67.220.91.30/forum/index.php,Burp辅助插件之WooyunSearch 乌云漏洞库payload

最新推荐文章于 2024-06-25 18:13:47 发布
最新推荐文章于 2024-06-25 18:13:47 发布
阅读量1w 收藏 3
点赞数
文章标签: 67.220.91.30/forum/index.php

插件安装方式参考下面的页面

c18613d8763ff9d3b0d9e652d5dd88a5.pngBurp辅助插件之WooyunSearch 乌云漏洞库payload

fde3920b8028818a3a15a500e6482ff2.pngBurp辅助插件之WooyunSearch 乌云漏洞库payload

来自于一个小的想法,我们能否从一个http数据包获取一些历史漏洞来辅助?例如获得该域名的历史漏洞,获得URL相同路径的历史漏洞,以及URL各个参数的历史漏洞。于是爬了下乌云镜像,通过正则收集链接,又整理了其他各种信息,原本想存到数据库,但最后数据也不大,汇总到了一个json文件中。ps:正则收集的链接数据很重要,有的网页并不是直接给出了一个url,有的是一个http请求包,有的是sqlmap的信息,所以用了多个正则来处理,大概手动确定能处理100来个网页,才将全部的链接整理出来了。

burp插件

然后写了一个burp插件,用来辅助寻找http请求包中域名,路径,参数等获取乌云历史漏洞中类似的数据。

65ec751554f985df27d0dc6828e0b1aa.gif

Payload排名Top

既然已经将wooyun中的一些url抓取出来,不如来统计一些常用的字典来丰富一下字典?

