Readers can refer to and subscribe to the column: Upload-Labs shooting range offensive and defensive combat
Antsword Ant Sword
This question involves the use of the Ant Sword tool, the operation can refer to:
[Network Security] AntSword (ant sword) actual combat problem solving detailed analysis (entry)
posture
Backend logic code:
This question is the same as Pass-12 to investigate 00 truncation, but it is a POST parameter type
00 truncation principle reference: 00 truncation | upload-labs Pass-12
Capture packets:
Repackage:
Then URL encode %00
As shown in the figure, it becomes an empty string:
Packing:
Get upload path:
After that, you can perform shell operations, which will not be described in this article.
Summarize
The above is the detailed analysis of [Network Security] upload-labs Pass-13 problem solving, and the detailed analysis of [Network Security] xss-labs Pass-14 problem solving will be shared later.
I am Qiu said , see you next time.