80,81,82,8080,8081,8001,8008,8088,8089,8090,8800,8085,9060,9061,9062,9063,8090,7001,7002,7003,9001,9002,9003,9000,86,9080,8081,6060,7070,6001,8101,9090,8018,9060,8011,8028,8002,8443,443,1521,3306,1433,21,22,23,25,3389,4899,5800,5900,139,110,513,514,554,445,10000,10001,10002,7060,7080,7081,7071,7072,9091,9092,9080,5050,5051,5052,5080,9064,7007,9300,6002,8080,8081,8082,8443,2915,2916,8446,7080,5080,4080,6080,9005,5005,9001,7001,6001,5001,5988,6987,32817,32829,32828,32804,32826,9043,5335,32769,111,110,32794,32782,32791,32773,32779,9510,6181,6001,6181,6988,5989,3661,8182,8009,8099,8086,9008,9006,9065,9066,86,83,84,85,6002,6003,8094,9005,9090,9006,9002,9001,9003,9004,9510,8888,9610,9052,9183,6200,7500,7600,7756,1920,90,873,1919,3361,9070,8070,7080,7090,6090,6080,8060,8000,8321,5011,5012,5013,5001,5002,5003,6001,6002,6003,8002,8003,8001,9001,9002,9003,9060,9070,9080,9010,9050,9495,9027,9023,9030,9016,9017,9090,8543,7001,7002,7003,7004,7005,7006,7007,7008,7009,1920,9876,9994,9995,9996,9997,9998,9999,7182,7185,9000,50075,8480,8042,25000,25010,25020,50070,8091,8084,9045,8086,8087,7180,8445,8444,47001,7705,7706,9081,8446,8447,7777,2915,2916,8083,873,1920,38334,39325,53260,58215,53849,48758,46097,51267,53849,39262,44963,48758,56471,47001...1) 路径,有的时候,直接以“协议+ip+端口”方式访问时候,是404等错误,但是我们需要尝试加一些路径【常见路径见2.2】,中间件与应用的常见路径如下:
A:直接访问是404错误,但是泄露了这个是东方通...再入以下resin的文件读取漏洞为例:
A:直接访问是404错误
?
B:加上resin-doc路径,发现路径存在:
?
C:访问resin的任意文件读取漏洞的URL
?