Intended: sqli write webshell kết hợp với mysql trick (dùng @ trong đường dẫn để chỉ định port -> WebDAV via HTTP) access tới webshell thông qua unc path (load_file('\\\\localhost:8080/shell.php'))
Một vài note
When a UNC path is navigated to, the protocol used depends on your provider order. The default Windows configuration will attempt SMB, and then if unavailable, will then attempt WebDAV. Here is the result of running:
net use \\173.xxx.xxx.xxx\sdfsdfsdf
Computer first tries to connect over port 445. It then tries to connect over port 139. After being unable to, it eventually attempts WebDAV over port 80. But when a port is specified with the @ symbol, it will always attempt WebDAV via HTTP, regardless of port. It will not attempt to connect via the SMB protocol.
Quay trở lại challenge
bên cạnh \\\\ // cũng sẽ hoạt động
Unintended: readfile thông qua window shortened path name
