In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Introduction of parsing vulnerabilities
IIS6 parsing vulnerabilities (1.asp directory, cer, etc. Suffix, semicolon)
Apache parsing vulnerability (htaccess,1.php.x)
IIS7 and nginx parsing vulnerabilities (a.com/logo.png/1.php)
2, various ways to bypass upload.
Truncate upload
Path modification
Case bypass
Injection bypass
File header spoofing
1. White list truncated 1.asp%1.jpg
To truncate the upload is to add a space and change the hex to 00. You can upload a pony first
2.fck upload version 2.6.1 iis parsing has been invalidated
Vulnerability: in fck management, we can create an asp folder and then upload an asp file
Vulnerability: through secondary upload
You can break through 1.aspgif by truncating two uploads, and you can change the code. In burp, convert selection- > URL- > URL-decode
3. If you are constructing the form yourself, grab it with a grab bag. Post and cookie are useful to us. (you can use Ming Boy's power to upload)
4.PHPCMS 0day upload create a new t folder, create a b folder in the t folder, and create a * * 1.php in the folder. Then compressed into zip format, upload can be broken. Click the picture on the right to find the way, plus your path is.. / t/b/1.php
5.burp breaks through fck Apache environment
1.php.jpg (truncation) 1.php abcdxxxx111.php.jpg (the local place is the same, and this sentence must be added to the post header and executed at the same time, it is possible to succeed)
6. Construct upload form to upload
If you find a upload that doesn't work, we can find an upload form from Baidu and mainly change the action there.
Filedata replaces a function with upload.
Then use burp (111111.php.jpg) (1111.php.jpg) (1111.saa)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.