AAF_BurpSuit_withlogin
[Dec 12 15:16:52 osboxes aaf.alerts:Founddddd pattern,{。conf} in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80, ]
[Dec 12 15:16:52 osboxes aaf.alerts:Founddddd pattern,{/ web.config.bak} in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17。 0.2,80,]
[Dec 12 15:16:52 osboxes aaf.alerts:Founddddd pattern,{。conf} in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80, ]
[Dec 12 15:16:52 osboxes aaf.alerts:Founddddd pattern,{/ web.config.bak} in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17。 0.2,80,]
AAF_burpsuit
[[Dec 19 17:25:02 osboxes aaf.alerts:WAF / 1:SQL注入警报!! :找到的模式yXPt = 1916%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM %20information_schema.tables%20WHERE%202%3E1-%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20 ..%2F ..%2F ..%2Fetc%2Fpasswd%27%29 %23,[1576794302,HTTP,192.168.56.1,60728,192.168.56.10,80,]
[[Dec 19 17:25:02 osboxes aaf.alerts:WAF / 7/6:XSS / Directory Traversal Alert !!! :找到的模式yXPt = 1916%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM %20information_schema.tables%20WHERE%202%3E1-%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20 ..%2F ..%2F ..%2Fetc%2Fpasswd%27%29 %23,[1576794302,HTTP,192.168.56.1,60728,192.168.56.10,80,]
AAF_ZAP
[Dec 19 16:43:19 osboxes aaf.alerts:消息重复了12次:[Founddddd模式,{%2F ..%2F ..%2F ..%2F}}位于192.168.56.10/images/?C=。 。%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..% 2F ..%2F ..%2F ..%2Fetc%2Fpasswd [1576791799,HTTP,192.168.56.1,57067,192.168.56.10,80,]]
[Dec 19 16:43:19 osboxes aaf.alerts:Founddddd pattern,{%2F ..%2F ..%2F ..%2F}} in 192.168.56.10/images/?C=..%2F..% 2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F ..%2F .. 。%2F ..%2Fetc%2Fpasswd [1576791799,HTTP,192.168.56.1,57067,172.17.0.2,80,]
BurpSuite(由PortSwigger提供)和ZAP(Zed Attack Proxy,由OWASP提供)用作渗透测试工具。什么是日志?操作系统?您的具体问题是什么?在我看来,似乎是通过使用BurpSuite和ZAP针对此处列出的IP进行目录遍历。第一块表示已找到webconfig备份文件,第二块表示WAF(Web应用防火墙)检测到针对该passwd目录的SQL注入漏洞(或攻击)(这是典型的目录遍历攻击)%2F是斜杠字符“ /”的URL编码。因此,攻击者将以这种格式格式化其有效负载,因此,当您的后端服务器提取代码时,浏览器会将其解释为斜杠。简而言之,如果您自己运行这些工具,则应在将日志粘贴到此处之前先了解它的作用,因为有时它们会向您的组织包含敏感数据,并且您可能无法识别。如果这些日志来自您自己的WAF或后端服务器,那么上面的内容应该可以为您提供帮助。