出现漏洞的端口Top100

端口号出现次数80806710

802458

811345

8081925

7001885

8000882

8088740

8888735

9090578

8090477

88446

8001406

82401

9080350

8082301

8089265

9000225

8443206

9999185

8002162

89160

8083142

8200141

8008135

90135

8086129

801127

8011120

8085120

9001118

9200117

8100111

8012108

85105

8084102

8070101

700299

809194

800392

9991

777784

801078

44373

802872

808771

8370

700370

1000068

80864

3888864

818164

80063

1808063

809962

889962

8662

836058

830057

880052

818052

350549

700049

900247

805343

100042

708040

898938

2801738

906036

88834

300034

800634

4151634

88034

848434

667733

801632

8432

720031

908530

555530

828029

700529

198029

816128

909127

789027

806027

608027

888026

802026

707026

88926

888124

908124

800924

700724

800423

3850123

101023

最后得到的端口数量在1104,说明在端口扫描时,只需要扫描这一千端口就行,很大节省了效率。

ASP Top100

路径出现次数/news_show.asp233

/about.asp205

/news.asp201

/login.asp173

/index.asp167

/admin/login.asp141

/list.asp130

/show.asp112

/shownews.asp88

/search.asp85

/News_show.asp85

/product.asp83

/news_list.asp70

/article.asp67

/view.asp59

/default_standard.asp59

/info.asp58

/news_more.asp57

/newshow.asp54

/news_detail.asp48

/news_view.asp47

/admin/index.asp46

/products.asp46

/nzcmslistnews.asp46

/read.asp44

/index1.asp44

/detail.asp43

/contact.asp42

/tt/inc/login.asp41

/default.asp41

/readnews.asp40

/mucc/about.asp39

/doc/page/main.asp38

/About.asp37

/onews.asp37

/cp.asp37

/News.asp36

/content.asp36

/doc/page/login.asp36

/productshow.asp35

/view_n.asp34

/new.asp33

/pic.asp33

/newsDetail.asp33

/job.asp33

/JBRCMS/Manager/jbrUploadConfig.asp33

/newsinfo.asp32

/newsbrow.asp30

/newsview.asp29

/admin/admin_login.asp29

/class.asp28

/ProductShow.asp28

/productview.asp28

/Article_Print.asp27

/newsshow.asp27

/LstInfo.asp27

/page.asp25

/jiannya/default.asp25

/CompHonorBig.asp24

/adminqibo5/Edit/editor/resurm_upfile.asp24

/feedback.asp23

/viewnews.asp22

/manage/login.asp22

/ShowNews.asp22

/more.asp22

/hn_type.asp22

/1.asp21

/service.asp20

/admin/Login.asp20

/readpro.asp20

/sbweb/nameedit.asp20

/Body.asp20

/opensoft.asp20

/main.asp19

/showcareer.asp19

/company.asp19

/Pro_shcn.asp19

/jjweb/nameedit.asp19

/cpinfo.asp19

/Htmledit/admin/login.asp19

//liuyan.asp19

/showfwly.asp19

/MoralsView.asp18

/user/reg.asp18

/product_show.asp18

/fuwu_list.asp18

/lesiure/up.asp18

/shell.asp17

/admin.asp17

/admin/admin.asp17

/showservices.asp17

/manage/html/ewebeditor/admin_login.asp17

/Newsview.asp17

/admin/Admin_Login.asp16

/down.asp16

/info_Print.asp16

/person/mailbox.asp16

/jieshao.asp16

/type.asp16

/product_cate.asp16

ASPX Top100

路径出现次数/Default.aspx349

/login.aspx341

/UIFrameWork/login.aspx307

/Login.aspx288

/Detail.aspx209

/admin/login.aspx157

/index.aspx127

/default.aspx124

/OT.OA.WEB/UIFrameWork/login.aspx76

/search.aspx58

/userlogin.aspx57

/list.aspx54

/Admin/login.aspx48

/custom/GroupNewsList.aspx45

//SubCategory.aspx42

/manage/login.aspx38

/aspx/gqxx.aspx38

/newsView.aspx38

/news.aspx37

/Search.aspx34

