Safe dog file upload bypass


Website security dog (WAF) file upload is restricted to the vulnerability protection sub module under the website protection module


The file types appearing in the above list will be blocked by WAF when uploading, but not all file types are added with detection rules by default, such as picture files (. JPG). Because it involves the operation of users uploading files, when testing truncation, you can manually add the file types to be restricted to the detection mechanism


After setting, image upload will be restricted by WAF

Visit the vulnerability platform Pikachu, select the file upload function, and enable the burpsiute agent to construct statements to bypass the WAF detection mechanism


Select a local picture



After the upload operation, it is intercepted by the security dog

Modify the suffix (. PHP) in BP and intercept it in the browser

1. Equal sign bypass


We modified the pattern of the equal sign. The third order and the first order are logically the same, so we successfully bypassed it

2. Line feed bypass

Wrap the file name suffix


Debugging in the repeater shows that the file is uploaded successfully and bypassed successfully

3. Garbage character filling bypass



The principle of successful bypass and garbage character filling is that the filled character length exceeds the character length detected by WAF, so it can be bypassed successfully. The default detection URL length of the security dog is 2048 bytes