一、信息收集打开靶场,发现页面源码。if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; } if(!isset($_GET['host'])) { highlight_file(__FILE__); } else { $host = $_GET['host']; echo $host."<br />"; $host = escapeshellarg($host); echo $host."<br />"; $host = escapeshellcmd($host); echo $host."<br />"; $sandbox = md5("glzjin". $_SERVER['REMOTE_ADDR']); echo 'you ar
Equinox
一个乐于分享的网安人