0 x01 preface:
Web development for control packets before and after the end, a verification mechanism, and a variety of tag attributes of some filter such as space,/number filter can effectively prevent XSS,
0 x002 information collection
First enter the home page found is static standeth don't want to inject, collected some information, (webmaster tools)
Server type: nginx
Page type: text/HTML
Subdomain article 80
The micro CMS
Just a simple phone preliminary information gathering, I am also a younger brother, don't spray.
The micro cms2018 years broke in the config. PHP is injected, but don't even think about the target. (CNVD or seebug can query holes),
0 x003 penetration test
The subdomain of the problem, so I began to use the bing search engine to search the following
Open search to a login interface, decisive, appeared the following
the condition of theDoes this look familiar, but because of I phone who don't try into the bag, but found that it won't work 502 bad request to change the train of thought, I hold the mood of go home, to the weak passwords, not for the first time, second, third I cleaned the success, to laugh to smoke,
Enter the system and found no ah, there is only one search module, there is no effect, see will soon finished,? Out? Of??????? (probably abandoned already), but here also can't give up, I think calmly, open source code found below js new world for me!!
The nima isn't dead?? Decisive visited corresponding/gwork/websitesetup/spelfile. Aspx
Ha ha ha ha ha ha to paradise place!!
The nima didn't have to say!!
0 x003 summary
From every kind of thinking is of actual combat experience, to cheer, to the next level, we only have a broader attack surface, in order to have a high success rate, I was cooking chicken, bosses do not spray, a few friends to make holes statistics and BBS of actual combat experience, hope everybody don't spray can support a lot,
The comrades writing before and after the end, the same system can control well hidden,
-- -- -- -- -- Mr_python