In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article introduces how Gopher attacks MySql, the content is very detailed, interested friends can refer to, hope to be helpful to you.
Introduction to the topic
Extract0r in 34c3CTF web.
The object in the question is a secure decompression service. The user enters the url address of the zip. After verifying the validity of the url, the program will download the zip, and then create a directory for the user to extract the files.
0x00 arbitrary file reading
After testing, it is found that the input domain name cannot contain numbers, and the compressed file cannot contain directories, and the extracted directory does not parse php. By uploading a compressed package containing symbolic links, you can achieve the effect of reading arbitrary files.
Ln-s.. / index.php test_link7za a-t7z-r test.7z test
Visit test_link after uploading to get the source code
Index.php (part html has been deleted)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
