How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range

1. After opening the URL, I found that it is an upload page

2. Directly upload the file with the suffix php and found that Unable to upload

3. Use BurpSuite to capture packets and change the suffix of the uploaded file with the suffix php to php5. Bypass

#4. Use a kitchen knife to connect. In the directory of var/www/html, a file with KEY is found. Open it and you will see the key

5. Open another URL, which is also an upload page, but the upload list is set to only allow files with the suffix .gif .jpg .png to pass through Upload

6. We write a txt one sentence Trojan and change its suffix to jpg

7. When uploading, use BurpSiuit to capture the packet and modify the file suffix to show that the upload was successful

##8. Use Ant Sword to connect and find the key

in var/www/html

The above is the detailed content of How to analyze and trace the source of WebShell file upload vulnerability in Mozhe Shooting Range. For more information, please follow other related articles on the PHP Chinese website!