Programmer Think

Command injection summary Command injection is to execute arbitrary commands on the host operating system through vulnerable applications. In this attack, the operating system commands provided by the attacker are usually executed with the privileges of the vulnerable application. Command injection attacks are likely to be mainly due to in ...

Preface Log4j2's remote execution vulnerability has recently become so hot that I've been using logback s to save lives and lie in bed to watch the show this weekend. We don't need to, but we still need to know. Reproduction Control server ■ RMIServer RMIServer starts an rmi service, which starts two ports, a registry setting, and a ra ...

introduce linux is a multi-user system, which arranges corresponding permissions for each user, so as to better manage files. For example, a user assigns a class of files, so that this class of files can only allow specific users to carry out sensitive operations, so as to prevent other files from being affected and the system from running ...

Zuul service gateway ☣ Summary of prerequisite knowledge points (not part of the text) 1, What is a gateway? API Gateway (APIGW / API Gateway) , as its name implies, is an API oriented, serial and centralized strong control service that appears on the system boundary. The boundary here is the boundary of the enterpris ...

Vulnerability principle 1. The attack disguises a request body containing JNDI executable services. Here I mainly try LDAP and RMI. The request URL is as follows: LADP: ${jndi:ldap://127.0.0.1:1389/hello}RMI: ${jndi:ldap://127.0.0.1:1389/hello} 2. When the application happens to output the request header or input parameter log, it will ...

catalogue Low Medium High  Impossible SQL Injection (blind), that is, SQL blind injection, is different from general injection in that the general injection attacker can directly see the execution result of the injection statement from the page, while during blind injection, the attacker usually cannot obtain the execution result from the ...

1 description of competition questions In real social networks, cheating users will affect the social network platform. In the real scene, there will be many constraints. We can only obtain a small number of cheating samples and a part of normal user samples. Now we need to use a small number of labeled samples to mine the remaining cheating s ...

preface: The article was first published in https://sleepymonster.cn This is a question for the finals of the 2021 Jinan University freshman competition. At that time, I was gambling. If I did it, I would win the second prize Unfortunately, the network is not powerful enough to suck out second times without changing the script. But I'v ...

Catalog Low  Medium  High Impossible Insecure CAPTCHA, which means unsafe authentication code, is short for Completely Automated Public Turing Test to Tell Computers and Humans Apart, a Turing test that automatically distinguishes computers from humans. However, I think it would be better to call the content of this module an unsafe verif ...

preface How to evaluate the 2021 dai Lian cup?, My evaluation is "immortals fight, mortals suffer". Misc Misc1-decodemaster After getting the title, open the word file and find that it is a string of random codes with the font of Wingdings 2 Modify the font and find that the font can be displayed normally when it is in bold ( ...