Programmer Think

Small ideas of session utilization preface When doing questions, we often take into account the use of session. There are two common basic types: session file inclusion and session deserialization. We haven't summarized it in detail before, so let's write it. session file contains php.ini session related configuration session.upload_progr ...

catalogue preface install Tomcat analysis Main documents Upload directory Tomcat penetration Tomcat arbitrary file write (CVE-2017-12615) Tomcat remote code execution (CVE-2019-0232) Tomcat weak password & background getshell vulnerability Tomcat manager App brute force cracking Tomcat AJP file contains vulnerability analysis (CV ...

What is Nessus? This is a vulnerability scanning system based on C/S architecture What is vulnerability scanning? Vulnerability scanning is a technical means to find the vulnerabilities of the target system, and further use the discovered vulnerabilities to do something they have always wanted to do but couldn't do before, such as penetratio ...

environment mysql is used. The database name is test and contains 1. The table name is users. The data in users is as follows SQL injection under JDBC There are two methods to execute SQL statements under JDBC, namely Statement and PrepareStatement, in which PrepareStatement is precompiled Statement SQL statement SELECT * FROM users W ...

Introduction to SSTI MVC MVC is a framework mode. Its full name is Model View Controller. That is, model - View - controller Under the guidance of MVC, in the development, a method of separating business logic, data and interface display is used to organize the code, gather the business logic into one component, and get better development a ...

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor will I be responsible for any misuse or d ...

preface Beef is the most popular web framework attack platform in Europe and America. kali integrates beef, and beef has many easy payload s. For example, through the simple vulnerability of XSS, beef can control the browser of the target host through a prepared javascript, get various information through the browser and scan intranet in ...

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...

Linux rights one text link preface The original text comes from https://www.freebuf.com/articles/251884.html I feel that many of them are machine turned, and there are some format problems, large and small So I went to the Internet to find the original text, translated and typeset it again, and also referred to the translation of the origin ...

Environment construction Target download address http://vulnstack.qiyuanxuetang.net/vuln/detail/5/ After downloading the virtual machine, configure the network environment according to the official instructions to start the test Infiltration process 0x01 WEB information collection Check the target WEB service and find that it is a de ...