Home > Operation and Maintenance > Safety > How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

王林
Release: 2023-06-01 08:55:52
forward
1081 people have browsed it

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

1. After opening the URL, I found that it is an upload page

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

2. Directly upload the file with the suffix php and found that Unable to upload

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

3. Use BurpSuite to capture packets and change the suffix of the uploaded file with the suffix php to php5. Bypass

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

#4. Use a kitchen knife to connect. In the directory of var/www/html, a file with KEY is found. Open it and you will see the key

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting RangeHow to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting RangeHow to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

5. Open another URL, which is also an upload page, but the upload list is set to only allow files with the suffix .gif .jpg .png to pass through Upload

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

6. We write a txt one sentence Trojan and change its suffix to jpg

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

7. When uploading, use BurpSiuit to capture the packet and modify the file suffix to show that the upload was successful

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

##8. Use Ant Sword to connect and find the key

How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range in var/www/html

The above is the detailed content of How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template