Use multipart/form-data to bypass waf
The LuManager high-risk SQL injection 0-day analysis mentions the use of payload as follows:
Attackers can see that the multipart/form-data format is used to send payload. For applications, the data obtained using application/x-www-form-urlencoded is the same. For the differences between multipart/form-data and application/x-www-form-urlencode, see stackoverflow.
Github.
Generally, multipart/form-data is used for file uploading, and x-www-form-urlencoded is used for passing common parameters. File Upload contains a large amount of binary data, which is composed of Non-character numbers. If urlencode is used, all data must be url encoded. This expands the amount of data to be transmitted.
There are also many discussions about using multipart/form-data to bypass waf. Multipart/form-data PHP and Java common WAF bypass methods, one of the defects of 360 webtreasure/quickshield/jiasule and other similar products.
The reason why waf can be bypassed is that multipart/form-data is usually used to transmit binary data. If waf has an impact on the possibility of parsing large files. Therefore, when writing a scanner, if you use form-data to send payload, you may be pleasantly surprised. Refer to the st2 command execution on a Baidu site (unique execution posture)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
