[面包]MrTwoC

你好，欢迎来到这个基于区块链的个人博客名字：面包 / MrTwoc 爱好：跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向：Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发

File Upload && BrupSuite

Feb 13, 2024#Web2Security #UpLoadFile #BrupSuite30

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The difficulty level is medium. The source code restricts the upload of the image.png file, so the user opens Burp Suite to intercept the request and uploads a web shell. The user copies the code into a text file, changes the file extension to .php, and creates a web shell file. The user intercepts the image.png file and modifies the Content-Type to image/png to bypass the restriction. The user successfully uploads the image.png file and accesses the uploaded file at http://192.168.1.2/dvwa/hackable/uploads/111.php. The user then opens a web shell tool called AntSword and enters the address and password to gain access. By double-clicking on image.png, the user can view the website structure and the files it contains.

Difficulty: medium

When I saw the source code, it restricted the upload type.

So I opened brupSuite
Enabled interception, and then uploaded a webshell:

Copy the code into a txt file, then change the extension to php, and you will have a webshell file.

Here it is intercepted

Change Content-Type to:
image/png
Then allow it, and the upload is successful

Then follow the upload address and enter the link:
http://192.168.1.2/dvwa/hackable/uploads/111.php
It shows a blank screen, indicating successful exploitation
Open AntSword, enter the address, password: pass

Double-click to see the website structure and the files it contains

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#60961-15
Owner
0x4cc7cb48adf7c465a49f98aecafe7948450d85b2
Transaction Hash
Creation 0x0b3d5c54...9094d0f440 Last Update 0x0b3d5c54...9094d0f440
IPFS Address
ipfs://QmSTmFMfM8pfZFHJnzA1Zm18WShWCYzC34XRpYeVL2vLno