如何使用 BurpSuite 破解这个 URL?

编程问答 2022-05-22

问题描述

该网站显示的是活跃用户列表,仅此而已。目标是编辑标题以包含一些 bash 命令注入以破解站点,这将为下一个站点提供 URL,以便尝试破解安全测试课程。

URL 有两个 GET 请求,一个是在页面加载时 (1),另一个是在网站“检查用户”时 (2)

这是 GET 请求 (2):

GET /ekohshahrabohpha/cgi-bin/users.PHP HTTP/1.1
Host: 134.219.148.11:61166
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.4.4 (KHTML,like Gecko) Version/9.0.3 Safari/601.4.4
Accept-Language: en-us
Referer: http://134.219.148.11:61166/ekohshahrabohpha/
Accept-Encoding: gzip,deflate

这是标题 (1):

GET /ekohshahrabohpha/ HTTP/1.1
Host 134.219.148.11:61166
Accept-Encoding gzip,deflate
User-Agent Mozilla/5.0(Macintosh; Intel Mac OS X ... )
Accept-Language en-us
Cache-Control max-age=0
Connection close

页面代码

<!DOCTYPE html>
<html lang="en">
  <head>
    <Meta charset="utf-8">
    <Meta name="viewport" content="width=device-width,initial-scale=1.0">
    <title>Level 2</title>
    <link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" rel="stylesheet">
    <link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-theme.min.css" rel="stylesheet">
    <link href="site.css" rel="stylesheet">
  </head>

<body>
  <div class="container">
    <div class="page-header">
      <h1>Level 2</h1>
      <p class="lead">
        <h2>Active Users</h2>
      </p>
    </div>


    <div id="userlist">
      <pre>Checking for users...</pre>
    </div>
  </div>
<script language="JavaScript">
var HTTP_Request = false;

  function getusers() {
    if (window.XMLHttpRequest) { // non IE
      HTTP_Request = new XMLHttpRequest();
    }
    else if (window.ActiveXObject) { //
      try {
        HTTP_Request = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (error) {}
    }
    if (!HTTP_Request) {
      alert('Cannot create XML HTTP instance');
      return false;
    }

    HTTP_Request.onreadystatechange = stateManager;
    var myurl = "cgi-bin/users.PHP";
    var f = document.getElementById("filter");
    if (f != null) {
      if (f.value != '') {
        myurl = myurl + "?filter=" +  f.value;
      }
    }
    HTTP_Request.open("GET",myurl,true);
    HTTP_Request.send(null);
  }

  function stateManager() {
    if (HTTP_Request.readyState == 4) {
      if (HTTP_Request.status == 200) {
        updatepage(HTTP_Request.responseText);
      } else {
        alert('There was a problem with the request.');
      }
    }
  }

  function updatepage(str) {
    document.getElementById("userlist").innerHTML = str;
  }

  setTimeout("getusers()",5000);
</script>
</body>
</html>

我尝试在 GET 请求 (2) 之后使用 bash 命令添加 ?filter= ,但它没有做任何事情。想知道我可以添加什么来破解页面

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

gethttp-headersjavascript