The file information in the data field is in the base64 encoded format, but it contains a large number of \r\n which prevents us from decoding it directly. We can delete all \r\n'through js'.
Open Google Chrome Tour
Open a console
Enter the following code
a = "$data string"
a.replaceAll('\r\n', '')
演示将上面代码进行转化
The demonstration transforms the above code
将转化后的数据进行 base64 转码 我使用的是 Google Chrome 插件 FeHelper
Transcoding the converted data base64 I'm using the Google ChromePlug-inFeHelper
The text was updated successfully, but these errors were encountered:
nbnbk 存在任意文件读取
Nbnbk has an arbitrary file read vulnerability
通过修改
url参数来读取文件,来看返回数据。Return data by modifying the
urlparameter to read the file.文件信息在
data字段中,是base64编码的格式,但其中包含了大量的\r\n导致我们没法直接解码。我们可以通过js去将所有\r\n删掉。The file information in the
datafield is in thebase64encoded format, but it contains a large number of\r\nwhich prevents us from decoding it directly. We can delete all\r\n'throughjs'.演示将上面代码进行转化
The demonstration transforms the above code
将转化后的数据进行
base64转码 我使用的是Google Chrome插件FeHelperTranscoding the converted data
base64I'm using theGoogle ChromePlug-inFeHelperThe text was updated successfully, but these errors were encountered: