1. 各个平台解析漏洞讲解IIS,Apache , Nginx
  2. 各个cMS文件上传简要讲解
  3. wordpress, phpcms

apache解析漏洞

环境搭建:https://vulhub.org/#/environments/httpd/apache_parsing_vulnerability/

  1. jiang@ubuntu:/opt/vulhub/vulhub-master/httpd/apache_parsing_vulnerability$ docker-compose up -d
  2. /home/jiang/.local/lib/python2.7/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  3.   from cryptography.hazmat.backends import default_backend
  4. Starting apache_parsing_vulnerability_apache_1 ... done

编辑器安全 - 图1

编辑器安全 - 图2

常见的编辑器

  1. fckeditor        exp
  2. ueditor         漏洞利用

在网上找fckeditor漏洞
inurl:fckeditor site:edu.cn
https://blog.csdn.net/eldn__/article/details/9197521

几种常见CMS文件上传简要演示

  1. 通达oA系统
  2. https://pan.baidu.com/s/15gcdBuOFrN1F9xVN7Q7GSA 密码enqx

https://www.cnblogs.com/twlr/p/12989951.html

贴近实际应用下的以上知识点演示

  1. 判断中间件平台,编辑器类型或CMS名称进行测试