{"provider_name":"Hatena Blog","author_name":"demandosigno","author_url":"https://blog.hatena.ne.jp/demandosigno/","categories":["Web Security Academy","PortSwigger","\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u4e0d\u5099","\u9069\u5207\u3067\u306a\u3044\u30a2\u30c3\u30d7\u30ed\u30fc\u30c8\u30d5\u30a1\u30a4\u30eb\u5236\u9650","WebShell"],"image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/d/demandosigno/20251105/20251105230517.png","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fwww.demandosigno.study%2Fentry%2F2025%2F11%2F05%2F231757\" title=\"\u30dd\u30ea\u30b0\u30ed\u30c3\u30c8Web Shell \u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306b\u3088\u308b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c - demandosigno\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","url":"https://www.demandosigno.study/entry/2025/11/05/231757","blog_url":"https://www.demandosigno.study/","published":"2025-11-05 23:17:57","height":"190","title":"\u30dd\u30ea\u30b0\u30ed\u30c3\u30c8Web Shell \u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306b\u3088\u308b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c","type":"rich","description":"26 of 35 \u30e9\u30dc https://portswigger.net/web-security/learning-paths/file-upload-vulnerabilities/flawed-validation-of-the-file-s-contents/file-upload/lab-file-upload-remote-code-execution-via-polyglot-web-shell-upload 1. \u30c7\u30d5\u30a9\u30eb\u30c8\u30ea\u30af\u30a8\u30b9\u30c8 POST /my-account/avatar HTTP/2 Host: 0a6700fc03049b368000217e001d00ed.web\u2026","provider_url":"https://hatena.blog","version":"1.0","blog_title":"demandosigno","width":"100%"}