/admin/index.aspx31

/Web/Login/PSCP01001.aspx30

/city_index.aspx30

/main.aspx29

/newslist.aspx29

/admin/Login.aspx28

/show.aspx28

/Admin/Index.aspx27

/SubCategory.aspx26

/G2S/AdminSpace/QE/AddCustomForm.aspx26

/NewsList.aspx25

/Index.aspx24

/about.aspx23

/gmis/leftmenu.aspx23

/Permission/ApplicationQueryList.aspx22

/test.aspx22

/site/ajax/WebSiteAjax.aspx22

/select_e.aspx22

/ExhibitionCenter.aspx22

/system/stuuserregist.aspx21

/News.aspx21

/workplate/xzsp/gxxt/tjfx/spsl.aspx21

/manager/member/admin_add.aspx20

/workplate/xzsp/tjfx/grbjtj/list.aspx20

/zfmllist.aspx20

/workplate/base/person/listbyorgsel.aspx20

/NewsDetail.aspx19

/Supplylist.aspx19

/Product/ProductList.aspx19

/Web/Login.aspx18

/articleview.aspx18

/model/TwoGradePage/equipmentlist.aspx18

/jsondb/otherreport.aspx18

/jsondb/flightreturn.aspx18

//bos/desktop/RequestOrResponse.aspx18

/Broadcast/Broadcast.aspx18

/jsondb/meblist.aspx18

/searchbargain.aspx18

/jsondb/aircompany.aspx18

/RiskInfo.aspx18

/owa/auth/logon.aspx17

/WebDefault3.aspx17

/article.aspx17

/G2S//AdminSpace/PublicClass/AddCourseWare.aspx17

/news_view.aspx16

/info.aspx16

/CommonPage.aspx16

/DownLoadPage.aspx16

/fckeditor/editor/filemanager/connectors/aspx/connector.aspx16

/support/minisite/thinkpad/htmls/advancedsearch.aspx16

/emlib4/format/release/aspx/eml_homepage.aspx16

/Gmis/Byyxwgl/xls_lwdbxxedit.aspx16

/CMSUploadFile.aspx16

/Main.aspx15

/OrderDetail.aspx15

/webSchool/list.aspx15

/Magazine/NewMagazine.aspx15

/k4/list.aspx15

/k1/preview.aspx15

/MoreIndex.aspx15

/sysadmin/Login.aspx15

/persondh/urgent.aspx15

/OnlineQuery/QueryList.aspx15

/Broadcast/displayNewsPic.aspx15

/Web/News.aspx15

/ModifyPassWord.aspx15

/ftb.imagegallery.aspx14

/TableDataManage/BaseInforQueryContent.aspx14

/presellbuild.aspx14

/tabid/2159/Default.aspx14

/cart.aspx14

/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx14

/admin/course/uploaddemo.aspx14

/searchLines.aspx14

/help/pendantShow.aspx14

/BsGuide.aspx13

/NewsView.aspx13

/Admin/fileManage.aspx13

/ShowNews.aspx13

/Web_Site/Search.aspx13

Jsp Top100

路径出现次数/login.jsp317

/index.jsp176

/kingdee/login/loginpage.jsp160

/get_pwd.jsp126

/zecmd/zecmd.jsp109

/console/login/LoginForm.jsp103

/login/Login.jsp88

/customer.jsp87

/is/index.jsp81

/uddiexplorer/SearchPublicRegistries.jsp79

/yyoa/common/js/menu/test.jsp74

/jcms/interface/user/out_userinfo.jsp59

/seeyon/index.jsp53

/download.jsp53

/yyoa/checkWaitdo.jsp50

/admin/login.jsp49

/list.jsp46

/defaultroot/login.jsp45

/upload5warn/shell.jsp45

/search.jsp43

/myname/wooyun.jsp40

/web/epublic/upload.jsp39

/yyoa/indexPass.jsp39

/yyoa/common/selectPersonNew/initData.jsp37

/bak.jsp35

/yyoa/index.jsp35

/postAjax.jsp35

/cK/foot.jsp34

/tools/SWFUpload/upload.jsp32

/nei.jsp32

/1.jsp31

/wooyun.jsp31

/is/cmd.jsp30

/download/download.jsp29

/cmd.jsp29

/webschool/News/news_list.jsp28

/chopper/chopper.jsp27

/business/notifyView.jsp27

/sofpro/gecs/consulmanage/wsts/bbstitlelist1.jsp27

/live800/downlog.jsp26

/Silic.jsp26

/edoas2/oa.jsp26

/wooyun/wooyun.jsp25

