Penetration of the road base - directory traversal

Others 2019-09-18 17:18:23 views: null

Directory Traversal

192.168.203.128/test/mlbl.php?path=/

path Parameter input instructions implement directory traversal

An environmental vulnerability

Website to download the file, the file is stored in the server, site scripting exploit code to go back to the page of this catalog file is displayed, if no relevant verification, it will produce a directory traversal vulnerability

Breakthrough way (Gangster article https://www.cnblogs.com/s0ky1xd/p/5823685.html ):

  1. Data encryption parameters passed
    re-submitted after the Web application to encrypt the file name, for example: downfile.jsp?filename= ZmFuLnBkZg-using the filename parameter is a Base64 encrypted, an attacker in order to get around, simply encrypt the file name will then submit additional It can be. So, use some regular or encryption can be easily identified, it is also at risk.
  2. Encoding bypassing
    try different transcoding bypassing the filter of such coding Url, submitted by Url encoding parameters, downfile.jsp?filename= %66%61%6E%2E%70%64%66to bypass.
  3. Directory Restricting bypass
    some Web applications are limited by the directory permissions to separate. Of course, this method is not desirable worth attacker some special symbols can ~be bypassed. Such a submission of the form downfile.jsp?filename=~/../boot. Able to live such a symbol, you can jump directly to a hard disk directory.
  4. Bypassing the file extension filter
    of some Web applications before reading the file, the file extension will be submitted for testing, the attacker can put a null byte code in the file name, file types to bypass such checks.
    For example: ../../../../boot.ini%00.jpg, Web application uses Api will allow the string contains null characters, when actually get the file name, by the system of Api directly truncated, and resolves to ../../../../boot.ini.
    Url encoded may also be used in Unix-line feed system, for example: ../../../etc/passwd%0a.jpgif the file system containing the file name acquired in a line break, the file name will be truncated. You can also try 20%, for example:../../../index.jsp%20
  5. Bypassing the origin verification
    Http Referer: HTTP Referer is part of the header, and when the browser sends a request to the web server, usually bring Referer, I tell the server which page the link is coming from

Another directory traversal

misconfigured web server

index of /

Search Syntax Search Directory Traversal Vulnerability

intitle:index of

Just study notes, will be supplemented if necessary after the content is not perfect

Guess you like

Origin www.cnblogs.com/r0ckysec/p/11529177.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com