Пробиться через WAF

24.07.2020, 03:45

ivdos

Guest

Сообщений: n/a

Провел на форуме:
1254

Репутация: 0

В общем, есть вопрос. Хотелось бы скулю раскрутить, на сайте есть ваф, код его прилагаю ниже. Получится ли? Алсо, могу спокойно лазить по файловой системе и смотреть исходники. Хотя все еще нахожусь в процессе раскрытия полных путей.

.SpoilerTarget" type="button">Spoiler: WAF

[CODE]
Code:
Sub Check_Request()

'Response.Write "alert(""함수실행"");" & vbCRLF

Dim LWItem, strlogfilename, HLogfso, FormData, ErrParity, HLogGetFile, errURL
errURL = "http://www.govonline.cn/"

For each LWItem in Request.QueryString
' response.write (LWItem & ":" & Reuqest.QueryString(LWItem) & "
")
if Request(LWItem) <> empty then
if (inStr(lcase(Request(LWItem)), "select") > 0 or inStr(lcase(Request(LWItem)), "delete") > 0) and inStr(lcase(Request(LWItem)), "from") > 0 then
ErrParity = 1
exit for
end if
if inStr(lcase(Request(LWItem)), "update") > 0 and inStr(lcase(Request(LWItem)), "set") > 0 then
ErrParity = 2
exit for
end if
if inStr(lcase(Request(LWItem)), "insert") > 0 and inStr(lcase(Request(LWItem)), "into") > 0 then
ErrParity = 3
exit for
end if
if inStr(lcase(Request(LWItem)), ";") > 0 and (inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "sp_") > 0 or inStr(lcase(Request(LWItem)), "xp_") > 0) then
ErrParity = 4
exit for
end if
'if inStr(lcase(Request(LWItem)), ";") > 0 or inStr(lcase(Request(LWItem)), "--") > 0 or inStr(lcase(Request(LWItem)), "/") > 0 or inStr(lcase(Request(LWItem)), "*") > 0 or inStr(lcase(Request(LWItem)), "=") > 0 then
' ErrParity = 91
' exit for
'end if
if inStr(lcase(Request(LWItem)), "count(") > 0 or inStr(lcase(Request(LWItem)), "asc(") > 0 or inStr(lcase(Request(LWItem)), "mid(") > 0 or inStr(lcase(Request(LWItem)), "char(") > 0 or inStr(lcase(Request(LWItem)), "cast(") > 0 or inStr(lcase(Request(LWItem)), "replace(") > 0 then
ErrParity = 92
exit for
end if
if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "0x") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 then
ErrParity = 93
exit for
end if
end if
Next

For each LWItem in Request.Form
' response.write (LWItem & ":" & Reuqest.QueryString(LWItem) & "
")
FormData = FormData & "&" & lwItem & "=" & Request(LWItem)
if Request(LWItem) <> empty then
if (inStr(lcase(Request(LWItem)), "select") > 0 or inStr(lcase(Request(LWItem)), "delete") > 0) and inStr(lcase(Request(LWItem)), "from") > 0 then
ErrParity = 11
exit for
end if
if inStr(lcase(Request(LWItem)), "update") > 0 and inStr(lcase(Request(LWItem)), "set") > 0 then
ErrParity = 12
exit for
end if
if inStr(lcase(Request(LWItem)), "insert") > 0 and inStr(lcase(Request(LWItem)), "into") > 0 then
ErrParity = 13
exit for
end if
if inStr(lcase(Request(LWItem)), ";") > 0 and (inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "sp_") > 0 or inStr(lcase(Request(LWItem)), "xp_") > 0) then
ErrParity = 14
exit for
end if
'if inStr(lcase(Request(LWItem)), ";") > 0 or inStr(lcase(Request(LWItem)), "--") > 0 or inStr(lcase(Request(LWItem)), "/") > 0 or inStr(lcase(Request(LWItem)), "*") > 0 or inStr(lcase(Request(LWItem)), "=") > 0 then
' ErrParity = 94
' exit for
'end if
if inStr(lcase(Request(LWItem)), "count(") > 0 or inStr(lcase(Request(LWItem)), "asc(") > 0 or inStr(lcase(Request(LWItem)), "mid(") > 0 or inStr(lcase(Request(LWItem)), "char(") > 0 or inStr(lcase(Request(LWItem)), "cast(") > 0 or inStr(lcase(Request(LWItem)), "replace(") > 0 then
ErrParity = 95
exit for
end if
'if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "0x") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 Then
if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 then
ErrParity = 96
exit for
end if
end if
Next

