upload
通过 dirsearch 可以发现源码泄露,下载下来审计。
1
2
3
4
5
6
7
8
9
10
11
| ➜ dirsearch git:(master) ./dirsearch.py -u 'http://117.78.28.89:31378' -e '*'
[22:03:46] 200 - 1KB - /favicon.ico
[22:03:51] 302 - 0B - /home.html -> http://117.78.28.89:31378/index.php/index
[22:03:51] 302 - 0B - /Home -> http://117.78.28.89:31378/index.php/index
[22:03:51] 302 - 0B - /home -> http://117.78.28.89:31378/index.php/index
[22:04:00] 302 - 0B - /logout -> http://117.78.28.89:31378/index.php/index
[22:04:19] 200 - 24B - /robots.txt
[22:04:26] 301 - 322B - /static -> http://117.78.28.89:31378/static/
[22:04:33] 301 - 322B - /upload -> http://117.78.28.89:31378/upload/
[22:04:33] 200 - 1KB - /upload/
[22:05:06] 200 - 24MB - /www.tar.gz
|
