信息泄露漏洞
2017-11-02 本文已影响0人
Linkingg
通过备份文件或配置文件泄露
- 一般在根目录下
1. http://www.example.com:port/.hg
2. http://www.example.com:port/robots.txt
3. http://www.example.com:port/.git/config
4. http://www.example.com:port/.svn
5. http://www.example.com:port/WEB-INF/web.xml
6. http://www.example.com:port/WEB-INF/database.properties
7. http://www.example.com:port/CVS/Root
8. http://www.example.com:port/CVS/Entries
利用工具
- 各个页面下
1. http://www.example.com/index.html(php, jsp…).bak
2. http://www.example.com/.index.html(php, jsp…)~
3. http://www.example.com/index.html(php, jsp…).rar
4. http://www.example.com/index.html(php, jsp…).zip
5. http://www.example.com/index.html(php, jsp…).7z
6. http://www.example.com/index.html(php, jsp…).tar.gz
7. http://www.example.com/.index.html(php, jsp…).swp
8. http://www.example.com/.index.html(php, jsp…).swo
9. http://www.example.com:port/.DS_store
通过协议进行泄露
- php伪协议
/index.php?f=php://filter/convert.base64-encode/resource=index.php
- file协议
/index.php?f=file://D://www/html/about.php
