A single quotes blast path
Like SQL injection test as single quotes after the parameter.
http://localhost/news.php?id=100'
Second, the critical path parameter error
Waf can be triggered by the first way, it is possible to blast a path through the website incorrect parameter value.
Such as:
http://localhost/news.php?id=-1 http://localhost/news.php?id=oSxMa
Third, access to search engines
You may be able to get to the site through search engines path syntax, such as:
Site:baidu.com warning Site:baidu.com "fatal error"
Fourth, the test file acquisition path
XAMPP website or by phpstudy software to build, then there will be some test files, such as:
/test.php /ceshi.php /info.php /phpinfo.php /php_info.php /1.php /l.php /x.php
Fifth, the profile acquisition path
If the injection point has permission to read the file, you can read the configuration file by load_file function again and find the path information.
Windows configuration file:
c: \ windows \ php.ini php configuration file c: \ windows \ system32 \ inetsrv \ MetaBase.xml IIS virtual host configuration file
Linux configuration file:
/etc/php.ini php configuration file /etc/httpd/conf.d/php.conf /etc/httpd/conf/httpd.conf Apache configuration file /usr/local/apache/conf/httpd.conf /usr/local/apache2/conf/httpd.conf /usr/local/apache/conf/extra/httpd-vhosts.conf virtual directory configuration file
XAMPP configuration file:
Xampp file path C:\xampp\htdocs httpd.com profile C:\xampp\apache\conf/httpd.conf vhosts.conf Web Hosting C:\xampp\apache\onf\extra\httpd-vhosts.conf
phpnow profile:
Site default path D:\PHPnow-1.5.6\htdocs httpd.conf configuration file D:\PHPnow-1.5.6\Apache-20\conf\httpd.conf vhosts.conf Web Hosting D:\PHPnow-1.5.6\Apache-20\conf\extra\vhosts.conf
phpstudy profile:
Site default path C:\phpstudy\www httpd.conf configuration file C:\phpStudy\Apache\conf\httpd.conf vhosts.conf Web Hosting C:\phpStudy\Apache\conf\extra\httpd-vhosts.conf
LAMPP profile:
Site default path / Opt / lampp / htdocs httpd.conf configuration file /opt/lampp/etc/httpd.conf vhosts.conf Web Hosting /opt/lampp/etc/extra/httpd-vhosts.conf
Six, nginx error parsing the file type explosive path
Requirements Web server is nginx, and the type of file parsing vulnerability. Sometimes add /x.php address after picture, the picture will not only be treated as php file is executed, it is also possible burst of physical path.
http://localhost/top.jpg/x.php
Seven, phpmyadmin explosive path
/phpmyadmin/themes/darkblue_orange/layout.inc.php
Eight, with remote code execution vulnerability
Such as eval () function is controlled, then passed directly phpinfo (), by phpinfo page Document_Root parameter access to the Web absolute path.
9. Other
Other dedecms is like, the entire station program phpwind critical path such vulnerability, relatively complex, and are not universal