Table of contents
2. Burp captures packets and changes packets
1. Topic
ED01CMSv20180505 has an arbitrary file upload vulnerability
English is not enough to translate to make up:
Clicking on other pages will result in Not Found:
Log in first to see:
Try the universal password: admin: 123
Found the error:
1. Login
admin: admin
Successfully logged in:
Localize it:
psots can be added:
The result of uploading the php Trojan was unsuccessful:
It seems that uploading files other than images is not allowed:
Packet capture modification:
jpg to php
It still fails, maybe it's not authorized.
find next:
The users user module can add:
Try uploading jpg:
successfully uploaded:
Find the jpg pictures we uploaded:
2. Burp captures packets and changes packets
Burp captures packets:
Replayer mod:
The picture jpg is changed to php format, and a Trojan horse is written inside:
In the website directory xxx/images, you can see the file we just uploaded:
3. Ant sword obtains flag
Go directly to Ant Sword:
As shown in the picture:
Find the flag in the root directory:
View flags:
flag{eef2667a-4c3c-4b61-b816-4b883c32e4ac}