Shulou(Shulou.com)06/01 Report--

1. Introduction of parsing vulnerabilities

IIS6 parsing vulnerabilities (1.asp directory, cer, etc. Suffix, semicolon)

Apache parsing vulnerability (htaccess,1.php.x)

IIS7 and nginx parsing vulnerabilities (a.com/logo.png/1.php)

2, various ways to bypass upload.

Truncate upload

Path modification

Case bypass

Injection bypass

File header spoofing

1. White list truncated 1.asp%1.jpg

To truncate the upload is to add a space and change the hex to 00. You can upload a pony first

2.fck upload version 2.6.1 iis parsing has been invalidated

Vulnerability: in fck management, we can create an asp folder and then upload an asp file

Vulnerability: through secondary upload

You can break through 1.aspgif by truncating two uploads, and you can change the code. In burp, convert selection- > URL- > URL-decode

3. If you are constructing the form yourself, grab it with a grab bag. Post and cookie are useful to us. (you can use Ming Boy's power to upload)

4.PHPCMS 0day upload create a new t folder, create a b folder in the t folder, and create a * * 1.php in the folder. Then compressed into zip format, upload can be broken. Click the picture on the right to find the way, plus your path is.. / t/b/1.php

5.burp breaks through fck Apache environment

1.php.jpg (truncation) 1.php abcdxxxx111.php.jpg (the local place is the same, and this sentence must be added to the post header and executed at the same time, it is possible to succeed)

6. Construct upload form to upload

If you find a upload that doesn't work, we can find an upload form from Baidu and mainly change the action there.

Filedata replaces a function with upload.

Then use burp (111111.php.jpg) (1111.php.jpg) (1111.saa)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.