某期三个白帽,某牛的出的题被秒,他利用过滤黑名单的方式防止上传。做题的人就是直接上传phtml绕过黑名单的, 但是我之前还不知道phtml还被能解析成php。
于是我本地测试,却发现我本地的phtml后缀解析不了。我本地的环境phpstudy集成环境。
我然后又在我的kali虚拟机里面测试,发现可以解析phtml。当时感觉好奇怪于是我就翻了翻了我kali里面的apache配置文件
kali是debian系的,/etc/apache2的目录下就是apache2的所有配置文件
其中apache2.conf是主要的配置文件,*-enabled表示在是用的配置,*-available表示是可用的配置。
我们来看看apache2.conf中的配置。
在文件的尾部包含了包含了模块的配置,而php5模块配置就是在mods-enabled里面
可看见php5.conf是../mods-available/php5.conf的软连接。看看php5.conf
终于找到原因啦,只要符合这个正则的后缀名都可以被当做php文件执行。符合的后缀包括 php、php3、php4、php5、phtml、pht 等
后来我还去测试了其他的一些apache+php的环境
windows
phpstudy和wamp两个集成环境
linux
ubuntu、debian和centos用源的方式安装lamp.(apt-get和yum)
结果
phpstudy和wamp以及centos用yum方式安装的lamp环境不能解析 phtml和pht
ubuntu和debian利用apt-get方式安装的lamp环境就能解析 phtml和pht , 原因和上图分析是一样的 。
备注
利用这些环境特性和黑名单就能绕过限制,达到上传webshell的目的,在平常渗透测试当中也许会是一个突破点

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

Article discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo

PHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot

Laravel's service container and service providers are fundamental to its architecture. This article explores service containers, details service provider creation, registration, and demonstrates practical usage with examples. We'll begin with an ove

The article discusses adding custom functionality to frameworks, focusing on understanding architecture, identifying extension points, and best practices for integration and debugging.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Dreamweaver Mac version
Visual web development tools

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

SublimeText3 Chinese version
Chinese version, very easy to use

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
