Chi tiết:
http://www.bright-shadows.net/tutorials/tbs_wiwa.txt
http://www.bright-shadows.net/tutorials/tbs_wiwa.txt
- Code:
#- Introduction
#- General - Collecting Information
- Google
#- Viewing the Source of a Web Page
#- Editing of Source Code
#- JavaScript Inline Debugger
#- Directory Listing/Index Browsing
#- robots.txt
#- Reverse Directory Transversal
#- Information Storage In Files
#- Header Based Exploitation
#- X-Forwarded-For: IP-Spoofing
#- Mime Type Spoofing
#- CRLF-Injection
#- Global Variables
#- Remote Files
#- Library Files
#- Session Files
#- NULL Byte
#- SQL-Injection
#- Cross Site Scripting
#- Cross-Site Request Forgeries (CSRF)
#- Session Fixation
#- Loose Typing And Associative Arrays
#- Interesting PHP Functions
- ereg()
- file()
- file_get_contents()
- fopen()
- include()
- include_once()
- is_dir()
- is_file()
- phpinfo()
- readfile()
- require()
- require_once()
- touch()
- unlink()
#- PHP vulnerabilities
- copy (4.4.2, 5.1.2 and prior - Safe Mode Bypass)
- error_log (4.4.2 and prior, 5.1.4 and prior - Safe Mode Bypass)
- phpinfo (4.4.2, 5.1.2 and prior - Cross Site Scripting)
(4.4.0 and prior - Cross Site Scripting)
(4.4.0, 5.0.5 and prior - Cross Site Scripting)
#- Apache - Unknown Mime Type Trouble
#- Interesting Files
#- Useful Commands
#- HTTP Error Codes
#- Execution Of Shell Commands
#- Protecting PHP
#- Web bugs
#- Faking Cookies
#- Getting the source code of ".swf" Flash files
#- Getting the source code of ".class"/".jar" Java applet files
#- Passwords (guessing, brute force, dictionary attack)
#- Tools
- CGIProxy
- Proxomitron
#- Buffer Overflow
#- Format String
#- Heap Overflow
#- Integer Overflow
#- Other interesting tutorials you should read
#- Thx!
#- History