Пробиться через WAF

В общем, есть вопрос. Хотелось бы скулю раскрутить, на сайте есть ваф, код его прилагаю ниже. Получится ли? Алсо, могу спокойно лазить по файловой системе и смотреть исходники. Хотя все еще нахожусь в процессе раскрытия полных путей.

Spoiler: WAF

Code:

Sub Check_Request()

    'Response.Write "<script language=""javascript"">alert(""함수실행"");</script>" & vbCRLF
    
    Dim LWItem, strlogfilename, HLogfso, FormData, ErrParity, HLogGetFile, errURL
    errURL = "http://www.govonline.cn/"
    
    For each LWItem in Request.QueryString
'        response.write (LWItem & ":" & Reuqest.QueryString(LWItem) & "<BR>")
        if Request(LWItem) <> empty then
            if (inStr(lcase(Request(LWItem)), "select") > 0 or inStr(lcase(Request(LWItem)), "delete") > 0) and inStr(lcase(Request(LWItem)), "from") > 0 then
                ErrParity = 1
                exit for
            end if
            if inStr(lcase(Request(LWItem)), "update") > 0 and inStr(lcase(Request(LWItem)), "set") > 0 then
                ErrParity = 2
                exit for
            end if
            if inStr(lcase(Request(LWItem)), "insert") > 0 and inStr(lcase(Request(LWItem)), "into") > 0 then
                ErrParity = 3
                exit for
            end if
            if inStr(lcase(Request(LWItem)), ";") > 0 and (inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "sp_") > 0 or inStr(lcase(Request(LWItem)), "xp_") > 0) then
                ErrParity = 4
                exit for
            end if
            'if inStr(lcase(Request(LWItem)), ";") > 0 or inStr(lcase(Request(LWItem)), "--") > 0 or inStr(lcase(Request(LWItem)), "/") > 0 or inStr(lcase(Request(LWItem)), "*") > 0 or inStr(lcase(Request(LWItem)), "=") > 0 then
            '    ErrParity = 91
            '    exit for
            'end if
            if inStr(lcase(Request(LWItem)), "count(") > 0 or inStr(lcase(Request(LWItem)), "asc(") > 0 or inStr(lcase(Request(LWItem)), "mid(") > 0 or inStr(lcase(Request(LWItem)), "char(") > 0 or inStr(lcase(Request(LWItem)), "cast(") > 0 or inStr(lcase(Request(LWItem)), "replace(") > 0 then
                ErrParity = 92
                exit for
            end if
            if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "0x") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 then
                ErrParity = 93
                exit for
            end if
        end if
    Next
    
    For each LWItem in Request.Form
'        response.write (LWItem & ":" & Reuqest.QueryString(LWItem) & "<BR>")
        FormData = FormData & "&" & lwItem & "=" & Request(LWItem)
        if Request(LWItem) <> empty then
            if (inStr(lcase(Request(LWItem)), "select") > 0 or inStr(lcase(Request(LWItem)), "delete") > 0) and inStr(lcase(Request(LWItem)), "from") > 0 then
                ErrParity = 11
                exit for
            end if
            if inStr(lcase(Request(LWItem)), "update") > 0 and inStr(lcase(Request(LWItem)), "set") > 0 then
                ErrParity = 12
                exit for
            end if
            if inStr(lcase(Request(LWItem)), "insert") > 0 and inStr(lcase(Request(LWItem)), "into") > 0 then
                ErrParity = 13
                exit for
            end if
            if inStr(lcase(Request(LWItem)), ";") > 0 and (inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "sp_") > 0 or inStr(lcase(Request(LWItem)), "xp_") > 0) then
                ErrParity = 14
                exit for
            end if
            'if inStr(lcase(Request(LWItem)), ";") > 0 or inStr(lcase(Request(LWItem)), "--") > 0 or inStr(lcase(Request(LWItem)), "/") > 0 or inStr(lcase(Request(LWItem)), "*") > 0 or inStr(lcase(Request(LWItem)), "=") > 0 then
            '    ErrParity = 94
            '    exit for
            'end if
            if inStr(lcase(Request(LWItem)), "count(") > 0 or inStr(lcase(Request(LWItem)), "asc(") > 0 or inStr(lcase(Request(LWItem)), "mid(") > 0 or inStr(lcase(Request(LWItem)), "char(") > 0 or inStr(lcase(Request(LWItem)), "cast(") > 0 or inStr(lcase(Request(LWItem)), "replace(") > 0 then
                ErrParity = 95
                exit for
            end if
            'if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "0x") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 Then
            if inStr(lcase(Request(LWItem)), "exec") > 0 or inStr(lcase(Request(LWItem)), "declare") > 0 or inStr(lcase(Request(LWItem)), "drop") > 0 or inStr(lcase(Request(LWItem)), "truncate") > 0 or inStr(lcase(Request(LWItem)), "cmdshell") > 0 or inStr(lcase(Request(LWItem)), "execmaster") > 0 or inStr(lcase(Request(LWItem)), "netlocalgroupadministratThens") > 0 or inStr(lcase(Request(LWItem)), "netuser") > 0 or inStr(lcase(Request(LWItem)), "create") > 0 or inStr(lcase(Request(LWItem)), "shutdown") > 0 or inStr(lcase(Request(LWItem)), "kill") > 0 or inStr(lcase(Request(LWItem)), "xmp") > 0 then
                ErrParity = 96
                exit for
            end if
        end if
    Next
    
