遇到apache里面加载了安全插件,具体配置如下: <IfModule mod_security.c> SecFilterEngine DynamicOnly
SecFilterScanPOST On SecFilter "select.+from" SecFilter "insert" SecFilter "update.+set" SecFilter "delete.+from" SecFilter "union" SecFilter "select.+\n" SecFilter "update.+\n" SecFilter "delete.+\n" SecFilterSelective ARGS_VALUES "^http:/" SecFilterSelective ARGS_NAMES "^php:/" SecFilterSelective ARGS "or.+1[[:space:]]*=[[:space:]]1" SecFilterSelective ARGS "or 1=1--'" SecFilterSelective ARGS "'.+--" SecFilterSelective ARGS "into[[:space:]]+outfile" SecFilterSelective ARGS "load[[:space:]]+data SecFilterSelective ARGS "/\*.+\*/" SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*exec" SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*cmd" SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*echo" SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*include" SecFilterSelective ARGS "<!--[[:space:]]*#[[:space:]]*printenv" SecFilterDefaultAction "deny,log,status:400" SecAuditEngine RelevantOnly SecAuditLog logs/audit_log </IfModule> 请教有什么好的办法绕过? 我想到是利用get形式提交数据
-- 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected]
