Website security dog WebShell upload interception bypass requires processing of abnormal requests
WebShell upload interception Bypass
Test environment: Windows2003 + IIS6 + ASP
Dongle version:
An ASP File Uploaded is intercepted:
The request content (Part) is as follows:
------WebKitFormBoundaryWyGa1hk6vT9BZGRrContent-Disposition: form-data; name="FileUploadName"; filename="test.asp"Content-Type: application/octet-stream<%response.write( bypass="" safedog="">------WebKitFormBoundaryWyGa1hk6vT9BZGRr--
<% Response. write (bypass = "" safedog = "">
Because WebServer is flexible in obtaining parameters, I try to change the filename = "test. asp" intercepted by dongle to another location. After some tests, it is found that when filename = "test. asp" is in the Content-Type: application/octet-stream line or the next line, the dongle's upload Interception will become invalid.
Solution:
Handle abnormal requests