Upload-labs-master-Pass-04通关教程——.htaccess绕过

1、可以查看下源码，从这里可以看到它设置了一个超级长的黑名单。

$deny_ext = array(".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf");
       

2、这里没有对 .htaccess 文件进行过滤，所以我们这样来做，在本地准备一个  .htaccess  文件。写入以下内容，这个文件的功能就是借助Apache从右到左的解析机制来解析文件。

SetHandler application/x-httpd-php

因此我们只要上传一个类似于aa.php.s34vt4esrg54e.se54vyer5h  后面随意的文件，它都能够当成  aa.php来执行

3、准备好以后上传   .htaccess

        

4、再上传准备好的php文件，但是需要加一个其他的后缀名，此时可以直接上传

                 

5、访问