Readers can refer to and subscribe to the column: Upload-Labs shooting range offensive and defensive combat
Antsword Ant Sword
This question involves the use of the Ant Sword tool, the operation can refer to:
[Network Security] AntSword (ant sword) actual combat problem solving detailed analysis (entry)
posture
Backend logic code:
The filtered file types are:
“.php”,“.php5”,“.php4”,“.php3”,“.php2”,“.html”,“.htm”,“.phtml”,“.pht”,“.pHp”, “.pHp5”,“.pHp4”,“.pHp3”,“.pHp2”,“.html”,“.Htm”,“.pHtml”,“.jsp”,“.jspa”,“.jspx”, “.jsw”, “.jsv”, “.jspf”, “.jtml”, “.jSp”, “.jSpx”, “.jSpa”, “.jSw”, “.jSv”, “.jSpf”, ".jHtml", ".asp", ".aspx", ".asa", ".asax", ".ascx", ".ashx", ".asmx", ".cer", ".aSp", ".aSpx", ".aSa", ".aSax", ".aScx", ".aShx", ".aSmx", ".cEr", ".sWf", ".swf", ".htaccess"
It can be seen that the problem-solving method of Pass-04 cannot be used to bypass the .htaccess file
According to the code audit, for the uploaded file name, first delete the dot at the end of the file name, and then remove the first digit, so we can construct
05.php. .
This will be converted to:
05.php.
i.e. php file
The packet capture structure is as follows:
Release:
Then access the file upload path:
The file is uploaded successfully, connect to AntSword:
Summarize
The above is the detailed analysis of [Network Security] upload-labs Pass-05 problem solving, and the
detailed analysis of [Network Security] xss-labs Pass-06 problem solving will be shared later.
I am Qiu said , see you next time.