Collection of PHP absolute paths

Original Author: MrBig
1. Single quotes
 
Note:
 
Add single quotation marks directly behind the URL. The single quotation marks must not be filtered (gpc = off) and the server returns an error message by default.
 
Eg:
 
Www.2cto.com/news.php? Id = 149
 
 
 
 
2. Path of incorrect parameter values
 
Note:
 
Change the parameter value to be submitted to an error value, for example,-1. Try to filter out single quotes.
 
Eg:
 
Www.2cto.com/researcharchive.php? Id =-1
 
 

 
 
 
3. Google's explosive path
 
Note:
 
Search for the webpage snapshot of the error page by combining the keyword and site syntax. Common keywords include warning and fatal error. Note: If the target site is a second-level domain name, the site is connected to its corresponding top-level domain name, resulting in much more information.
 
 
Eg:
 
Site: xxx.edu.tw warning
 
Site: www.2cto.com "fatal error"

 
 
 
 
 
 
4. Test File explosion path
 
Note:
 
Many websites have test files in the root directory, and the script code is usually phpinfo ().
 
Eg:
 
Www.2cto.com/test.php
 
Www.2cto.com/ceshi.php
 
Www.2cto.com/info.php
 
Www.2cto.com/phpinfo.php
 
Www.2cto.com/php_info.php
 
Www.2cto.com/1.php
 
 
 

 
 
 
5. phpmyadmin burst path
 
Note:
 
Once you find the phpmyadmin Management page and access some specific files in the directory, the physical path may pop up. For phpmyadmin addresses, you can use tools such as wwwscan or google. PS: Some BT websites are written as phpMyAdmin.
 
Eg:
 
Www.2cto.com/phpmyadmin/themes/darkblue_orange/layout.inc.php
 
Www.2cto.com/phpmyadmin/libraries/select_lang.lib.php
 
Www.2cto.com/phpmyadmin/index.php? Lang [] = 1
 
 
 
 
 
 
 
 
 
 
6. Find the path of the configuration file
 
Note:
 
If the injection point has the file read permission, you can manually load_file or the tool to read the configuration file, and then find the path information (usually at the end of the file ). The default paths of Web servers and PHP configuration files on various platforms can be checked online.
 
Eg:
 
Windows:
 
C: windowsphp. ini php configuration file
 
C: windowssystem32inetsrvMetaBase. xml IIS Virtual Host Configuration File
 
Linux:
/Etc/php. ini php configuration file
 
/Etc/httpd/conf. d/php. conf
/Etc/httpd/conf/httpd. conf Apache configuration file
/Usr/local/apache/conf/httpd. conf
 
/Usr/local/apache2/conf/httpd. conf
 
/Usr/local/apache/conf/extra/httpd-vhosts.conf virtual directory configuration file
 
 

 
 
 
7. nginx file type error parsing burst path
 
Note:
 
This was accidentally discovered yesterday. Of course, the Web server is required to be nginx and there is a file type Parsing Vulnerability. Sometimes/x. php is added after the image address. This image will not only be executed as a php file, but may also expose the physical path.
 
Eg:
 

 
 
 
 
 
 
 
 
8. Others
 
Others are full-Site program brute-force path vulnerabilities such as dedecms and phpwind, which are complicated and less universal.