1.测试test.php info.php php_info.php phpinfo.php
' Y2 z# ^$ l$ ]$ b; s9 M) e: e* `
$ i& Y. ?) k3 U& }$ {- Q0 e2.扫描看有没有fck编辑器,如果有就用fckeditor\editor\dialog\fck_spellerpages\spellerpages\server-scripts\spellchecker.php爆. I u1 ~1 N7 B+ _
+ _/ c# `0 Q8 U2 [
3.看看有没有phpmyadmin或者phpMyAdmin利用phpMyAdmin/libraries/select_lang.lib.php$ F9 J! ?5 X2 I" R# ~, R5 H
phpMyAdmin/darkblue_orange/layout.inc.php
, E: R2 x+ h7 o& ~- d" sphpMyAdmin/index.php?lang[]=1
; e. A: m* k% s# F/ ?/ N9 M6 n" b) mphpmyadmin/themes/darkblue_orange/layout.inc.php( S# y$ v1 G& g+ i
4.利用搜索引擎爆绝对路径
$ M& w$ e7 n8 tsite:www.huangse.com Warning
. `! s0 D) ]; usite:www.huangse.com inurl:Warning
" @* H$ V! s2 ~9 ^
2 H' K3 ], Q& Z等以后慢慢往上补吧,利用单引号的方法俺就不说了。。。5 \& S7 z% D2 E" M
|