Readers can refer to and subscribe to the column: Upload-Labs shooting range offensive and defensive combat
Antsword Ant Sword
This question involves the use of the Ant Sword tool, the operation can refer to:
[Network Security] AntSword (ant sword) actual combat problem solving detailed analysis (entry)
posture
Backend logic code:
This level does not use the strtolower function to filter the case of the file name, so you can capture the packet to bypass the case
One sentence Trojan file content:
Change .php to .Php
Packing:
Due to the apache 2.4.39 connection error reported in PHPStudy, it can be switched to nginx 1.15.11
Then open the image link to get the file upload URL
Connect Ant Sword:
Summarize
The above is the detailed analysis of [Network Security] upload-labs Pass-06 problem solving, and the detailed analysis of [Network Security] xss-labs Pass-07 problem solving will be shared later.
I am Qiu said , see you next time.