no verification
According to the title "No Verification", we can see that there is no verification of the uploaded file
Upload a sentence of Trojan horse, and then use Ant Sword to connect
<?php
@eval($_POST['a']
?>
The value of post can be changed at will
Add the relative path of the uploaded file after the address, and the password is the value of post
Connection
front-end validation
According to the analysis of the topic and code files, the topic examines JS front-end verification, and JS verification can be bypassed
Use bp to remove the response JS, and delete the JS code obtained during the operation.
Write a one-sentence Trojan php file, upload it, and capture the package. Check
remove all javascript. Forward
shows that the upload is successful
. Use China Ant Sword to connect, and add the relative path to the url After the address, the next steps are the same as the first question without verification
.htaccess
The .htaccess file is a configuration file in the Apache server, which is responsible for the configuration of web pages in the relevant directory. Through the htaccess file, you can help us realize: webpage 301 redirection, custom 404 error page, change file extension, allow/block access to specific users or directories, prohibit directory listing, configure default documents, etc.
Check the code
There is php in the file format that is not allowed to be uploaded, but there is no htaccess
Write a .htaccess file with the content of the file as
SetHandler application/x-httpd-php
The purpose is to parse the uploaded file as php.
Note : It is impossible to change the name to .htaccess if you change it directly. Open Notepad and enter the content, save as, enter .htaccess for the file name, select all for the file type, save it,
upload it ,
and upload another one. The png file of the Trojan horse
is the same as the previous two questions, use the ant sword to connect and get the flag
MIME bypass
Upload a sentence Trojan horse, capture the packet, and change the content behind the content-type
Click forward, the file shows that the upload is successful, connect with the ant sword, and get the flag