Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official


KaiWn

Recommended Posts

  • 前端代码进行防护,浏览器禁用js,或者使用burp修改文件后缀

    2390162-20220824154446100-295089268.png

    2390162-20220824155608262-1423041393.png

    2390162-20220824153222262-626876871.png

     

     

    二.

    后端代码进行防护,使用burp修改文件content-type

    2390162-20220824154408254-1948469131.png

    2390162-20220824154636417-167609071.png

     

     

    三.

    利用前提:需要apache的配置文件里面能够解析php5等后缀,然后直接上传.php5等后缀文件

    # cd /opt/lampp/etc

    # vim httpd.conf

      Addtype application/x-httpd-php .php .phtml .php5

     :wq

    # /opt/lampp/lampp restart

    2390162-20220824162033421-1529821710.png

     

     

    四.

    1.后台代码没有第三关的重命名,后缀从后往前执行.bbb解析不了,执行.aaa,执行.php

     直接上传shell.php.aaa.bbb文件

    2.没有拒绝.htaccess后缀(利用前提条件:1.mod_rewrite模块开启。2.AllowOverride All)

    先上传一个.htaccess文件,内容如下:

    SetHandler application/x-httpd-php

    这样所有文件都会当成php来解析

    2390162-20220824164854593-2001861040.png

     

     

    五.

    后台代码去掉文件末尾的点

    使用burp修改文件后缀为. .绕过,访问时使用.php.(空格)

    2390162-20220824174128064-1149988788.png

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...