Home > Cloud Computing > Cloud Security

Use the remote image storage function for SHELL Analysis

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Use remote storage to organize the Getshell logic. Ewebeditor is quite simple to use SHELL, but sometimes it finds that uploading and modifying cer, cdx, asa, php, and Other types are not good. The webmaster may have handled some security risks, improper modification is also possible. Or deleted. (It seems that the image is deleted, and the remote image saving function cannot be used. Here we will talk about the ideas ). Prepare a pony and upload it to the Web environment that does not support ASP (the target site supports asp). After obtaining the Url of the file, edit the following example at http://www.test.com/1.asp.to Save the suffix of asaon remotely. (The remote upload part is rarely modified .) All right, preview the style, and fill in your asp pony address in the editor. Remember that your asp will never be parsed. Open the pony url to display the complete pony source code. Otherwise, the remote ASP host parses the ASP code into HTML code, and the files downloaded by the host are useless. We recommend that you upload the plug-in that supports ASP to a linux server. Click "Save remotely". By default, your horse will be uploaded to the previusfile directory of the target site.

Another convenient version for remote upload defects [recommended]:
To prevent any script program from being explained by the web server, choose HFS. HFS, a remote file sharing software, is not detailed here. It does not parse any script files. If a website written in PHP has a remote image storage function, it is directly stored on the host without the extension of remote files filtered. Today, I met a remote image storage site, which does not determine the remote file type. However, most of these sites still exist. Use HFS to share t. php (a pony. For example, http: // localhost: 8080/1. php. It is best to use one sentence to wait for a small server. When the file is large, problems may occur when the file is uploaded. Enter http: // localhost: 8080/1. php on the target site and save it remotely. If the download is successful, hfs returns some download information.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More