Remote Code Execution
- Remote Code Execution
|| # in front of OK, back OK, just run;
| # In front is not OK, back OK, you can also run;
2. Use the file type to view the content; use the echo command to write a word Trojan horse, even a kitchen knife. . . OK. .
https://www.cnblogs.com/luffystory/p/8972162.html
----------------------------------------------------------------------------------------------------------------------------------------------
SSRF
(https://www.freebuf.com/column/194040.html)
1. Introduction: SSRF (Server-Side Request Forgery: server-side request forgery) is a form by an attacker construct a security breach that initiated the request by the server. Under normal circumstances, SSRF is to target the site's internal systems.
Popular terms, is this: I end my client. Can access to the server, and then you can access to other subnets in the server through the server (client sends a request to the server to detect illegal, then the client to the server's identity to access other affiliated network / server resources)
2.SSRF use of: scanning the host, port scan https://blog.csdn.net/yeyang123_fy/article/details/44228213
File Read
Exploit
- SSRF's common position:
3. combat:
- The need to jump (URL) parameter when executed, URL is executed, and then jump to a specific URL; so we can collect information through this website operation.
2. Review the basic information about the site:
3. Check the port: 80 port is relatively fast reaction, other ports will display timeout. We are here with a burp look at, but I think burp. . Inaccurate. . . Port 22 and port 1111 shows the 200 status code, open the Web page is blank. .
Use dict command (or \\ \\\), can pop up at the end of the page, but burp or useless.
4.但是通过网页的回显,或者说使用nmap扫端口,应该还是可以的。应该还是可以使用file协议读取文件内容,但是查看不到有价值有意义的内容。
【file协议:查看本地文件的一个协议,协议格式如下图https://www.jianshu.com/p/70c2d9881570】
5.我还是不会用脚本跑==应该学着跑一下哪些端口开了的。。。。