Programming language JavaSE (Fundamentals) -- exception mechanism

Programming language JavaSE (Fundamentals) -- exception mechanism Daily saying: the water drop penetrating the stone, its strength comes from accumulation over time preface: Referenced crazy Java basic video—— Crazy Java basic video    catalogue Exception architecture Differences and connections between exceptions 1 ...

Posted by br0ken on Thu, 25 Nov 2021 02:54:29 +0100

Third party authentication -outh2 principle and analysis

I read a lot of articles about outh2 application, and the introduction is rather obscure and difficult to understand. At the same time, there is no actual case description, Next, I will explain with a simple case of security+outh2 and explain why this implementation method is the best through the wechat authentication process. 1. Security im ...

Posted by $0.05$ on Tue, 23 Nov 2021 06:20:14 +0100

ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux

ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux ThinkPHP5.0.24Vulnerability code<?php namespace app\index\controller; class Index { public function test01(){ $code = $_POST['code']; unserialize(base64_decode($code)); } } payload/index.php/index/index/test01 POST code=TzoyNzoidGhpbmtccHJvY2Vzc1xwa ...

Posted by trevorturtle on Mon, 22 Nov 2021 06:40:53 +0100

Summary of common web security problems (share common 12 attack types and defense measures)

Article catalog1. Understand the harm of web attacks.2. Share three common attacks and corresponding defense methods1. Harm of Web attack.What are the hazards of web attacks?A minor attack may steal users' information from your website. Serious web attacks can delete the database, paralyze the website and so on.2. Types of sharing attacks: sql ...

Posted by andycole on Sun, 21 Nov 2021 22:05:35 +0100

The third pass of red sun range

The third pass of red sun range 1, Environment configuration Open the virtual machine image to the suspended state and take a snapshot at the first time. Some services are not self started and cannot run automatically after restart. Suspended status, account has been logged in by default, centos In order to get out of the network machine and ...

Posted by phuggett on Thu, 18 Nov 2021 17:17:03 +0100

[Web security] php://filter Shallow bottom layer analysis

Create a new PHP file: a.php <?php $a = "a.txt"; include("php://filter/resource=" . $a); Create a new file in the same directory: a.txt (the content is <? PHP phpinfo();? > base64 encoding) PD9waHAgcGhwaW5mbygpOz8+ Next breakpoint in the related function of the corresponding file: [data] Post key codes: php_stream * php_strea ...

Posted by homer.favenir on Tue, 02 Nov 2021 06:58:08 +0100

Firewall of security technology

1, Security technology and firewall 1.1 safety technology Intrusion detection systems: it is characterized by not blocking any network access, quantifying and locating from internal and external networks The threat situation is mainly to provide alarm and post supervision, and provide targeted guidance measures and safety decision-making ...

Posted by DMeerholz on Mon, 01 Nov 2021 14:28:27 +0100

Security integration JWT part 09

function Integrate JWT into the project, which is divided into two stages 1. Log in for authentication for the first time. If the authentication is successful, a token will be returned 2. Subsequent requests carry a token for authorization authentication, that is, they need to be re authenticated before each authorization 1 github: Sourc ...

Posted by flamtech on Thu, 28 Oct 2021 12:23:43 +0200

Penetration test prime:1

Range target: https://www.vulnhub.com/entry/prime-1,358/ After downloading the shooting range, you can see that the shooting range can be opened directly through vmware. The shooting range system is Ubuntu system. The startup screen is as follows: Here, VMnet selects nat mode, so the ip segment of the shooting range and kali's ip share ...

Posted by aztec on Wed, 27 Oct 2021 07:43:10 +0200

Some learning and Thinking on Web shell exemption -- Taking PHP as an example

preface When using webshell, killing free is something to consider. To put it bluntly, my webshell has to be usable! Therefore, this article does a webshell free learning, which is mainly a sentence of php 1, About webshell The so-called web shell is to send a file written by malicious code (i.e. shell) to the server. The client connects ...

Posted by sholtzrevtek on Sun, 24 Oct 2021 05:10:31 +0200