/jmxroot/jmxroot.jsp25

/manage/content/docmanage/download.jsp25

/ConInfoParticular.jsp24

/uddiexplorer/out.jsp23

/1/sx/login.jsp23

/templates/index/hrlogon.jsp23

/commfront/tzzx/uploadImageFiledo.jsp23

/yyoa/ext/https/getSessionList.jsp22

/admin/index.jsp22

/shell.jsp22

/admin/upload.jsp22

/detail.jsp22

/1/sjleader/login.jsp22

/admin/select.jsp22

/admin/fxx.jsp22

/jbossass/jbossass.jsp21

/yyoa/HJ/iSignatureHtmlServer.jsp21

/eol/homepage/common/index.jsp21

/a/pwn.jsp21

/web/common/getfile.jsp21

/upload.jsp20

/test.jsp20

/homepage/LoginHomepage.jsp20

/page/maint/common/UserResourceUpload.jsp20

/zpsys/index.jsp20

/vc/vc/para/opr_initvc.jsp20

/pages/manager/managerAddNManager.jsp20

/hdcy/zxzx_show.jsp20

/yyoa/assess/js/initDataAssess.jsp19

/upload5warn/wooyun.jsp19

/cms/weblawcase/impList.jsp19

/nicknamelogin.jsp19

/ca/ma3.jsp19

/gkznInfo.jsp19

/myname/index.jsp18

/df/index.jsp18

/guige.jsp18

/coremail/index.jsp18

/syfile/swfUpload.jsp18

/admin/protected/index.jsp17

/2/sjtj/login.jsp17

/news.jsp17

/site/law_artile.jsp17

/zwdtSjgl/Directory/lastDirList_iframe.jsp17

/content/topicdeal.jsp17

/webschool/Book/news_list.jsp17

//web/careerapply/HrmCareerApplyPerView.jsp16

/cms/web/downloadFiles.jsp16

/TSPB/web/xzzx/xzzx.jsp16

/prosec.jsp16

/adminroot/common/downLoadFile.jsp16

/uddiexplorer/SetupUDDIExplorer.jsp15

/kingdee/login/loginpage2.jsp15

/wui/theme/ecology7/page/login.jsp15

/f1print/F1PrintKernelJ1.jsp15

/login/login.jsp15

/eln3_asp/public/cscec8b/bulletin.jsp15

PHP Top100

路径出现次数/index.php2456

/admin.php278

/login.php243

/forum.php240

/share/share.php227

/news.php208

/info.php191

/phpinfo.php181

/plus/search.php173

/test.php162

/admin/login.php162

/src/system/login.php146

/article.php140

/plus/recommend.php138

/search.php136

/list.php132

/api.php117

/admin/index.php117

/CmxDownload.php113

/about.php109

/news_show.php98

/download.php97

/home.php81

/login/login.php80

/user.php79

/show.php76

/page.php71

/product.php68

/wp-login.php67

/main.php67

/detail.php65

/news_detail.php64

/faq.php64

/default.php60

/content.php59

//plus/recommend.php58

/news_display.php57

/up/UploadTemp/eval.php57

/down.php55

/www/index.php55

/user/storage_explore.php54

/abouts.php53

/uc_server/admin.php50

/rss.php49

/wescms/index.php49

/1.php45

/news_info.php43

/products_display.php42

/newsdetail.php41

/phpmyadmin/index.php39

/class.php39

/more.php38

//index.php38

/userlist.php37

/plugin.php36

/*.php36

/products.php35

/pics_list.php34

/plus/mytag_js.php34

/news_list.php34

/newsinfo.php34

/smenu.php33

/include/web_content.php31

/batch.common.php31

/space.php30

/modules.php30

/view.php30

/read.php30

/job.php30

/do.php29

/link.php29

/displaynews.php29

/viewthread.php28

/m.php28

/web/index.php28

/member/index.php28

/ajax.php27

/impl/rpccompanyinfo_minkh.php27

//plus/search.php27

/thi.php27

/i.php26

/member.php25

/webmail/login.php25

/admincp.php25

/download_list.php25

/cmxlogin.php25

/auto_reg.php25

/register.php24

/news/class/index.php24

/prog/index.php24

