File download read

 original road , testing , utilize , Repair 

utilize

 Download or read the database configuration file 
Download or read the interface key information file

file name , Parameter values , Catalog symbols

read.xxx?filename=
down.xxx?filename=
readfile.xxx?file=
downfile.xxx?file=
../ ..\ .\ ./ etc.
%00 ? %23 %20 . etc.
&readpath= &filepath= &path= &inputfile= &url= &data= &readfile= &menu= META-INF= WEB-INF 1. The file is parsed , File parsing vulnerability
2. Show source code , File read vulnerability
3. Prompt file download , File download vulnerability How to get the database configuration file ?
1. Scanning tools crawl or scan addresses
2. Download good file code to analyze the path and include file functions

All kinds of protocol call coordination

Thirty-two :WEB Loophole - File operation of the file download read full solution of more related articles

  1. Chapter 12 Python File operations 【 turn 】

    12.1 open() open() The function opens a file , Return a file object . Usage format :open(name[, mode[, buffering[,encoding]]]) -> file obj ...

  2. 【Android Studio Install deployment series 】 Thirty-two 、Android Simulator Genymotion Installation and use of tutorial details

    Copyright notice : This paper is about HaiyuKing Original article , Reprint please indicate the source ! One . register \ Sign in open Genymotion Official website ,https://www.genymotion.com/ , First, click... In the upper right corner Sign in Conduct ...

  3. ( Reprint )Android Project practice ( Thirty-two ): Fillet dialog Dialog

    Android Project practice ( Thirty-two ): Fillet dialog Dialog   Preface : There are many dialog boxes used in the project , It's too ugly to use the system dialog , Just write a custom dialog . The dialog box includes :1. Round corners 2.app Icon , Tip text , Close the conversation ...

  4. COJ968 WZJ Data structure of ( Negative 32 )

    WZJ Data structure of ( Negative 32 ) Difficulty level :D: Run time limit :5000ms: Operating space limitation :262144KB: Code length limit :2000000B Test description Here's a tree for you N A rootless tree with two dots , There are weights on the sides , There are... At each point ...

  5. NeHe OpenGL course Lesson 32 : Pick up the game

    from [ translate ]NeHe OpenGL course Preface Statement , this  NeHe OpenGL The tutorial series consists of 51 Blog yarin translate (2010-08-19), This blog is reprinted and slightly revised . Yes NeHe Of OpenGL pipeline ...

  6. Java Advanced ( Thirty-two ) HttpClient The use of,

    Java Advanced ( Thirty-two ) HttpClient The use of, Http I don't need to say more about the importance of the agreement ,HttpClient Compared with tradition JDK Self contained URLConnection, Increased ease of use and flexibility ( Specific differences , In the future we will ...

  7. python Adventure ( 3、 ... and )— python Common file operations of

    Catalog Preface file What is a document ? How to be in python Open file in ? python What are the attributes of a file object ? How to read a file ? read() readline() How to write a document ? How to operate files and directories ? Powerful o ...

  8. ASP The thirty-two essence code (1)

    ASP The thirty-two essence code (1) 2009-08-10 09:53:03  www.hackbase.com   source : Internet 1. oncontextmenu="window.event.r ...

  9. Lonely lotus Ling Han taught himself python The thirteenth day python First knowledge of file operation

      Lonely lotus Ling Han taught himself python The thirteenth day python First knowledge of file operation ( The complete learning process screen records the video address at the end of the article , Handwritten notes at the end of the text ) Start self-study today python Ordinary The contents of the file operation section . One .python File open for ...

  10. [COJ0968]WZJ Data structure of ( Negative 32 )

    [COJ0968]WZJ Data structure of ( Negative 32 ) Test description Here's a tree for you N A rootless tree with two dots , There are weights on the sides , There is a light at each point , It's all on at first . Please design a data structure , answer M operations . 1 x: The nodes x Pull the light on the window once , That's when the light changes ...

Random recommendation

  1. DB2 syntax error

    Error infomation:  An unexpected token "JOIN" was found following "". Expected t ...

  2. Why use Bootstrap

    [Bootstrap](http://hovertree.com/menu/bootstrap/) It's made up of two twitter Staff develop and open source front end framework , Very hot , And there's a reason why it's so hot , In our team's ...

  3. C# The image processing --- Basics

    Simple image clipping using System; using System.Drawing; using System.Drawing.Drawing2D; using System.IO; namespa ...

  4. Offline applications Application Cache Detailed explanation

    characteristic :     1. Offline access            - You can still access the entire application without a network     2. Small server load  - Cache locally , There is no need to go to the server to request     3. High speed                 ...

  5. Mobile phones turn into computer cameras , Make pixels high definition - Use DroidCam

    Are you already hating the pixels of the camera that comes with your computer ? Today, let's give Amway a way : Set the mobile phone camera as the computer's camera , Make pixels high definition , It's really good news for the comrades who are engaged in image , Especially when doing face recognition . There are many ways , I recommend that I ...

  6. About links target The problem of

    <a href="http://www.baidu.com" target="_blank"> Click the link </a> target: _bla ...

  7. HDU 3652( digit DP)

    Topic link :B-number Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Tot ...

  8. jQuery Traverse – Filter

    Narrow down the search elements The three most basic filtering methods are :first(), last() and eq(), They allow you to select a specific element based on its position in a set of elements . Other filtering methods , such as filter() and not() ...

  9. L2-2 Rearrange the list (25 branch )

    Given a single chain table  L​1​​→L​2​​→⋯→L​n−1​​→L​n​​, Please write a program to rearrange the list to  L​n​​→L​1​​→L​n−1​​→L​2​​→⋯. for example : Given L by 1→2→3→4→5→6, The output ...

  10. WinAPI Character and string functions (15): CharNext、CharPrev

    unit Unit1; interface uses   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, For ...