【漏洞赏金渗透课程】如何快速找到文件上传支持的扩展名?
作者:FancyPig | 发布时间: | 更新时间:
相关阅读
data-postsbox="{"id":25119,"title":"【漏洞赏金渗透课程】Api接口渗透测试、Fuzz技巧分享","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221022045345855.png","cover_video":"","views":4195,"comment_count":6,"category":"knowledge","is_forum_post":false}">{"id":25119,"title":"【漏洞赏金渗透课程】Api接口渗透测试、Fuzz技巧分享","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2022/10/20221022045345855.png","cover_video":"","views":4195,"comment_count":6,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":210,"title":"ffuf安装与使用教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4459,"comment_count":1,"category":"cybersecurity","is_forum_post":false}">{"id":210,"title":"ffuf安装与使用教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4459,"comment_count":1,"category":"cybersecurity","is_forum_post":false}
data-postsbox="{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}">{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}
视频讲解
在文件上传漏洞中,我们通常需要快速找到支持的文件扩展名,如何通过ffuf的模糊测试快速发现呢?本期视频将大家快速上手
相关命令
我们首先需要使用BurpSuite将抓包的上传文件请求导出,存为譬如fuzz.txt的文件
然后,我们就可以对其中要进行模糊测试的内容,修改为FUZZ关键词
也就是后面我们跑的字典实际上会替换这里的FUZZ
接下来我们只需要FUZZ关键词,使用字典跑一下就好了
- 对应的字典文件,视频演示使用的您可以👉点这里访问 您也可以自己准备对应的文件后缀名称字典
ffuf -request fuzz.txt -request-proto http -w /opt/SecLists/Fuzzing/extensions-most-common.fuzz.txt之后我们可以看到相应的结果,主要区别就是Size即响应的大小,这里有1115和1110两种,你可以通过手动尝试的方式来验证哪一种文件类型是被允许的,这里可以明显看出响应大小为1110是被允许的文件扩展名
我们可以重新优化一下ffuf的命令
ffuf -request fuzz.txt -request-proto http -w /opt/SecLists/Fuzzing/extensions-most-common.fuzz.txt -ms 1110这样就只显示可以支持的扩展名了,是不是非常简单实用呢?