/thi_details.php23

/topic.php23

/shopadmin/index.php23

/cp.php23

/phpsso_server/index.php23

/common/web_meeting/index.php23

/cn/products.php23

/Customize/Audit/MessageMonitor/groupSearch.php23

/new/client.php23

/notice.php22

Action Top100

路径出现次数/root/chat.action429

/login.action291

/index.action227

/homeLogin.action46

/portal/login_init.action46

/stardy/Login.action40

/login_login.action24

/license!getExpireDateOfDays.action23

/indexAction.action23

/index/downLoadFile.action22

/common/common_info.action21

/pages/xxfb/editor/uploadAction.action21

/accountlossList.action21

/ggxxfb.action21

/ivhs/ajax_updateUserInfo.action20

/download.action19

/Login.action19

/syfile/imageCompress.action18

/managerOneGgxxfb.action18

/user/login.action17

/loginAction!login.action16

/index!index.action15

/login/login.action15

/managerNManager.action15

/home.action14

/indexmanagerLogin.action14

/ahsffyww/Default3.action14

/DRP/login.action12

/spam/system/index.action12

/user/gotoLoginPage.action12

/ecp/announcement/announcement_view2.action12

/managerAddNManager.action12

/managerEditNManager.action12

/main.action11

/system/login_login.action11

/login!login.action10

/loginAction.action10

/login/index.action10

/logout.action10

/register.action10

/security/loginInit.action10

/bgxz/bgxzAction_executeBack.action10

/nFixcardAllList.action10

/beian/login_login.action10

//opac_two/mylibrary/comment/queryAllComment.action10

/module/newzwgk/getmainById.action10

/index/index.action9

/shop/member!passwordRecover.action9

/mail/login.action9

/admin/login.action9

/htweixin/InsuranceDownload.action9

//admin/user_logon.action9

/BSBM/loginedLogin.action9

/robot/check-login.action8

/website/dflz/dflzSiteAction!sjList.action8

/module/newzwgk/viewquan.action8

/hbwz/wcms/searchAll.action8

/ahsffyww/Default2.action8

/wfvideo/login.action8

/website-rank/addVoteRecord.action8

/module/newzwgk/viewZwxxQianMore.action8

/superadmin/index.action7

/mall/ui/giftIndex.action7

/userlogin.action7

/cms/admin/login.action7

/szxy/logon.action7

/virtual/shouye.action7

/feedback/buyIntention!saveBuyIntentionInfo.action7

/superadmin/adminLogin.action7

/Index.action7

/security/login.action7

/MemberToLoginIgnore.action7

/rdms/satisfyaid/actions/cstContactAction!register.action7

/regmail/download.action7

/IndexAction.action6

/publish/query/indexFirst.action6

/manage/login.action6

/home/index.action6

/eeoaftp/downloadFile.action6

/eis/index.action6

/gzwl/visit/renewBusinessOrder/renewBusinessOrderDetail.action6

/css/myquery/queryWQSBill.action6

/LoginAction.action6

/detail.action6

/index/index!list.action6

/auth/login.action6

/server/spreq/attachment!download.action6

/lmsv5/user!editUserInfo.action6

/5clib/bookWeb.action6

/otomc/user/loginUI.action6

/im-client/imclient/selfHelp.action6

/ahsffyww/ZXDefault2.action6

/user!login.action6

/Dzsw/Shky/hwky.wai/index.action6

/aic/webnz/welcome-web-home!welcome.action6

/ess/Homepage.action6

/skypearl/cn/toPrintCard.action6

/spdt/spdt_listSp.action6

/xxsearch.action6

/web/Info!list.action6

