验证Web服务器中的路径遍历漏洞 [英] Verify path traversal vulnerability in web server
问题描述
我想验证我的Web应用程序没有路径遍历漏洞.
I want to verify that my web application does not have a path traversal vulnerability.
我正试图为此使用curl
,
$ curl -v http://www.example.com/directory/../
我希望对/directory/../
URL显式发出HTTP请求,以测试涉及代理的特定nginx规则不易受到路径遍历的影响.即,我希望发送此HTTP请求:
I would like the HTTP request to be explicitly made to the /directory/../
URL, to test that a specific nginx rule involving proxy is not vulnerable to path traversal. I.e., I would like this HTTP request to be sent:
> GET /directory/../ HTTP/1.1
但是curl
正在重写有关/
URL的请求,如输出所示:
But curl
is rewriting the request as to the /
URL, as can be seen in the output:
* Rebuilt URL to: http://www.example.com/
(...)
> GET / HTTP/1.1
是否可以使用curl
进行此测试,强制其在请求中传递确切的URL?如果没有,什么合适的方法呢?
Is it possible to use curl
for this test, forcing it to pass the exact URL in the request? If not, what would be an appropriate way?
推荐答案
您要查找的curl标志是curl --path-as-is
.
The curl flag you are looking for is curl --path-as-is
.
这篇关于验证Web服务器中的路径遍历漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!