摘要:
example1: http://192.168.91.139/xml/example1.php?xml=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%3C%21DOCTYPE%20UserInfo%5B%3C%21EN 阅读全文
posted @ 2016-07-22 16:18
Bypass
阅读(603)
评论(0)
推荐(0)
摘要:
Example 1 输入单引号,报错,得到物理路径 可通过../../../../etc/paaswd 读取敏感信息 可包含本地文件或远程文件 https://assets.pentesterlab.com/test_include.txt Example 2 加单引号,报错,可发现获取到的参数后面 阅读全文
posted @ 2016-07-22 15:57
Bypass
阅读(1901)
评论(1)
推荐(0)
浙公网安备 33010602011771号