Web常用的绝对路径收集

常用的绝对路径收集

欢迎进群交流: 363034250

Linux

绝对路径	描述
/etc/httpd/conf/httpd.conf	查看linux apache虚拟主机配置文件
/usr/local/apche/conf/httpd.conf	查看linux apache虚拟主机配置文件
/usr/local/resin/conf/resin.conf	查看linux系统配置的JSP虚拟主机
/usr/local/resin-3.0.22/conf/resin.conf	针对3.0.22的RESIN配置文件查看
/usr/local/resin-pro-3.0.22/conf/resin.conf	针对3.0.22的RESIN配置文件查看
/usr/local/app/apache2/conf/extra/httpd-vhosts.conf	apache虚拟主机配置
/etc/sysconfig/iptables	查看防火墙策略
/usr/local/app/php5/lib/php.ini	php相关配置
/etc/redhat-release	红帽子的系统版本
/etc/sysconfig/network-scripts/ifcfg-eth0	查看IP

Windows

绝对路径	描述
c:/Program Files/Apache Group/Apacheconf/httpd.conf	查看WINDOWS系统apache文件
C:/apacheconf/httpd.conf	查看WINDOWS系统apache文件
c:/Resin-3.0.14/conf/resin.conf	查看jsp开发的网站 resin文件配置信息
c:/Resin/conf/resin.conf	查看jsp开发的网站 resin文件配置信息
d:/APACHE/Apache2/conf/httpd.conf	查看WINDOWS系统apache文件
C:/Program Files/mysql/my.ini	mysql配置文件
c:/windows/system32/inetsrv/MetaBase.xml	查看IIS的虚拟主机配置文件
C:/mysql/data/mysql/user.MYD	mysql的用户密码
C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere*.cif	存储了pcAnywhere的登陆密码
c:/boot.ini	查看系统版本

以下是常见CMS的绝对路径

DeDeCms

/member/templets/menulit.php
/plus/paycenter/alipay/return_url.php
/plus/paycenter/cbpayment/autoreceive.php
/paycenter/nps/config_pay_nps.php
/plus/task/dede-maketimehtml.php
/plus/task/dede-optimize-table.php
/plus/task/dede-upcache.php

WordPress

/wp-admin/includes/file.php
/wp-content/themes/baiaogu-seo/footer.php

Ecshop

/api/cron.php
/wap/goods.php
/temp/compiled/ur_here.lbi.php
/temp/compiled/pages.lbi.php
/temp/compiled/user_transaction.dwt.php
/temp/compiled/history.lbi.php
/temp/compiled/page_footer.lbi.php
/temp/compiled/goods.dwt.php
/temp/compiled/user_clips.dwt.php
/temp/compiled/goods_article.lbi.php
/temp/compiled/comments_list.lbi.php
/temp/compiled/recommend_promotion.lbi.php
/temp/compiled/search.dwt.php
/temp/compiled/category_tree.lbi.php
/temp/compiled/user_passport.dwt.php
/temp/compiled/promotion_info.lbi.php
/temp/compiled/user_menu.lbi.php
/temp/compiled/message.dwt.php
/temp/compiled/admin/pagefooter.htm.php
/temp/compiled/admin/page.htm.php
/temp/compiled/admin/start.htm.php
/temp/compiled/admin/goods_search.htm.php
/temp/compiled/admin/index.htm.php
/temp/compiled/admin/order_list.htm.php
/temp/compiled/admin/menu.htm.php
/temp/compiled/admin/login.htm.php
/temp/compiled/admin/message.htm.php
/temp/compiled/admin/goods_list.htm.php
/temp/compiled/admin/pageheader.htm.php
/temp/compiled/admin/top.htm.php
/temp/compiled/top10.lbi.php
/temp/compiled/member_info.lbi.php
/temp/compiled/bought_goods.lbi.php
/temp/compiled/goods_related.lbi.php
/temp/compiled/page_header.lbi.php
/temp/compiled/goods_script.html.php
/temp/compiled/index.dwt.php
/temp/compiled/goods_fittings.lbi.php
/temp/compiled/myship.dwt.php
/temp/compiled/brands.lbi.php
/temp/compiled/help.lbi.php
/temp/compiled/goods_gallery.lbi.php
/temp/compiled/comments.lbi.php
/temp/compiled/myship.lbi.php
/includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
/includes/modules/cron/auto_manage.php
/includes/modules/cron/ipdel.php

通过访问这些路径,可以获得绝对路径:

图1 – 获取到绝对路径

Ucenter

/ucenter/control/admin/db.php

DZbbs

/manyou/admincp.php?my_suffix=%0A%0DTOBY57

Z-blog

/admin/FCKeditor/editor/dialog/fck%5Fspellerpages/spellerpages/server%2Dscripts/spellchecker.php

Php168

/admin/inc/hack/count.php?job=list

/admin/inc/hack/search.php?job=getcode

/admin/inc/ajax/bencandy.php?job=do

/cache/MysqlTime.txt

/PHPcms2008-sp4

CMSeasy

/lib/mods/celive/menu_top.php
/lib/default/ballot_act.php
/lib/default/special_act.php

参考链接

https://www.exehack.net/5155.html