Shulou(Shulou.com)05/31 Report--

The content of this article mainly focuses on how to trace the source of the loophole analysis of uploading WebShell files in Mohist shooting range. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

1. After opening the URL, I found that it was an uploaded page.

two。 Upload the file with the suffix php directly, and find that it cannot be uploaded

3. Use BurpSuite to grab the package, and change the suffix of the uploaded file with the suffix php to php5, which can be bypassed

4. Use a kitchen knife to connect. Find a file with KEY in the var/www/html directory and open it to see key.

5. Open another URL, which is also an upload page, but set the upload list and only allow files to be uploaded with the suffix .gif .jpg .png.

6. Let's write a txt one-sentence Trojan and change its suffix to jpg

7. When uploading, use BurpSiuit to grab the package, and modify the file suffix to show that the upload is successful.

8. Use ant sword to connect and find key in var/www/html

Thank you for your reading, I believe you have a certain understanding of "how to trace the source of loophole analysis of uploading WebShell files in Mohist shooting range". Go to practice quickly, if you want to know more related knowledge points, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.