' Set UpForm = Nothing
' Set UpForm = Server.CreateObject("DEXT.FileUpload")
'
' UpForm.UploadTimeOut = 3600
' UpForm.DefaultPath = "d:\injection\" 'Server.MapPath("/")
' UpForm.MaxFileLen = 10485760
'
' On Error Resume Next
'
' nUpFormFormCount = UpForm.Form.Count
' if Err then '에러체크
' Set UpForm = Nothing
' else
' For each LWItem in UpForm.Form
' if LWItem <> empty then
' if (inStr(lcase(LWItem), "select") > 0 or inStr(lcase(LWItem), "delete") > 0) and inStr(lcase(LWItem), "from") > 0 then
' ErrParity = 21
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' if inStr(lcase(LWItem), "update") > 0 and inStr(lcase(LWItem), "set") > 0 then
' ErrParity = 22
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' if inStr(lcase(LWItem), "insert") > 0 and inStr(lcase(LWItem), "into") > 0 then
' ErrParity = 23
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' if inStr(lcase(LWItem), ";") > 0 and (inStr(lcase(LWItem), "exec") > 0 or inStr(lcase(LWItem), "sp_") > 0 or inStr(lcase(LWItem), "xp_") > 0) then
' ErrParity = 24
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' 'if inStr(lcase(LWItem), ";") > 0 or inStr(lcase(LWItem), "--") > 0 or inStr(lcase(LWItem), "/") > 0 or inStr(lcase(LWItem), "*") > 0 or inStr(lcase(LWItem), "=") > 0 then
' ' ErrParity = 97
' ' FormData = LWItem
' ' Set UpForm = Nothing
' ' exit for
' 'end if
' if inStr(lcase(LWItem), "count(") > 0 or inStr(lcase(LWItem), "asc(") > 0 or inStr(lcase(LWItem), "mid(") > 0 or inStr(lcase(LWItem), "char(") > 0 or inStr(lcase(LWItem), "cast(") > 0 or inStr(lcase(LWItem), "replace(") > 0 then
' ErrParity = 98
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' if inStr(lcase(LWItem), "exec") > 0 or inStr(lcase(LWItem), "declare") > 0 or inStr(lcase(LWItem), "0x") > 0 or inStr(lcase(LWItem), "drop") > 0 or inStr(lcase(LWItem), "truncate") > 0 or inStr(lcase(LWItem), "cmdshell") > 0 or inStr(lcase(LWItem), "execmaster") > 0 or inStr(lcase(LWItem), "netlocalgroupadministratThens") > 0 or inStr(lcase(LWItem), "netuser") > 0 or inStr(lcase(LWItem), "create") > 0 or inStr(lcase(LWItem), "shutdown") > 0 or inStr(lcase(LWItem), "kill") > 0 or inStr(lcase(LWItem), "xmp") > 0 then
' ErrParity = 99
' FormData = LWItem
' Set UpForm = Nothing
' exit for
' end if
' end if
' Next
' end if

if ErrParity >= 1 then
' strlogfilename = server.mappath("\") & "\ReqData_0" & Month(now) & Day(now) & ".txt"
strlogfilename = "d:\injection" & "\ReqData_0" & Month(now) & Day(now) & ".txt"
' response.write(strlogfilename)

Set HLogfso = Server.CreateObject("Scripting.FileSystemObject")
if HLogfso.fileexists(strlogfilename) then
set HLoggetfile = HLogfso.opentextfile(strlogfilename, 8, true)
else
set HLoggetfile = HLogfso.createtextfile(strlogfilename, true)
end if
HLoggetfile.writeline "SITE Url : " & request.servervariables("HTTP_HOST")
HLoggetfile.writeline "[" & ErrParity & "]" & now() & " " & Request.Servervariables("REMOTE_ADDR")
HLoggetfile.writeline "URL:" & Request.Servervariables("URL")
HLoggetfile.writeline "Cookie:" & request.ServerVariables("HTTP_COOKIE")
if FormData = empty then
HLoggetfile.writeline "Query:" & request.ServerVariables("QUERY_STRING") & vbCRLF
else
HLoggetfile.writeline "Form:" & FormData & vbCRLF
end if
HLoggetfile.close

Response.Write "alert(""적절하지 않은 문구를 넣으셨군요. 나빠요~!! ^ㅡ,.ㅡ^""); window.top.location = """ & errURL & """;" & vbCRLF
'Response.Write "alert(""적절하지 않은 문구를 넣으셨군요. 나빠요~!! ^ㅡ,.ㅡ^""); window.top.close();" & vbCRLF
response.End
end if

' if ErrParity >= 1 and ErrParity

ANTICHAT — форум по информационной безопасности, OSINT и технологиям