain the login password of the background by injection, and choose to upload. Generally, there will be restrictions on the format of uploading, and the content will be tested. picture, use burp to capture the package, change the package for upload, use the platform's analysis loophole to execute the Trojan horse, and use editing software to write a sentence of Trojan horse into the picture for upload, and then upload the newspaper.