当前位置:网站首页>Thinkphp5 log file contains trick
Thinkphp5 log file contains trick
2022-06-30 14:20:00 【Ff. cheng】
Preface
Thinkphp5 The log file contains trick, A method of using logs for file inclusion
Environmental Science
thinkphp5.0.24 Variable coverage rce Fix version , No, forced routing is not enabled rce Affects version
Did not open app_debug
Use conditions
- Log path
- Include a point
analysis
The controller writes a method that can trigger an error , Found incoming php The code will work url code
Follow up log related functions
Four correlation functions are analyzed
ip:
ip It can be used XFF HCI RA Etc , But in the end, there is the legitimacy of the test ,ip2long testing ip Invalid return false, The last set ip by 0.0.0.0
method:
There is no filtering here , But the final return is uppercase HTTP_X_HTTP_METHOD_OVERRIDE
host:
Go straight back to HTTP_X_REAL_HOST
url:
return HTTP_X_REWRITE_URL
Add header information
X-REAL-HOST: <?php phpinfo();?>
X-REWRITE-URL: <?php phpinfo();?>
X-HTTP-METHOD-OVERRIDE: <?php phpinfo();?>
Include log files 
边栏推荐
- Solve the error in my QT_ thread_ global_ End(): 3 threads didn't exit
- Heavyweight: the domestic ide was released, developed by Alibaba, and is completely open source!
- Go common lock mutex and rwmutex
- Je suis à Foshan, où puis - je ouvrir un compte? L'ouverture d'un compte par téléphone mobile est - elle sécurisée?
- 【科研数据处理】[基础]类别变量频数分析图表、数值变量分布图表与正态性检验(包含对数正态)
- Mutex lock, read / write lock, spin lock, pessimistic lock, and optimistic lock
- Use PHP to delete the specified text content in the file
- [observation] as the intelligent industry accelerates, why should AI computing power take the lead?
- DB2 SQL Error: SQLCODE=-206, SQLSTATE=42703
- Laravel RBAC laravel permission use
猜你喜欢
Tencent two sides: @bean and @component are used on the same class. What happens?
Apache Doris comparison optimization Encyclopedia
【科学文献计量】外文文献及中文文献关键词的挖掘与可视化
Heavyweight: the domestic ide was released, developed by Alibaba, and is completely open source!
QQ was stolen? The reason is
How to execute a query SQL
More than 20 years after Hong Kong's return, Tupu digital twin Hong Kong Zhuhai Macao Bridge has shocked
What network security problems are exposed when a large-scale QQ number theft event occurs?
![[observation] as the intelligent industry accelerates, why should AI computing power take the lead?](/img/61/b446a616e86247507c27390505dc6b.jpg)
[observation] as the intelligent industry accelerates, why should AI computing power take the lead?
Summary of use of laravel DCAT admin
随机推荐
Je suis à Foshan, où puis - je ouvrir un compte? L'ouverture d'un compte par téléphone mobile est - elle sécurisée?
Problem: wechat developer tool visitor mode cannot use this function
PHP reverses scenarios based on code and skillfully uses debug_ backtrace()
Dart 扩展特性
What network security problems are exposed when a large-scale QQ number theft event occurs?
"As a service", the inevitable choice of enterprise digital transformation
Google Earth Engine(GEE)——将字符串的转化为数字并且应用于时间搜索( ee.Date.fromYMD)
Wuenda 2022 machine learning special course evaluation is coming!
More than 20 years after Hong Kong's return, Tupu digital twin Hong Kong Zhuhai Macao Bridge has shocked
Notes on reverse learning in the first week of winter vacation
@Role of ResponseBody
Small exercise of process and signal
Flat shading with unity
Meaning of while (~scanf ("%d%d", & A, & B))
@ResponseBody的作用
Use of laravel repository mode
MySQL back to table query optimization
remote: Support for password authentication was removed on August 13, 2021. Please use a personal ac
@component使用案例
DB2 SQL Error: SQLCODE=-206, SQLSTATE=42703