- 开放端口:
8080
- 看源码有include.php的提示
- 访问include.php,告知存在file参数,文件包含,自带
.php后缀 - 扫描发现upload.php
- 上传压缩包压缩包内包含一句话木马的php文件,修改压缩包为jpg后缀和Contents-type为image/jpeg
- 包含
http://xxx.xxx.xxx.xxx/include.php?file=zip://upload/1.jpg%23eval
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
upload_include2
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||