Target system windows + php
1. Dictionary blasting backstage path
2. Background weak passwords blasting
3. went and found two points editor Baidu upload free version vulnerability could not use a separate backup template upload
4. Initial upload php suffix was told to try the format does not allow other suffixes
.php5 .php1 the like are prohibited 1.png picture picture can be named names are secondary zip format are allowed
Think of using zip compression .php Trojan upload a zip file for uploading templates found decompression format replaced the horse 1.php 1.php.txt guess the code there are checks and other suffixes blacklist upload the code consistent use in the background. Suffix bypassed windows system we have named a file 1.php. when the system automatically will help us get rid of. 1.php can do to open the zip file to compress 1.php
Rename 1.php. After extracting find. Automatically eliminate such codes to bypass the blacklist in the match suffix 1.php decompression success did not trigger the code waf
5. Direct access Trojans found it impossible to resolve the Trojan horse might be guessing waf special characters rendering the secondary thought of the picture content spoofing
Ico suffix put a picture into the big picture suffix added to the middle of the head and tail horse pictures uploaded signature interspersed pressurized successfully resolved visit
6. chopper connection ....