以下为常见的漏洞行为特征,部分特征来源于互联网。以下特征京策盾云加速可完美拦截,无需额外操作。
|
\.\./+\.\./
|
文件包含 | ||
|
(?:etc\/\W*passwd)
|
文件包含 | ||
|
(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
|
SSRF | ||
|
base64_decode\(
|
PHP代码拦截 | ||
|
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|showmodaldialog)\(
|
PHP代码执行 | ||
|
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
|
PHP代码执行 | ||
|
(invokefunction|call_user_func_array|\\think\\)
|
通用漏洞 | ||
|
^url_array\[.*\]$
|
通用漏洞 | ||
|
\${jndi:
|
JAVA代码执行 | ||
|
(@@version|load_file\(|NAME_CONST\(|exp\(\~|floor\(rand\(|geometrycollection\(|multipoint\(|polygon\(|multipolygon\(|linestring\(|multilinestring\(|right\()
|
SQL注入 | ||
|
(extractvalue\(|concat\(|user\(\)|substring\(|count\(\*\)|substring\(hex\(|updatexml\()
|
SQL注入 | ||
|
(EXISTS\(|SELECT\#|\(SELECT|select\()
|
SQL注入 | ||
|
(bin\(|ascii\(|benchmark\(|concat_ws\(|group_concat\(|strcmp\(|left\(|datadir\(|greatest\()
|
SQL注入 | ||
|
(?:from.+?information_schema.+?)
|
SQL注入 | ||
|
(?:(union(.*?)select\s+[A-Za-z0-9]+?))
|
SQL注入 | ||
|
(\(window\[)
|
XSS | ||
|
(window\[‘|globalThis\[|self\[|top\[|this\[|parent\[)
|
XSS | ||
|
(\\141\\154\\145\\162\\164|\\x61\\x6c\\x65\\x72\\x74|;alert|’alert’)
|
XSS | ||
|
(\\u\{0061\}\\u\{006c\}\\u\{0065\}\\u\{0072\}\\u\{0074\})
|
XSS | ||
|
{pbohome/Indexot:if
|
通用漏洞 | ||
|
{pboot:if(
|
通用漏洞 | ||
|
{pboot{user:
|
通用漏洞 |
京策盾高防CDN或者京策盾高防IP产品
京策盾高防CDN:https://www.jcdun.com/guoneigaofangcdn
京策盾高防IP:https://www.jcdun.com/guoneigaofangip
