1, explosion path single quotes
Description:
URL directly behind the single quotation marks, the filter is not required single quotes (gpc = off) and the default server returns an error message.
Eg:
www.xxxxxx.com/news.php?id=149'
2, the path error burst parameters
Description:
The parameters to be submitted to change the value of the error value, such as -1. Try single quotation marks when it is filtered.
Eg:
www.xxxxxxxxx.com/researcharchive.php?id=-1
3, Google burst path
Description:
Cached combination of keyword and site search syntax error page, a common keywords are warning and fatal error. Note that if the destination site is a second-level domain, site access is the corresponding top-level domain, such information is obtained much more.
Eg:
Site:xxx.edu.tw warning
Site:xxx.com.tw "fatal error"
4, burst test file path
Description:
There are a lot of test files in the root directory of the site, the script code is usually phpinfo ().
Eg:
www.xxxxxx.com/test.php
www.xxxxxx.com/ceshi.php
www.xxxxxx.com/info.php
www.xxxxxx.com/phpinfo.php
www.xxxxxxx.com/php_info.php
www.xxxxxxx.com/1.php
5, phpmyadmin critical path
Description:
Once you find phpmyadmin management page, and access certain files in that directory, it is likely to burst physical path. As phpmyadmin address of such tools can be used to sweep wwwscan may be selected google. PS: Some BT site will be written in phpMyAdmin.
Eg:
www.xxxxxxxx.cn/phpmyadmin/themes/darkblue_orange/layout.inc.php
www.xxxxxxxxx.cn/phpmyadmin/libraries/select_lang.lib.php
www.xxxxxxxxx.cn/phpmyadmin/index.php?lang[]=1
6, find the profile path
Description:
If the injection point has permission to read the file, you can manually load_file or tool reads the configuration file, and then and find the path information (usually in the end of the file). Under each platform Web server and PHP configuration file default path can search the Internet, here are a few common lists.
Eg:
Windows:
c: \ windows \ php.ini php configuration file
c: \ windows \ system32 \ inetsrv \ MetaBase.xml IIS virtual host configuration file
Linux:
/etc/php.ini php configuration file
/etc/httpd/conf.d/php.conf
/etc/httpd/conf/httpd.conf Apache configuration file
/usr/local/apache/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/apache/conf/extra/httpd-vhosts.conf virtual directory configuration file
7, nginx error parsing the file type explosive path
Description:
This method is accidentally discovered yesterday, of course, requires a Web server is nginx, and the type of file parsing vulnerability. Sometimes add /x.php address after picture, the picture will not only be treated as php file is executed, it is also possible burst of physical path.
Eg:
www.xxxxxxxx.com/top.jpg/x.php Beijing surrogate prestige 15023219993 Guangzhou surrogate prestige 15,023,219,993 Shenzhen surrogate prestige 15,023,219,993 Kunming surrogate prestige 15,023,219,993 Shanghai surrogate prestige 15,023,219,993 Tianjin surrogate prestige 15,023,219,993 Chengdu surrogate prestige 15,023,219,993 Beijing surrogate prestige 15023219993 Chongqing surrogate prestige 15023219993 Chongqing surrogacy prestige 15023219993
8, Other
Other dedecms is like, the entire station program phpwind critical path such vulnerability, relatively complex, and are not universal