'    Set UpForm = Nothing
'    Set UpForm = Server.CreateObject("DEXT.FileUpload")
'   
'    UpForm.UploadTimeOut = 3600
'    UpForm.DefaultPath = "d:\injection\"    'Server.MapPath("/")
'    UpForm.MaxFileLen  = 10485760
'   
'    On Error Resume Next
'   
'    nUpFormFormCount = UpForm.Form.Count
'    if Err then        '에러체크
'        Set UpForm = Nothing
'    else
'        For each LWItem in UpForm.Form
'            if LWItem <> empty then
'                if (inStr(lcase(LWItem), "select") > 0 or inStr(lcase(LWItem), "delete") > 0) and inStr(lcase(LWItem), "from") > 0 then
'                    ErrParity = 21
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'                if inStr(lcase(LWItem), "update") > 0 and inStr(lcase(LWItem), "set") > 0 then
'                    ErrParity = 22
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'                if inStr(lcase(LWItem), "insert") > 0 and inStr(lcase(LWItem), "into") > 0 then
'                    ErrParity = 23
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'                if inStr(lcase(LWItem), ";") > 0 and (inStr(lcase(LWItem), "exec") > 0 or inStr(lcase(LWItem), "sp_") > 0 or inStr(lcase(LWItem), "xp_") > 0) then
'                    ErrParity = 24
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'                'if inStr(lcase(LWItem), ";") > 0 or inStr(lcase(LWItem), "--") > 0 or inStr(lcase(LWItem), "/") > 0 or inStr(lcase(LWItem), "*") > 0 or inStr(lcase(LWItem), "=") > 0 then
'                '    ErrParity = 97
'                '    FormData = LWItem
'                '    Set UpForm = Nothing
'                '    exit for
'                'end if
'                if inStr(lcase(LWItem), "count(") > 0 or inStr(lcase(LWItem), "asc(") > 0 or inStr(lcase(LWItem), "mid(") > 0 or inStr(lcase(LWItem), "char(") > 0 or inStr(lcase(LWItem), "cast(") > 0 or inStr(lcase(LWItem), "replace(") > 0 then
'                    ErrParity = 98
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'                if inStr(lcase(LWItem), "exec") > 0 or inStr(lcase(LWItem), "declare") > 0 or inStr(lcase(LWItem), "0x") > 0 or inStr(lcase(LWItem), "drop") > 0 or inStr(lcase(LWItem), "truncate") > 0 or inStr(lcase(LWItem), "cmdshell") > 0 or inStr(lcase(LWItem), "execmaster") > 0 or inStr(lcase(LWItem), "netlocalgroupadministratThens") > 0 or inStr(lcase(LWItem), "netuser") > 0 or inStr(lcase(LWItem), "create") > 0 or inStr(lcase(LWItem), "shutdown") > 0 or inStr(lcase(LWItem), "kill") > 0 or inStr(lcase(LWItem), "xmp") > 0 then
'                    ErrParity = 99
'                    FormData = LWItem
'                    Set UpForm = Nothing
'                    exit for
'                end if
'            end if
'        Next
'    end if
    
    if ErrParity >= 1 then
'        strlogfilename = server.mappath("\") & "\ReqData_0" & Month(now) & Day(now) & ".txt"
        strlogfilename = "d:\injection" & "\ReqData_0" & Month(now) & Day(now) & ".txt"
'        response.write(strlogfilename)
        
        Set HLogfso = Server.CreateObject("Scripting.FileSystemObject")
        if HLogfso.fileexists(strlogfilename) then
            set HLoggetfile = HLogfso.opentextfile(strlogfilename, 8, true)
        else
            set HLoggetfile = HLogfso.createtextfile(strlogfilename, true)
        end if
        HLoggetfile.writeline "SITE Url : " & request.servervariables("HTTP_HOST")
        HLoggetfile.writeline "[" & ErrParity & "]" & now() & " " & Request.Servervariables("REMOTE_ADDR")
        HLoggetfile.writeline "URL:" & Request.Servervariables("URL")
        HLoggetfile.writeline "Cookie:" & request.ServerVariables("HTTP_COOKIE")
        if FormData = empty then
            HLoggetfile.writeline "Query:" & request.ServerVariables("QUERY_STRING") & vbCRLF
        else
            HLoggetfile.writeline "Form:" & FormData & vbCRLF
        end if
        HLoggetfile.close
        
        Response.Write "<script language=""javascript"">alert(""적절하지 않은 문구를 넣으셨군요. 나빠요~!! ^ㅡ,.ㅡ^""); window.top.location = """ & errURL & """;</script>" & vbCRLF
        'Response.Write "<script language=""javascript"">alert(""적절하지 않은 문구를 넣으셨군요. 나빠요~!! ^ㅡ,.ㅡ^""); window.top.close();</script>" & vbCRLF
        response.End
    end if
    
'    if ErrParity >= 1 and ErrParity < 90 then
'        response.End()
'    end if
    
end sub