Website security dog (WAF) file upload is restricted to the vulnerability protection sub module under the website protection module
The file types appearing in the above list will be blocked by WAF when uploading, but not all file types are added with detection rules by default, such as picture files (. JPG). Because it involves the operation of users uploading files, when testing truncation, you can manually add the file types to be restricted to the detection mechanism
After setting, image upload will be restricted by WAF
Visit the vulnerability platform Pikachu, select the file upload function, and enable the burpsiute agent to construct statements to bypass the WAF detection mechanism
Select a local picture
After the upload operation, it is intercepted by the security dog
Modify the suffix (. PHP) in BP and intercept it in the browser
1. Equal sign bypass
We modified the pattern of the equal sign. The third order and the first order are logically the same, so we successfully bypassed it
2. Line feed bypass
Wrap the file name suffix
Debugging in the repeater shows that the file is uploaded successfully and bypassed successfully
3. Garbage character filling bypass
The principle of successful bypass and garbage character filling is that the filled character length exceeds the character length detected by WAF, so it can be bypassed successfully. The default detection URL length of the security dog is 2048 bytes
