zoukankan      html  css  js  c++  java
  • 思路

    偶然,发现https://www.17xwg.com

    一下是我的蛛丝马迹:

    1.https://www.17xwg.com/content-11-798-1.html#comment_iframe      #号的利用

    2.https://www.17xwg.com/rebots。txt

    #
    # robots.txt for PHPCMS v9
    #
    User-agent: * 
    allow: /sitemaps.xml
    Disallow: /caches
    Disallow: /phpcms
    Disallow: /install
    Disallow: /phpsso_server
    Disallow: /api
    Disallow: /admin.php

    3.
    https://www.17xwg.com/bdunion.txt
    09c34f67a8c9bcb9a111df10c43c9e02

    https://www.17xwg.com/log.txt
    返回大量值

    4.验证码验证一直失败的原因
    <label>验证码</label>
    <input class="login_input" type="text" size="4" name="code">
     
    <span>
    <img id="code_img" src="http://admwg.17xwg.com/phpsso_server/api.php?op=checkcode&code_len=4&font_size=14&width=84&height=24&font=&font_color=&background=" onclick="this.src=this.src+"&"+Math.random()">
    </span>

    5.https://www.17xwg.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=662dCAZSAwgFUlUJBAxbVQJXVghTWVQHVFMEV1MRX11cBFMKBFMGHkUROlhBTVFuW1FJBAUVBwIXRlgeERUHQVlIUVJAA0lRXABSQEwNXAhZVl5V
    返回 0
    包括https://www.17xwg.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=662dCAZSAwgFUlUJBAxbVQJXVghTWVQHVFMEV1MRX11cBFMKBFMGHkUROlhBTVFuW1FJBAUVBwIXRlgeERUHQVlIUVJAA0lRXABSQEwNXAhZVl5V

    返回 aaaaa()

    6.https://zhuanlan.zhihu.com/p/26263513
    exp脚本转发的利用

    7.https://blog.csdn.net/wodafa/article/details/70596538
    别人实战经验

    8.https://www.secpulse.com/archives/30536.html

     设计缺陷可获取phpsso_auth_key(可用于sql注入等)

    uid=x&ps_auth_key=phpsso_auth_key



  • 相关阅读:
    Codeforces 231E
    Practice 15.07.07 计算几何
    Codeforces 552E
    Topcoder SRM 661 (Div.1) 250 MissingLCM
    HDU 4971
    Codeforces Round #306 (Div. 2)
    URAL 1988
    URAL 2032
    ServiceStack.Ormlit 事务
    ServiceStack.Ormlit 使用Insert的时候自增列不会被赋值
  • 原文地址:https://www.cnblogs.com/klsfct/p/9222518.html
Copyright © 2011-2022 走看看