{"title":"\u3010\u6709\u6599\u8a66\u4f5c\u7248\u3011PortSwigger LAB\u89e3\u8aac\uff1aRemote code execution via polyglot web shell upload","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2025%2F08%2F15%2F072054\" title=\"\u3010\u6709\u6599\u8a66\u4f5c\u7248\u3011PortSwigger LAB\u89e3\u8aac\uff1aRemote code execution via polyglot web shell upload - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","image_url":null,"height":"190","published":"2025-08-15 07:20:54","provider_name":"Hatena Blog","description":"Hello there, ('\u03c9')\u30ce \u306d\u3089\u3044 \u3053\u306eLAB\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u6a5f\u80fd\u304c\u300c\u898b\u305f\u76ee\u306f\u6b63\u3057\u3044\u753b\u50cf\u300d\u3067\u3042\u308b\u3053\u3068\u3060\u3051\u3092\u78ba\u8a8d\u3057\u3066\u304a\u308a\u3001\u30b5\u30fc\u30d0\u5074\u3067\u306f\u62e1\u5f35\u5b50 .php \u3092\u30b3\u30fc\u30c9\u3068\u3057\u3066\u89e3\u91c8\u3057\u3066\u3057\u307e\u3046\u3001\u3068\u3044\u3046\u691c\u8a3c\u3068\u5b9f\u884c\u306e\u4e0d\u6574\u5408\u3092\u7a81\u304d\u307e\u3059\u3002 \u753b\u50cf\u306bPHP\u30b3\u30fc\u30c9\u3092EXIF\u30b3\u30e1\u30f3\u30c8\u3068\u3057\u3066\u57cb\u3081\u8fbc\u3080\u3068\u3001\u30d5\u30a1\u30a4\u30eb\u306f\u300c\u753b\u50cf\u3068\u3057\u3066\u3082\u6b63\u5f53\u300d\u304b\u3064\u300cPHP\u3068\u3057\u3066\u3082\u5b9f\u884c\u53ef\u80fd\u300d\u3068\u3044\u3046\u30dd\u30ea\u30b0\u30ed\u30c3\u30c8\uff08\u591a\u8a00\u8a9e\uff09\u30d5\u30a1\u30a4\u30eb\u306b\u306a\u308a\u307e\u3059\u3002 \u5168\u4f53\u50cf\uff08\u307e\u305a\u306f\u30b9\u30c8\u30fc\u30ea\u30fc\uff09 \u30ed\u30b0\u30a4\u30f3\uff08wiener:peter\uff09\u3002 \u3075\u3064\u3046\u306e exploit.php \u3092\u30a2\u30d0\u30bf\u30fc\u3068\u3057\u3066\u4e0a\u3052\u3066\u30d6\u30ed\u30c3\u30af\u3055\u308c\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3002 \u753b\u50cf\u306bPHP\u3092EXIF\u30b3\u30e1\u30f3\u30c8\u3068\u3057\u3066\u57cb\u3081\u8fbc\u307f\u3001\u2026","width":"100%","blog_title":"Shikata Ga Nai","categories":["Web Security Academy","File upload"],"blog_url":"https://cysec148.hatenablog.com/","type":"rich","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","author_name":"ThisIsOne","url":"https://cysec148.hatenablog.com/entry/2025/08/15/072054","provider_url":"https://hatena.blog","version":"1.0"}