目录Top100

路径出现次数/admin2639

/user848

/.svn825

/.git670

/login615

/plus550

/news533

/web517

/upload495

/manager469

/xxgk/services465

/root437

/manage411

/ftp/com1/html409

/cgi-bin406

/servlet348

/content333

/api331

/share329

/member315

/UIFrameWork309

/cn277

/bbs275

/jmx-console273

/index245

/invoker244

/s231

/phpmyadmin222

/search220

/Admin211

/papers208

/yyoa207

/common206

/system202

/opac196

/account196

/uddiexplorer195

/ajax190

/cms188

/2001187

/kingdee/login178

/Gmis/xw173

/1999168

/include164

/portal161

/back/ticket161

/oa159

/Gmis/Byyxwgl158

/home156

/data155

/src/system148

/WEB-INF141

/main140

/Chinese134

/order132

/gov/services132

/wap131

/console130

/app130

/is129

/Web127

/resin-doc/resource/tutorial/jndi-appconfig126

/seeyon124

/config123

/images121

/download120

/view118

/public117

/product117

/model/TwoGradePage117

/knowledge/ClassShow115

/en114

/zecmd114

/m114

/soap/envelope112

/about111

/install110

/tushu107

/ckq107

/poweb106

/tips105

/resin-doc/viewfile104

/www104

/console/login103

/html103

/bbs/topic103

/data/admin103

/wscgs102

/sys102

/test99

/list99

/v_show98

/p97

/fckeditor/editor/filemanager/browser/default97

/User96

/uc_server96

//plus96

/site95

/detail95

/index.php94

get参数Top100

因为无法通过自动化程序把存在漏洞的参数提取出来,所以只是暴力的把所有url的参数都提取了出来,所以这些top参数不一定有代表性,但作为字典应该是不错的。

参数出现次数

id6845

action1643

type1503

m1013

a992

c855

act829

page813

uid616

url585

method545

cid545

ID528

mod521

aid490

keyword474

key449

t449

q444

callback427

sid426

s421

name407

tid399

pid392

code354

r316

p307

file301

Type294

do294

redirect292

username291

_278

op259

filename252

path251

from230

classid227

f222

fid221

app213

cmd213

typeid203

_FILES201

ac194

title192

fileName191

userid190

v189

flag176

catid170

Connector166

bid158

order150

wd150

mid150

lang145

nid143

city142

CurrentFolder139

newsid138

Command137

password131

d128

source127

sort126

user125

token122

module120

class118

userId115

dir113

ie111

Id108

pwd107

num106

email103

appid102

u102

mobile102

i102

keywords100

version100

status99

gid99

typeArr96

g96

service95

o95

ArticleID94

query94

filePath94

orderId94

redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D93

category92

word92

user_id92

k91

channel90

post参数Top100

参数出现次数password457

__VIEWSTATE430

__EVENTVALIDATION315

username313

__EVENTTARGET210

__EVENTARGUMENT210

type145

name113

id111

Submit109

__VIEWSTATEGENERATOR103

action98

email97

mobile87

page86

submit85

pwd67

uid66

act64

phone59

code54

userName54

keyword52

__LASTFOCUS50

city50

47

userid47

content43

account42

y42

address41

x41

UserName40

title39

button39

token38

Password37

Button137

passwd37

province36

tel36

sex35

pageSize33

txtPassword29

userId29

version29

txtUserName29

url28

sort28

key27

ImageButton1.y27

ImageButton1.x27

user27

pageNo25

method25

status24

login22

sid22

channel22

qq21

flag21

TextBox120

btnSearch20

pass20

user_id20

domain20

rows20

?>19

from19

