,比如用户头像上传,文章内容的图片、视频、音频、附件上传,一些 CMS 系统上传模版文件,数据库备份文件,插件文件等地方。...:
array( ".php",".php5",".php4",".php3",".php2","php1", ".html",".htm",".phtml",".pht",".pHp",".pHp5"...,".pHp4",".pHp3", ".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx", ".jsw",".jsv",".jspf...,".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp"...0×07 总结
总结了文件操作方面的漏洞,以及单纯从文件操作上来获取SHELL,但真实的环境,我们常常是多种类型的漏洞组合利用,比如SQL注入写文件,命令执行漏洞权限高可不直接就拿下服务器了么,服务器存在进程溢出的程序