From 07ebed33bce324346e3e23f884a018c45145cd48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=9C=E6=96=B9=E6=9C=89=E9=B1=BC=E5=90=8D=E4=B8=BA?= =?UTF-8?q?=E5=92=B8?= Date: Tue, 15 Oct 2019 21:38:21 +0800 Subject: [PATCH] =?UTF-8?q?Update=20=E6=9E=84=E5=BB=BAASMX=E7=BB=95?= =?UTF-8?q?=E8=BF=87=E9=99=90=E5=88=B6WAF=E8=BE=BE=E5=88=B0=E5=91=BD?= =?UTF-8?q?=E4=BB=A4=E6=89=A7=E8=A1=8C.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 构建ASMX绕过限制WAF达到命令执行.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/构建ASMX绕过限制WAF达到命令执行.md b/构建ASMX绕过限制WAF达到命令执行.md index edfecf7..aade15a 100644 --- a/构建ASMX绕过限制WAF达到命令执行.md +++ b/构建ASMX绕过限制WAF达到命令执行.md @@ -2,14 +2,14 @@ > 近日,在遇到一个WAF,目标服务器配置如下: -> 1.ASP.NET -> 2.IIS -> 3.Windows -> 4.X WAF -> 5.不允许上传 ASP、ASPX、ASA、CER、.... -> 6.任意文件上传漏洞 -> 于是想到还有ASMX,构建SOAP接口,分享给大家以便留存 -> 另外,WAF还拦截“Process()”,于是在C#代码里,创建了一个子类继承Process父类,然后实例化: +> 1.ASP.NET +> 2.IIS +> 3.Windows +> 4.X WAF +> 5.不允许上传 ASP、ASPX、ASA、CER、.... +> 6.任意文件上传漏洞 +> 于是想到还有ASMX,构建SOAP接口,分享给大家以便留存 +> 另外,WAF还拦截“Process()”,于是在C#代码里,创建了一个子类继承Process父类,然后实例化: ![](img/process.png)