Vulfocus entry target

Command Execution Vulnerability

Vulnerability description ：

Command execution （Command Execution） Vulnerability means that hackers can directly Web Execute system commands in the application , To get sensitive information or win shell jurisdiction
The possible causes of command execution vulnerability are Web Insufficient security detection of user input commands by the server , Cause malicious code to be executed

Open the vulnerability address , Directly write out the parameters of the command execution

Visit the address , return flag

Directory traversal vulnerability

Vulnerability description :

Directory browsing vulnerability is a kind of directory traversal vulnerability , The directory browsing vulnerability is due to a configuration defect in the website , There is a directory browsable vulnerability , This will lead to the disclosure of many private files and directories on the website , For example, database backup files 、 Configuration files, etc , Using this information, an attacker can get the website permission more easily , Cause the website to be hacked .
risk ： When an attacker accesses a directory of a website , The directory does not have a default home page file or the default home page file is not set correctly , The entire directory structure will be listed , Completely expose the website structure to the attacker ;
The attacker may browse the directory structure , Access to some secret files （ Such as PHPINFO file 、 Server probe file 、 Website administrator background access address 、 Database connection files, etc ）.

Open the vulnerability address , Is similar to ftp Pages of the site

Came to tmp Under the table of contents , There is one flag( I thought it might be a fake flag, The submission was successful , A little insulting to IQ )