By Tang Wuhu
Http://blog.wang1.cn
Problem: In the win2003 + php environment, the server installs something similar to the "first-class information monitoring system" to intercept some preset keywords. So when I run SQL queries and system commands in phpshell, I am prompted that the file has no access permission.
Solution considerations:
1. mysql-front phphttp proxy Function
The company's technical engineers provided me with this method. He introduced that mysql-front began to provide a script in version 3.2 to support proxy.
Usage: There is a PHP file in the program directory. We upload it to the zombie web directory. The local configuration is as follows:
In this case, OK.
The test result is: 3.2 connection error. The new version 4.0 can be connected successfully, but its functions are limited due to its non-registration version. The operation is not ideal.
Solution 2: Write a php script to fix the words in the intercepted queries such as select, update.
This is easy to understand. Here, the monitoring system only intercepts sensitive keywords in the client form submission data. We can write these intercepted words in the script so that they cannot appear in the form and can be bypassed.
Result: Successful!
Solution 3: capture the PHP shell to query and intercept the statement, and rebuild it (replace, encode ...)
This is not a good solution.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
