Attempt to bypass web environment keyword monitoring

Source: Internet
Author: User

By Tang Wuhu

Problem: In the win2003 + php environment, the server installs something similar to the "first-class information monitoring system" to intercept some preset keywords. So when I run SQL queries and system commands in phpshell, I am prompted that the file has no access permission.

Solution considerations:

1. mysql-front phphttp proxy Function

The company's technical engineers provided me with this method. He introduced that mysql-front began to provide a script in version 3.2 to support proxy.
Usage: There is a PHP file in the program directory. We upload it to the zombie web directory. The local configuration is as follows:


In this case, OK.
The test result is: 3.2 connection error. The new version 4.0 can be connected successfully, but its functions are limited due to its non-registration version. The operation is not ideal.

Solution 2: Write a php script to fix the words in the intercepted queries such as select, update.
This is easy to understand. Here, the monitoring system only intercepts sensitive keywords in the client form submission data. We can write these intercepted words in the script so that they cannot appear in the form and can be bypassed.

Result: Successful!

Solution 3: capture the PHP shell to query and intercept the statement, and rebuild it (replace, encode ...)
This is not a good solution.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.