当前位置:网站首页>32: Web vulnerability - full solution of file download and read in file operation

32: Web vulnerability - full solution of file download and read in file operation

2021-01-23 20:20:28 September to September

File download read

 original road , testing , utilize , Repair 

utilize

 Download or read the database configuration file 
 Download or read the interface key information file 

file name , Parameter values , Catalog symbols

read.xxx?filename=
down.xxx?filename=
readfile.xxx?file=
downfile.xxx?file=
../ ..\ .\ ./  etc. 
%00 ? %23 %20 . etc. 
&readpath=  &filepath=  &path=  &inputfile=  &url=  &data=  &readfile=  &menu=  META-INF=  WEB-INF

1. The file is parsed , File parsing vulnerability 
2. Show source code , File read vulnerability 
3. Prompt file download , File download vulnerability 

 How to get the database configuration file ?
	1. Scanning tools crawl or scan addresses 
	2. Download good file code to analyze the path and include file functions 

All kinds of protocol call coordination

版权声明
本文为[September to September]所创,转载请带上原文链接,感谢
https://chowdera.com/2021/01/20210123202008486e.html

随机推荐