环境准备:构建完善的安全渗透测试环境:推荐工具、资源和下载链接_渗透测试靶机下载-CSDN博客
一、大小写绕过(upload-labs 靶场的第5关)
通过查看源码靶场的第5关是黑名单过滤,而且只是过滤了 php 这些,代码中没有转换大小写所以可以使用大小写写绕过,但是windows系统大小写不敏感,所以我们需要使用bp抓包然后将文件后缀名改成大小写
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists($UPLOAD_ADDR)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",&
