Programmer Think

I XSSI vulnerability principle Homology strategy Homology policy is the most basic and core policy in Web application security model. Now all browsers that support JavaScript will use this strategy. The so-called homology means that the domain name, protocol and port are the same. The same origin policy stipulates that client scripts (ja ...

preface Explain the types of vulnerabilities on various WEB levels, the hazard level of specific vulnerabilities, and a brief impact range test for example analysis. The vulnerabilities in the mind map are also various knowledge points we will learn. In fact, according to the formation principle of vulnerabilities, how to find and use them ...

dataleak Two \ x00 can be skipped with "\ or / but each time" \ is used, 4 bytes will be copied to buf, so the last 3 bytes of data cannot be leaked. Therefore, / \ is used to control the leaked string with garbage data filling. exp: #!python #coding:utf-8 from pwn import * import subprocess, sys, os from time import sleep sa = l ...

1, Tool introduction 1. Introduction Nucleus is a customized rapid vulnerability scanner based on YAML syntax template. It is developed with Go language and has strong configurability, scalability and ease of use. At present, the project has 6.6k stars on Github. Official website: https://nuclei.projectdiscovery.ioNucleoi project addres ...

Small ideas of session utilization preface When doing questions, we often take into account the use of session. There are two common basic types: session file inclusion and session deserialization. We haven't summarized it in detail before, so let's write it. session file contains php.ini session related configuration session.upload_progr ...

Vulnerability Description: tomcat is a small and medium-sized Java EE server developed by Apache organization. It implements Java EE specifications such as servlet and JSP, and can provide web resource access services. tomcat mainly provides two communication modes to access web resources: http protocol and AJP protocol. The tomcat server wil ...

environment mysql is used. The database name is test and contains 1. The table name is users. The data in users is as follows SQL injection under JDBC There are two methods to execute SQL statements under JDBC, namely Statement and PrepareStatement, in which PrepareStatement is precompiled Statement SQL statement SELECT * FROM users W ...

On December 9, I saw an article on research ideas related to log4j2 DOS vulnerabilities. Unfortunately, I was busy and didn't have time to do it See, most of the log4j2 versions have been upgraded to 2.17 these days. I have squeezed some time to reproduce it Statement: for vulnerability understanding and learning and security reinforcement solu ...

SQL Injection(blind) 1. Low Manual injection method The server will only return and not display the search value. This kind of SQL injection without echo is called SQL blind injection. This question will only return whether the user exists or not, that is, true or false. This kind of blind note becomes Boolean blind note. The injection ...

1, Background Clam AntiVirus(Clam AV) is a free and open source anti-virus software. Software and virus library updates are released free of charge by the open source community. At present, ClamdAV mainly provides virus scanning and killing for Linux and Uinux systems. pyClamad is a third-party module of python, which allows Python to directly ...