標籤:height special 執行 過濾 img message name level 參數
PHP Code Injection
主要代碼
1 <div id="main"> 2 3 <h1>PHP Code Injection</h1> 4 5 <p>This is just a test page, reflecting back your <a href="<?php echo($_SERVER["SCRIPT_NAME"]);?>?message=test">message</a>...</p> 6 7 <?php 8 9 if(isset($_REQUEST["message"])) //這裡接受message參數10 {11 12 // If the security level is not MEDIUM or HIGH13 if($_COOKIE["security_level"] != "1" && $_COOKIE["security_level"] != "2") //如果是low層級執行下列代碼14 {15 16 ?>17 <p><i><?php @eval ("echo " . $_REQUEST["message"] . ";");?></i></p> //直接echo message18 19 <?php20 21 }22 23 // If the security level is MEDIUM or HIGH24 else //如果不是low層級,進行echo函數過濾25 {26 ?>27 <p><i><?php echo htmlspecialchars($_REQUEST["message"], ENT_QUOTES, "UTF-8");;?></i></p>28 29 <?php30 31 }32 33 }34 35 ?>36 </div>
本人水平比較低,想到的是phpinfo(),然後直接上刀,看YouTube上的老外,直接命令執行反彈一個NC
bWAPP----PHP Code Injection
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
