Shulou(Shulou.com)06/03 Report--

This article mainly explains "PHP explosion path method example explanation", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn the "PHP explosion path method examples" bar!

1. Single quotation mark burst path

Description:

Putting single quotation marks directly after the URL requires that the single quotation marks are not filtered (gpc=off) and that the server returns an error message by default.

Eg:

Www.xxx.com/news.php?id=149'

2. Error parameter value explosion path

Description:

Change the parameter value to be submitted to an error value, such as-1. Try it when the single quotation marks are filtered.

Eg:

Www.xxx.com/researcharchive.php?id=-1

3. Google explosion path

Description:

Combine keywords and site syntax to search for snapshots of error pages. Common keywords are warning and fatal error. Note that if the target site is a second-level domain name, site connects to its corresponding top-level domain name, so you get a lot more information.

Eg:

Site:xxx.edu.tw warning

Site:xxx.com.tw "fatal error"

4. Test file burst path

Description:

Many Web sites have test files in the root directory, and the script code is usually phpinfo ().

Eg:

Www.xxx.com/test.php

Www.xxx.com/ceshi.php

Www.xxx.com/info.php

Www.xxx.com/phpinfo.php

Www.xxx.com/php_info.php

Www.xxx.com/1.php

5. Phpmyadmin explosion path

Description:

Once you find the administration page of phpmyadmin, and then access some specific files in that directory, it is very likely that the physical path will be exposed. As for the address of phpmyadmin, you can scan it with tools like wwwscan, or you can choose google. PS: some BT sites are written as phpMyAdmin.

Eg:

Www.xxx.cn/phpmyadmin/themes/darkblue_orange/layout.inc.php

Www.xxx.cn/phpmyadmin/libraries/select_lang.lib.php

Www.xxx.cn/phpmyadmin/index.php?lang [] = 1

6. Find the path of the configuration file

Description:

If the injection point has file read permission, you can manually load_file or tool read the configuration file and look for path information from it (usually at the end of the file). The default paths of Web server and PHP configuration files under each platform can be looked up on the Internet. Here are a few common ones.

Eg:

Windows:

C:\ windows\ php.ini php configuration file

C:\ windows\ system32\ inetsrv\ MetaBase.xml IIS virtual host configuration file

Linux:

/ etc/php.ini php configuration file

/ etc/httpd/conf.d/php.conf

/ etc/httpd/conf/httpd.conf Apache configuration file

/ usr/local/apache/conf/httpd.conf

/ usr/local/apache2/conf/httpd.conf

/ usr/local/apache/conf/extra/httpd-vhosts.conf virtual directory configuration file

7. Nginx file type error parsing burst path

Description:

This is a method inadvertently discovered yesterday, which of course requires that the Web server is nginx and that there is a vulnerability in file type parsing. Sometimes add / x.php to the address of the picture, and the picture will not only be executed as a php file, but may also reveal the physical path.

Eg:

Www.xxx.com/top.jpg/x.php

At this point, I believe that you have a deeper understanding of the "PHP explosion path method example", might as well come to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.