root-me web server 10-20 writeup

File upload - double extensions文件上传——双扩展

Gallery v0.02

介绍

Your goal is to hack this photo galery by uploading PHP code.

/challenge/web-serveur/ch20/tmp/phpSfAkKz 访问无果

返回

查看源码

view-source:http://challenge01.root-me.org/web-serveur/ch20/galerie/upload/ccbde566dbc436aa41b84533bbc60ad8//3.php.jpg?preview

删除

http://challenge01.root-me.org/web-serveur/ch20/galerie/upload/ccbde566dbc436aa41b84533bbc60ad8//3.php.jpg

PV1OejHY4MxfsC2mHpRz9

File upload - MIME type

常见的MIME类型   超文本标记语言文本 .html text/html   xml文档 .xml text/xml   XHTML文档 .xhtml application/xhtml+xml   普通文本 .txt text/plain   RTF文本 .rtf application/rtf   PDF文档 .pdf application/pdf   Microsoft Word文件 .word application/msword   PNG图像 .png image/png   GIF图形 .gif image/gif   JPEG图形 .jpeg,.jpg image/jpeg   au声音文件 .au audio/basic   MIDI音乐文件 mid,.midi audio/midi,audio/x-midi   RealAudio音乐文件 .ra, .ram audio/x-pn-realaudio   MPEG文件 .mpg,.mpeg video/mpeg   AVI文件 .avi video/x-msvideo   GZIP文件 .gz application/x-gzip   TAR文件 .tar application/x-tar   任意的二进制数据 application/octet-stream

Content-Disposition: form-data; name="file"; filename="2.php"
Content-Type: image/gif

查看源码

抓包

删除
http://challenge01.root-me.org/web-serveur/ch21/galerie/upload/cb13dd644fb605082b0a59f2d15c84e7//2.php

password : UN2YusYPnmwfHFHI5zj3

HTTP cookies

Bob create a script to gather user’s email...

PS : Bob really love cookies

ctrl+u

posted @ 2016-06-08 11:22  joy_nick  阅读(7801)  评论(0编辑  收藏  举报