I did not know where I saw an article yesterday (probably on the Phantom brigade or a BLOG of a security enthusiast). I said that I used the file name to download the database, it seems like adding "%" to the file name, so IE will request a non-existent file. The idea is quite good.
I remember that I first made an animation for downloading the ACCESS database in Xiaofeng. One of them used % 23 encoding to bypass # file name, for example, our request
When target.net/data/mongodata.mdb, you can use www.target.net/data/mongo23data.mdb.
In this way, IE can be downloaded.
So someone came up with another trick: they built the file like this: % 23mdb. mdb. Note that the file name here is % 23, not encoded.
In this way, a problem occurs here. When we request % 23mdb in IE. when mdb is used, IE actually submits the request # mdb. mdb cleverly bypasses the download. haha. what I want to say is, sorry, bro: Your method is actually smart.
In fact, at the beginning, I also thought about using this method. Later someone added me QQ to discuss it with me and used this method. Then lcx, yu Feng, whoever asked this. in fact, I think the question should be that I didn't know how to download the database using encoding. Actually, everyone knows that % is also a character. Of course, IE will also have encoding, so when the database name becomes % 23mdb. in mdb, we only need to submit % 2523mdb. mdb can also be downloaded home. this is the perfect use of coding.
I used this method a few days ago during penetration. I think it's really funny. After I used the % 5C Error Path of lcx to get the database, he actually used % 23% 23% 23kanninengxiazaibu. asp as a database ~~ I fainted on the spot. for convenience, I used FLASHGET to directly download it. because FLASHGET will convert the IE encoding, % is % 25, # Is % 23, of course, other things in the seven miles will also be converted ~ Haha... Get it done ~
After talking a lot, I found out: Kao ~ It's about 8 o'clock. I have an appointment with a friend to play the street ball. Let's go first.