Blog

(3)删除输入中的引号;

(4)对输入进行URL解码;

(5)如果任何输入项被删除,返回步骤(1)。

能避开上述确认机制,让以下数据通过确认吗?

在书中给出的网站上找到了答案:

Yes. If it were not for Step 4, this mechanism would be robust in terms of filtering the specific items it is designed to block. However, because your input is decoded after the filtering steps have been performed, you can simply URL-encode selected characters in your payload to evade the filter:

If Step 4 were performed first (or even not at all) then this bypass would not be possible.

开始我理解错了题意,以为那些条件是要同时满足的,结果想半天也想不出来。如果把 STEP 4放在 STEP 1 的位置,你就会跟我一样纠结了。实际上这题不是很难,关键是理解题意。不认真看题也是在日常学习中老犯的毛病,呵呵。