原理:
https://i.blackhat.com/USA-19/Thursday/us-19-Birch-HostSplit-Exploitable-Antipatterns-In-Unicode-Normalization.pdf
当传入的url为http://evil.c℀.com在经过上述处理过后便成为了http://evil.ca/c.com
于是便可以构造payload:
file://suctf.c℆sr/local/nginx/conf/nginx.conf
最后会被解析为:
file://suctf.cc/usr/local/nginx/conf/nginx.conf
若有收获,就点个赞吧
0 人点赞
