Infiltration learning diary day19

Here I added waf Knowledge

Combined with the safety dog learned before , I've seen a lot of simulated interview answers

1. Inline comments The first kind /*！ The second kind /*！ Add numbers , If it is greater than （ Still less than ）mysql Version number of , The annotated statements here can also be used

2. Run keyword dictionary , Then run keyword combinations

3. Parameter pollution , False comment

Upload files ：

1. The front-end verification can be passed directly burp Repackage , First upload his limited format , Then change the package to the suffix we want to write
2.content-type, through burp Repackage ,content-type This is based on the different content we upload type The type will change , But it can also be in burp Modify it into the format specified in

Blacklist detection ： Write the suffix that is not allowed to upload in the array to match

Bypass ：

upload-labs Methods that appear in

Add . .（ Dot space dot ）

Double write after the suffix ::$DATA

.htaceess File attack

.htaccess Two conditions for the successful operation of files as local variables

1.Allow Override All

2.LoadMoudule rewrite_module modules/mod_rewrite.so#rewrite The module is on

If you don't know which configuration file the above module is in , It can be used phpstorm open phpstudy File global search （ctrl+shift+F）

  Implementation method

Create a new one .htaccess Name the file , Then add

<FilesMatch " A name ">

SetHandler application/x-httpd-php

</FilesMatch>

Then create a new one named above under this path .txt Text , Join in php The code can be parsed successfully

Add a link ： 

​​​​​​​.htaccess Detailed explanation of file parsing vulnerability