Collection and compilation of absolute path methods in PHP_PHP tutorial

1. Single quote explosion path

Instructions:

Add single quotes directly after the URL, requiring that the single quotes are not filtered (gpc=off) and the server returns an error by default information.

Eg:

www.xxx.com/news.php?id=149′

2. Wrong parameter value explosion path

Instructions:

Change the parameter value to be submitted to an error value, such as -1. Try it when single quotes are filtered.

Eg:

www.xxx.com/researcharchive.php?id=-1

3. Google explosion path

Instructions:

Combine keywords and site syntax to search for web snapshots of error pages. Common keywords include warning and fatal error. Note that if the target site is a second-level domain name and the site is connected to its corresponding top-level domain name, much more information will be obtained.
Eg:

Site:xxx.edu.tw warning

Site:xxx.com.tw “fatal error”

4. Test file explosion Path

Description:

There are test files in the root directory of many websites, and the script code is usually phpinfo().

Eg:

www.xxx.com/test.php
www.xxx.com/ceshi.php
www.xxx.com/info.php
www.xxx.com/phpinfo.php
www.xxx.com/php_info.php
www.xxx.com/1.php

5. phpmyadmin explosion path

Note:

Once you find the management page of phpmyadmin, and then access certain specific files in this directory, it is very likely that the physical path will be exposed. As for the address of phpmyadmin, you can use tools like wwwscan to scan it, or you can choose Google. PS: Some BT websites will be written as phpMyAdmin.

Eg:

www.xxx.cn/phpmyadmin/themes/darkblue_orange/layout.inc.php
www.xxx.cn/phpmyadmin/libraries/select_lang.lib.php
www.xxx.cn/phpmyadmin/index.php?lang[]=1

6. Configuration file search path

Instructions:

If the injection point has file read permission, you can manually load_file or use a tool to read the configuration file, and then find the path information from it (usually at the end of the file). The default paths of the configuration files of the web server and PHP under each platform can be checked online. Here are some common ones.

Eg:

Windows:

c:windowsphp.ini php configuration file
c:windowssystem32inetsrvMetaBase.xml IIS virtual host configuration file

Linux :
/etc/php.ini php configuration file

/etc/httpd/conf.d/php.conf
/etc/httpd/conf/httpd.conf Apache configuration file
/usr/local/apache/conf/httpd.conf

/usr/local/apache2/conf/httpd.conf

/usr/local/apache/conf/extra/httpd-vhosts .conf virtual directory configuration file

7. nginx file type error parsing path

Explanation:
This is a method discovered accidentally yesterday, of course it requires Web The server is nginx, and there is a file type parsing vulnerability. Sometimes /x.php is added after the image address. Not only will the image be executed as a php file, but the physical path may also be exposed.
Eg:

www.xxx.com/top.jpg/x.php

8. Others

Others are like dedecms, Whole-site programs such as phpwind are prone to path vulnerabilities, are complex, and are not very versatile. You can report such loopholes in your reply and I will sort them out.

http://www.bkjia.com/PHPjc/325978.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325978.htmlTechArticle1. Single quote explosion path description: Add single quotes directly after the URL, requiring that the single quotes are not filtered (gpc =off) and the server returns error information by default. Eg: www.xxx.com/news.php?id=149′...