63 lines
2.5 KiB
Plaintext
63 lines
2.5 KiB
Plaintext
|
|
============================================================
|
|
[*] 1. 探测文件扩展名
|
|
============================================================
|
|
[+] Allowed extension: .txt
|
|
[结论] 允许的扩展名: .txt
|
|
|
|
============================================================
|
|
[*] 2. 文件名绕过技巧 (基础扩展名: .txt)
|
|
============================================================
|
|
[+] Filename trick success: 双扩展名1 | shell.php.txt
|
|
|
|
============================================================
|
|
[*] 3. Content-Type 绕过检测 (文件: test.txt)
|
|
============================================================
|
|
[+] Content-Type bypass: image/jpeg
|
|
[+] Content-Type bypass: image/png
|
|
[+] Content-Type bypass: image/gif
|
|
[+] Content-Type bypass: image/bmp
|
|
[+] Content-Type bypass: text/plain
|
|
[+] Content-Type bypass: text/html
|
|
[+] Content-Type bypass: text/xml
|
|
[+] Content-Type bypass: application/octet-stream
|
|
[+] Content-Type bypass: application/x-php
|
|
[+] Content-Type bypass: application/json
|
|
[+] Content-Type bypass: multipart/form-data
|
|
[+] Content-Type bypass: application/x-www-form-urlencoded
|
|
[+] Content-Type bypass: application/zip
|
|
[+] Content-Type bypass: application/pdf
|
|
[+] Content-Type bypass: invalid/type
|
|
|
|
============================================================
|
|
[*] 4. 文件内容绕过检测 (扩展名: .txt)
|
|
============================================================
|
|
[+] Content bypass: 纯文本
|
|
[+] Content bypass: GIF文件头
|
|
[+] Content bypass: PHP标签
|
|
[+] Content bypass: 短标签
|
|
[+] Content bypass: GIF+PHP
|
|
[+] Content bypass: PHP+GIF
|
|
[+] Content bypass: JS脚本
|
|
[+] Content bypass: HTML+PHP
|
|
[+] Content bypass: Base64编码PHP
|
|
[+] Content bypass: UTF-16 BOM + PHP
|
|
[+] Content bypass: 注释包裹PHP
|
|
[+] Content bypass: 空字节截断内容
|
|
[+] Content bypass: 超大文件
|
|
|
|
============================================================
|
|
[*] 5. 请求头与参数绕过检测
|
|
============================================================
|
|
[+] Header bypass set 1: {'User-Agent': 'Mozilla/5.0'}
|
|
[+] Header bypass set 2: {'User-Agent': 'curl/7.68.0'}
|
|
[+] Header bypass set 3: {'X-Forwarded-For': '127.0.0.1'}
|
|
[+] Header bypass set 5: {'Referer': 'http://123.60.191.166/upload.php'}
|
|
[+] Header bypass set 6: {'Authorization': 'Basic dXNlcjpwYXNz'}
|
|
[+] Header bypass set 7: {'Cookie': 'sessionid=abc123'}
|
|
|
|
============================================================
|
|
[*] 1. 探测文件扩展名
|
|
============================================================
|
|
[结论] 未发现允许的扩展名
|