The truncation method must be used for processing.
The detailed process is as follows:
1. upload images normally submitted (preferably a simple one-sentence Trojan Horse)
2. Capture the package, capture the package, copy the post data, and save it as txt.
3. Edit the package in decimal format and add 00.
4. resubmit the package. nc (netcat) is the most primitive and most effective.
For Path truncation, there are two possible paths in the file name. Next, let's try,
Here, refer to the mobile network upload vulnerability and the upload of a cms:
Upfile. asp? Formname = form1 & editname = tp & uppath = images/upfile & filelx = jpg
1. Perform operations on the custom save path. For example, change uppath = images/upfile to uppath = images/upfile/1.asp% 00.
2. Change the file name to. If the file name is 1.jpg, change it to 1.asp000000.jpg.
The specific method is the same as above (no longer ).
Note: As mentioned above, % 00 cannot be directly input in text editing. It refers to 00 of the hexadecimal editing tool.