Bypass the web environment keyword monitoring attempt-vulnerability warning-the black bar safety net

ID MYHACK58:62200717953
Type myhack58
Reporter 佚名
Modified 2007-12-30T00:00:00


by Don not Fox

Problem: win2003+php environment, server installation similar to the“best information monitoring system,”The thing is, for some set of keywords for blocking. So I'm in phpshell, Execute sql queries and system command, you be prompted file does not have permission to access.

Solutions to consider:

  1. mysql-front. phphttp Agent function

The company's technical engineer provided me with this method. He says the mysql-front 3. 2 version offers a script that supports proxy. Method of use: in the program directory there is a php file. We upload it to the broiler to the web directory. The local configuration is as follows ! So ok. Test result: version 3.2 of the connection error. The new version 4. 0 can connect successfully, but due to the non-registered version, the function is limited. The operation is not ideal.

Scenario 2: self-write a php script to select,update,.... The like Is to intercept the query requires the term curing on the inside. This is well understood, where the monitoring system just to intercept the client form submission data in the sensitive keywords. We put these blocked words are written in script inside, do not let it appear in the form can be bypassed.

Results: success!

Scenario 3: capture phpshell query and the blocked statement, its re-transformation of that replace, the encoding...) This is currently not a good solution to the problem.