sign19

uname19

order19

txtPwd19

pid18

btnLogin18

pageIndex18

search18

keywords18

loginName18

lang17

user_name17

timestamp17

imei17

PassWord17

captcha16

number16

language16

B116

appid16

area15

hash15

}15

(b)((‘\43context[\’xwork.MethodAccessor.denyMethodExecution\’]\75false’)(b))14

(‘\43c’)((‘\43_memberAccess.excludeProperties\14

imageField.y14

imageField.x14

limit14

loginname14

txtName14

cmd14

Cookie参数Top100

参数出现次数__utma226

__utmz221

__utmc169

__utmb142

HMACCOUNT126

bdshare_firstime100

pgv_pvi99

_ga91

BAIDUID80

__utmt71

pgv_si69

AJSTAToktimes56

ci_session55

_gat49

uid37

CheckCode33

safedog-flow-item33

SERVERID31

lzstat_uv27

username23

IESESSION23

vjuids23

ECS_ID22

ECS[display]21

ECS[history]21

AJSTATokpages21

ECS[visit_times]18

pgv_pvid18

SUV18

vjlast18

city17

iweb_hisgoods[15]16

IPLOC15

cck_count15

cck_lasttime15

lvsessionid14

LXB_REFER14

iweb_hisgoods[26]13

cookie13

CoreID613

NTKFT2DCLIENTID13

userName12

loginName12

BAIDUDUPlcr12

td_cookie12

ECSCP_ID12

_jzqx12

userid12

hd_sid11

real_ipd11

password11

route11

vary11

nTalkCACHEDATA11

token11

WT_FPC10

ADMINCONSOLESESSION10

pgv_info10

nickname10

guid10

jiathis_rdc10

HMVT10

tma10

tmd10

s10

S[CARTTOTALPRICE]10

S[CART_COUNT]10

S[CART_NUMBER]10

sessionid10

_jzqa10

looyu_id10

dyh_lastactivity9

SESSIONID9

s_cc9

s_sq9

.ASPXAUTH9

DedeUserID9

DedeUserID__ckMd59

sid9

user9

clientlanguage9

_jzqc9

lang9

wordpresstestcookie8

_qcwId8

language8

hasshown8

cityid8

myie8

s_nr8

__RequestVerificationToken8

…8

DedeUsername8

DedeUsername__ckMd58

loginState8

ip_ck8

vn8

lv8

pageReferrInSession8

__cfduid8

weixin_39549312
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
bbs index.php最新ip,index.php
weixin_42540248的博客
03-27 1425
/** Copyright (C) xiuno.com*///xhprof_enable();//$_SERVER['REQUEST_URI'] = '/?user-login.htm';//$_SERVER['REQUEST_METHOD'] = 'POST';//$_SERVER['HTTP_X_REQUESTED_WITH'] = 'xmlhttprequest';//$_COOKIE['b...
Burpsuite插件WooyunSearch使用方法 1
08-03
Burpsuite 插件WooyunSearch 使用方法WooyunSearch 介绍项目地址:https://github.com/boy-hack/w
Discuz的forum_index.php文件的分析
zhulizhen的专栏
05-09 1万+
/**  *      [Discuz!] (C)2001-2099 Comsenz Inc.  *      This is NOT a freeware, use is subject to license terms  *  *      $Id: forum_index.php 29580 2012-04-20 02:53:59Z svn_project_zhangjie $  
乌云漏洞在线/漏洞学习的“笨“方法_0基础网络安全自学
最新发布
程序员六七的博客
06-25 251
本篇文章将介绍一个不太需要动脑筋但是需要长久养成习惯的漏洞学习方法
【discuzx2】forum_index.php文件中$forums = Ct('forum_forum')-fetch_all_by_status(1)
PHP在线开发笔记
10-16 6258
1、forum_index.php文件中 //通过状态值查询所有开启的版块或分区,可查看桌面 $forums = C::t('forum_forum')->fetch_all_by_status(1); echo ""; print_r($forums); 2、对应板块表 pre_forum_forum 中的记录 //输出结果 Array ( [0] => Array
php漏洞 乌云,GitHub - grt1st/wooyun_search: 乌云公开漏洞、知识搜索 search from wooyun.org...
weixin_35917339的博客
04-13 588
wooyun_search乌云公开漏洞、知识搜索0x00.介绍灵感来源于hanc00l的github项目wooyun_publicwooyun_public基于flask或者tornado,而本项目可以布置在apache、nginx等web服务器上。如果你有wooyun的静态网页数据,那么我们可以开始了!整个项目包括两个部分,第一部分是索引,将网页信息存储进数据;第二部分是搜索,从数据中查找...
BurpSuite使用的插件HaE-2.6.1.jar
05-01
