概述
闲来无聊,把upload-labs所有的关卡都刷一遍,就当复习一下文件上传漏洞的各种绕过技巧吧,做完一关再看看源代码提高一下审计能力挺好的
Pass-01
一个前端检测,可以禁用js,也可以直接抓包就可以绕过上传
访问成功
Pass-02
Content-Type绕过,直接把Content-Type改为图片类型即可
上传成功
Pass-03
这一关是另类的文件名的绕过,可以尝试phtml,php3,php4, php5, pht后缀名都可以绕过,但是前提是要在配置文件里面有这样的一句话
AddType application/x-httpd-php .php .phtml .phps .php5 .pht
成功回显
源码里面直接用的黑名单。。
$deny_ext = array('.asp','.aspx','.php','.jsp');
当然还有第二种方法
就是上传.htaccess,实现重写文件解析,同样这样的前提也是得在配置文件里面有这样的一句话
AllowOverride All
LoadModule rewrite_module modules/mod_rewrite.so
Pass-04
上面的方法已经不行了,可以看一下他过滤的名单
$deny_ext = array(".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",最后
以上就是土豪花生为你收集整理的upload-labs刷关记录的全部内容,希望文章能够帮你解决upload-labs刷关记录所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复