pass-01
The first method:
check the prompt first
. Since you use js to check, you only need to disable js at this time. Press F12 and find the settings. Enable and disable js.
Then upload the Trojan horse
to copy the image link and find that the upload is successful
. The second method:
You can take the packet capture method. If the packet capture fails, try changing localhost to the local IPv4 address.
After capturing the packet, change the suffix of the uploaded file to php. Then
test the results and the upload is successful.
pass-02
The operation is the same as the second method above, and the upload can be successful.
Of course, there is a second method.
Here, let’s look at the tips first,
Baidu related knowledge:
MIME (Multipurpose Internet Mail Extensions) multipurpose Internet mail extension type. It is a type of way to set a file with a certain extension to be opened with an application. When a file with this extension is accessed, the browser will automatically use the specified application to open it. It is mostly used to specify some client-defined file names and some media file opening methods.
Here we bypass the whitelist, start capturing packets, and modify its MIME type here
(for more information about MIME types, please refer to: https://baike.baidu.com/item/MIME/2900607)
The upload is successful
pass-03
Here, first modify the httpd.conf in Apache, as shown in the figure below, add .php5 in line 403, and delete '#', restart apache after modification, and upload the
php5 file
successfully