BurpSuite上使用的插件HaE-2.6.1.jar Extensions->Installed->Add->Extension details->Select file,选择路径下的此文件
FastjsonScan.jar 用于burp插件,扫描Fastjson漏洞
07-05
burp插件
burp 日志插件burplogger++.jar」从原理到实践-信安之路1
08-03
切换到 src/main/java/loggerplusplus/LoggerPlusPlus.javasrc/main/java/loggerplusplus
BurpSuite2.1.06.zip
12-22
Burp Suite是一个集成化的渗透测试工具,它集合了多种渗透测试组件,使我们自动化地或手工地能更好的完成对web应用的渗透测试和攻击。 Burp Suite是由Java语言编写而成,而Java自身的跨平台性,使得软件的学习和使用...
38.161.174/forum/index.php,index.php · xxswlwebsit/yishengdao.net - Gitee.com
weixin_39676242的博客
03-27 4464
/*PHP version 5Copyright (c) 2002-2014 ECISP.CN、EarcLink.COM警告:这不是一个免费的软件,请在许可范围内使用,请尊重知识产权,侵权必究,举报有奖作者:黄祥云 E-mail:6326420@qq.com QQ:6326420 TEL:18665655030ESPCMS官网介绍:http://www.ecisp.cn企业建站:http://w...
怎么去掉index.php,怎么去掉后面的bbs/index.php
weixin_42508114的博客
03-10 799
FlashFXP v3.4.1 build 1154 [BETA]心海e站 http://www.hrtsea.comWinSock 2.0 -- OpenSSL 0.9.8b 04 May 2006[左] 正在连接到 酷龙 -> IP=72.232.181.117 PORT=21[左] 已连接到 酷龙[左] 220---------- Welcome to Pure-FTPd ------...
http://bbs.ce.cn/bbs/index.php,盒子论坛
weixin_28728279的博客
03-22 715
47楼:RADStudio10.2.3TokyoCommunityEdition,build3231-onlyyouisbegginingandwanttoknowaboutDelphiorCBuilderlanguage-onlyyoudontneedanyRemoteDatabaseService(onlyLocalDatabase...
67.220.90.12/bbs/index.php,对乌云漏洞的分析.md
weixin_42366533的博客
03-10 9024
漏洞都是相似的,但挖洞姿势却各有各的不同。最近收集了很多src的资产域名,正在琢磨怎么用自动化扫描器来扫描,于是有了这个想法。乌云漏洞有很多样本案例,网络上好像还没有人公开整理过乌云漏洞中的payload,所以来分析一下吸取乌云前辈们的经验吧。过程过程很容易,爬取了乌云镜像,并将所有出现过的漏洞链接存储起来。但网页中展示的格式都不太一致,在通过手工测试三四十个样本后,才终于将提取规则完善。存...
http 162.252.9.16forumindex.php,68.168.16.153 forum index.php怎么打不开
weixin_33871933的博客
03-17 1929
需要安装的 ,运行一下:68.168.16.153/forum/load.PHP或者其他的,具体后面的load.php是什么名字取决于你的源码。更多问题到问题求助专区http://bbs.houdunwang.com/具体代码如下:$ch = curl_init();$timeout = 5;curl_setopt ($ch, CURLOPT_URL, '');curl_setopt ($ch, ...
67.220.92.12 /forum index.php,http://67.220.92.21/forum/inde PHP静态类
weixin_30338049的博客
03-09 6595
复制代码 代码如下:{if($pathArr[$i]=="")continue;elseif(is_dir($currentPath . "/" . $pathArr[$i]))$currentPath = $currentPath . "/" . $pathArr[$i];elsemkdir($currentPath = $currentPath . "/" . $pathArr[$i]);}}...
http://bbs.langsin.com/index.php?fromuid=48024
09-19 1041
http://bbs.langsin.com/index.php?fromuid=48024         浪曦视频在线!  http://bbs.langsin.com/index.php?fromuid=48024
67.220.90.4 forum index.php,http://67.220.92.14/forum/inde PHP注释实例技巧
热门推荐
weixin_42263617的博客
03-10 2万+
复制代码 代码如下:$a = 1;$b = 2;if (1==1) {$andy = ‘帅哥’;}?>一般注释的时候,用复制代码 代码如下:/*$a = 1;$b = 2;*/if (1==1) {$andy = ‘帅哥’;}?>调程序的时候,老要把后面的*/拿到前面去,很麻烦复制代码 代码如下:/**/$a = 1;$b = 2;if (1==1) {$andy = ‘帅哥’;}?&...
67.220.90.13/forum/index.php,CDC - Preventing Chronic Disease: Volume 9, 2012: 11_0298
weixin_32081489的博客
03-19 3490
INVESTIGACIÓN ORIGINALOportunidades desaprovechadas para el diagnóstico y tratamiento de diabetes, hipertensión e hipercolesterolemia en una población mexicoamericana, Cohorte Hispana del Condado de C...
java -jar /opt/burpsuite.jar
12-07
java -noverify -Xbootclasspath/p:/opt/Burpsuite/burp-loader-keygen-2.jar -jar /opt/Burpsuite/burpsuite_pro_v2.1.jar ``` 请注意,这里的路径应该根据你的实际情况进行更改。如果你遇到了java.lang....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值