Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to analyze and trace the source of loopholes in uploading WebShell files in Moer shooting range

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

The content of this article mainly focuses on how to trace the source of the loophole analysis of uploading WebShell files in Mohist shooting range. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

1. After opening the URL, I found that it was an uploaded page.

two。 Upload the file with the suffix php directly, and find that it cannot be uploaded

3. Use BurpSuite to grab the package, and change the suffix of the uploaded file with the suffix php to php5, which can be bypassed

4. Use a kitchen knife to connect. Find a file with KEY in the var/www/html directory and open it to see key.

5. Open another URL, which is also an upload page, but set the upload list and only allow files to be uploaded with the suffix .gif .jpg .png.

6. Let's write a txt one-sentence Trojan and change its suffix to jpg

7. When uploading, use BurpSiuit to grab the package, and modify the file suffix to show that the upload is successful.

8. Use ant sword to connect and find key in var/www/html

Thank you for your reading, I believe you have a certain understanding of "how to trace the source of loophole analysis of uploading WebShell files in Mohist shooting range". Go to practice quickly, if you want to know more related knowledge points, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report