Safe dog file upload bypass

Time:2022-5-5

Website security dog (WAF) file upload is restricted to the vulnerability protection sub module under the website protection module

 

The file types appearing in the above list will be blocked by WAF when uploading, but not all file types are added with detection rules by default, such as picture files (. JPG). Because it involves the operation of users uploading files, when testing truncation, you can manually add the file types to be restricted to the detection mechanism

 

After setting, image upload will be restricted by WAF

Visit the vulnerability platform Pikachu, select the file upload function, and enable the burpsiute agent to construct statements to bypass the WAF detection mechanism

 

Select a local picture

 

 

After the upload operation, it is intercepted by the security dog

Modify the suffix (. PHP) in BP and intercept it in the browser

1. Equal sign bypass

 

We modified the pattern of the equal sign. The third order and the first order are logically the same, so we successfully bypassed it

2. Line feed bypass

Wrap the file name suffix

 

Debugging in the repeater shows that the file is uploaded successfully and bypassed successfully

3. Garbage character filling bypass

 

 

The principle of successful bypass and garbage character filling is that the filled character length exceeds the character length detected by WAF, so it can be bypassed successfully. The default detection URL length of the security dog is 2048 bytes