web????????????????????????
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了web????????????????????????相关的知识,希望对你有一定的参考价值。
?????????code amp ????????? target ?????? ?????? ?????? ?????? ada
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????web??????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????web?????????????????????????????????????????????????????????????????????????????????????????????????????????webshell
??????webshell????????????????????????????????????????????????????????????????????????????????????????????????
{??????=??????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????
????????????????????????????????????php?????????????????????????????????????????????????????????????????????html????????????}
?????????
??????????????????????????????????????????webshell
???????????????????????????????????????????????????????????????
???????????????????????????
?????????????????????????????????????????????????????????
low?????????
????????????????????????????????????php??????????????????????????????????????????????????????
1 <?php 2 3 if( isset( $_POST[ ???Upload??? ] ) ) { 4 // Where are we going to be writing to? 5 $target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/"; 6 $target_path .= basename( $_FILES[ ???uploaded??? ][ ???name??? ] ); 7 8 // Can we move the file to the upload folder? 9 if( !move_uploaded_file( $_FILES[ ???uploaded??? ][ ???tmp_name??? ], $target_path ) ) { 10 // No 11 echo ???<pre>Your image was not uploaded.</pre>???; 12 } 13 else { 14 // Yes! 15 echo "<pre>{$target_path} succesfully uploaded!</pre>"; 16 } 17 } 18 19 ?>
{ps????????????????????????????????????????????????php????????????????????????}
Low?????????????????????????????????????????????????????????????????????????????????php???????????????????????????????????????????????????????????????????????????
Medium?????????
????????????????????????????????????????????????
1 if( isset( $_POST[ ???Upload??? ] ) ) { 2 // Check Anti-CSRF token 3 checkToken( $_REQUEST[ ???user_token??? ], $_SESSION[ ???session_token??? ], ???index.php??? ); 4 5 6 // File information 7 $uploaded_name = $_FILES[ ???uploaded??? ][ ???name??? ]; 8 $uploaded_ext = substr( $uploaded_name, strrpos( $uploaded_name, ???.??? ) + 1); 9 $uploaded_size = $_FILES[ ???uploaded??? ][ ???size??? ]; 10 $uploaded_type = $_FILES[ ???uploaded??? ][ ???type??? ]; 11 $uploaded_tmp = $_FILES[ ???uploaded??? ][ ???tmp_name??? ]; 12 13 // Where are we going to be writing to? 14 $target_path = DVWA_WEB_PAGE_TO_ROOT . ???hackable/uploads/???; 15 //$target_file = basename( $uploaded_name, ???.??? . $uploaded_ext ) . ???-???; 16 $target_file = md5( uniqid() . $uploaded_name ) . ???.??? . $uploaded_ext; 17 $temp_file = ( ( ini_get( ???upload_tmp_dir??? ) == ?????? ) ? ( sys_get_temp_dir() ) : ( ini_get( ???upload_tmp_dir??? ) ) ); 18 $temp_file .= DIRECTORY_SEPARATOR . md5( uniqid() . $uploaded_name ) . ???.??? . $uploaded_ext; 19 20 // Is it an image? 21 if( ( strtolower( $uploaded_ext ) == ???jpg??? || strtolower( $uploaded_ext ) == ???jpeg??? || strtolower( $uploaded_ext ) == ???png??? ) && 22 ( $uploaded_size < 100000 ) && 23 ( $uploaded_type == ???image/jpeg??? || $uploaded_type == ???image/png??? ) && 24 getimagesize( $uploaded_tmp ) ) { 25 26 // Strip any metadata, by re-encoding image (Note, using php-Imagick is recommended over php-GD) 27 if( $uploaded_type == ???image/jpeg??? ) { 28 $img = imagecreatefromjpeg( $uploaded_tmp ); 29 imagejpeg( $img, $temp_file, 100); 30 } 31 else { 32 $img = imagecreatefrompng( $uploaded_tmp ); 33 imagepng( $img, $temp_file, 9); 34 } 35 imagedestroy( $img ); 36 37 // Can we move the file to the web root from the temp folder? 38 if( rename( $temp_file, ( getcwd() . DIRECTORY_SEPARATOR . $target_path . $target_file ) ) ) { 39 // Yes! 40 echo "<pre><a href=???${target_path}${target_file}???>${target_file}</a> succesfully uploaded!</pre>"; 41 } 42 else { 43 // No 44 echo ???<pre>Your image was not uploaded.</pre>???; 45 } 46 47 // Delete any temp files 48 if( file_exists( $temp_file ) ) 49 unlink( $temp_file ); 50 } 51 else { 52 // Invalid file 53 echo ???<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>???; 54 } 55 } 56 57 // Generate Anti-CSRF token 58 generateSessionToken(); 59 60 ?>
Medium???????????????gif/jpg(MIME???????????????)???1000b????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????
??????Burp????????????????????????????????????????????????????????????
???????????????????????????????????????
https://www.cnblogs.com/blacksunny/p/8001201.html
https://www.freebuf.com/articles/web/179954.html
以上是关于web????????????????????????的主要内容,如果未能解决你的问题,请参考以下文章
ctfshow web入门 命令执行前篇(web29-web54)
html WebGLテンプレート用のindex.htmlのサンプWeb Web Web Web Web Web Web Web Web Web