本地元素修改上传拿shell的3种方法
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word">进后台看看:1.有上传</p><p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"> 2.有数据库操作</p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"> 3.有系统设置</p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"> </p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302074.jpg" /></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"> </p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word">拿shell,我有三种方法</p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><strong>1.上传</strong></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word">直接上传抓包爆出路径filepath,这里可以考虑NC提交,或者本地修改元素建立.asp文件夹<br />这里我直接用google chrome 审查元素</p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302075.jpg" /></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word">../uppics/1.asa/201211920201285298.jpg</p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302076.jpg" /></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"> </p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302077.jpg" /></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word"><strong>2.数据库恢复</strong></p>
<p style="MARGIN: 5px 0px; LINE-HEIGHT: 18px; FONT-FAMILY: 'sans serif', tahoma, verdana, helvetica; WORD-WRAP: break-word">这里先直接传一张图片马,然后得到路径<br />../uppics/201211920215665549.jpg<br />之后进行数据库恢复<br />后台数据库路径输入框依旧点击不了,这可以本地构造突破掉,这里还是用google chrome 修改元素干掉它</p>
<p style="MARGIN: 5px 0px; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302078.jpg" /></p>
<p style="MARGIN: 5px 0px; WORD-WRAP: break-word">恢复路径可以随便写,只要有写入权限就可以了,点击确定</p>
<p style="MARGIN: 5px 0px; WORD-WRAP: break-word"><img style="BORDER-RIGHT: rgb(235,235,235) 1px solid; BORDER-TOP: rgb(235,235,235) 1px solid; BORDER-LEFT: rgb(235,235,235) 1px solid; CURSOR: pointer; BORDER-BOTTOM: rgb(235,235,235) 1px solid" alt="\" data-ke-="" src="https://img.jbzj.com/file_images/article/201211/2012111215302079.jpg" /></p>
<p style="MARGIN: 5px 0px; WORD-WRAP: break-word">OK,成功,看下一句话地址</p>
<p style="MARGIN: 5px 0px; WORD-WRAP: break-word"><strong>3.修改系统配置</strong>插一句话,小菜怕把网站插死,这里就不插了,万一不闭合一不小心就会挂的,这里有shell了,挂了也可以改回来...</p>
頁:
[1]