二次
url
%25%34%37%25%34%35%25%35%34%25%32%30%25%32%66%25%36%37%25%36%35%25%37%34%25%32%6
5%25%37%30%25%36%38%25%37%30%25%33%66%25%36%31%25%33%64%25%33%31%25%33%32%25%33%
33%25%33%34%25%33%34%25%33%34%25%33%35%25%33%35%25%33%35%25%33%35%25%33%35%25%33
%35%25%33%35%25%33%35%25%33%35%25%33%35%25%33%35%25%33%35%25%33%35%25%32%30%25%3
4%38%25%35%34%25%35%34%25%35%30%25%32%66%25%33%31%25%32%65%25%33%31%25%30%64%25%
30%61%25%34%38%25%36%66%25%37%33%25%37%34%25%33%61%25%32%30%25%33%31%25%33%39%25
%33%32%25%32%65%25%33%31%25%33%36%25%33%38%25%32%65%25%33%31%25%33%30%25%32%65%2
5%33%31%25%33%32%25%33%38%25%30%64%25%30%61
一次
url
%47%45%54%20%2f%67%65%74%2e%70%68%70%3f%61%3d%31%32%33%34%34%34%35%35%35%35%35%3
5%35%35%35%35%35%35%35%20%48%54%54%50%2f%31%2e%31%0d%0a%48%6f%73%74%3a%20%31%39%
32%2e%31%36%38%2e%31%30%2e%31%32%38%0d%0a
原始数据
GET /get.php
?a
=
1234445555555555555
HTTP/1.1
Host:
192
.168.10.128
第一层
url
会在漏洞服务端解析,第二层
url
则在内网的
web
服务器中解析