ctfshow web is realized by the idea of one question
ctfshow sprouting new plan
According to several solution ideas of web1, I realized the pass and kill of the following questions. When I think about it carefully, I feel that these questions are good for novices like me
Title 1: web1 code is very secure and has no loopholes
Open the topic. Obviously, this topic examines code audit. We paste ...
Posted by leeharvey09 on Mon, 21 Feb 2022 04:01:29 +0100
JWT asymmetric encryption public-private key encryption and decryption can set the expiration time [JwtHelper of Spring security framework] [Jwts of jsonwebtoken.JJWT]
introduce
Recently, I want to develop a coder management platform. For the technical selection of login module, I chose JWT Jwt can ensure that the login information placed on the client is not tampered with. In order to be more secure, I use RSA asymmetric encryption. That is, the private key is used to generate Jwt, and the public key is use ...
Posted by climbjm on Sun, 20 Feb 2022 07:55:20 +0100
Attack and defense world practice area Misc
1.this is flag
Idea: the title description is flag
2.pdf
Attachment: link: https://pan.baidu.com/s/1nyajq1Bjql-scT2FxicOGg Extraction code: 5zzi
Idea: open the attachment and find a pdf file with a picture
In the title description, "there is nothing below the picture", it is speculated that it is multi-layer or picture occ ...
Posted by gc40 on Thu, 17 Feb 2022 07:42:47 +0100
ekucms2.5 local file contains vulnerability - code audit
ekucms2.5 local file contains vulnerability - code audit
1, Foreword
In order to learn the operation principle of Thinkphp framework and strengthen its own code audit ability, we specially looked for a CMS vulnerability article written by php on the Internet for reproduction and reverse code audit. Vulnerability reference articles are as foll ...
Posted by backie on Wed, 16 Feb 2022 17:44:52 +0100
[loophole recurrence] Tomcat CVE-2017-12615 (arbitrary file upload vulnerability)
preface
This article is only for security research and skill learning. It should not be used for unauthorized penetration attacks. Any consequences have nothing to do with the author of this article.
1, Vulnerability description
However, the vulnerable Tomcat runs on the Windows/Linux host, and the HTTP PUT request method is enabl ...
Posted by drdapoo on Wed, 16 Feb 2022 08:29:08 +0100
3-6 SQL injection website instance step 5: break through the background and obtain the permission of web administrator
When we get the upper point and fully test the upper point, the goal of the test is to get the confirmed information. It can display the database information we want, all table information, all field information, and even the permission of the background manager. In this article, we will solve this problem
Use the upper point to explode the li ...
Posted by dokueki@gmail.com on Tue, 15 Feb 2022 07:26:43 +0100
How can concurrent locks protect multiple resources
Concurrent locks protect multiple resources
For mutexes, the relationship between protected resources and locks is generally many to one, so how to use a mutex to protect multiple resources?
First, you need to distinguish whether there is an association between multiple resources.
There is no association between multiple resources
There is ...
Posted by davieboy on Sun, 13 Feb 2022 14:39:51 +0100
012springboot Shiro (security framework)
catalogue
Shiro core three objects
Quickstart core:
First Shiro program
hello-shrio
1.pom.xml
2. Write Shiro configuration
log4j.properties
shiro.ini
3,Quickstart
Core:
Shiro integrated in SpringBoot
Environment construction
1.pom.xml
2.index.html
3.MyController
4.ShiroConfig realm object needs to be custom ...
Posted by devxtech on Sat, 12 Feb 2022 17:55:38 +0100
day03.2-addressing mode
1, Why addressing
We know that data is stored in memory. The CPU needs to use the data stored in memory. To use a data, we need to find the data in memory. What to find is to use the memory number, that is, the address, to find the location of the data in memory, take it out for use, or put it back to the specified locationThe above is an addr ...
Posted by evan12 on Sat, 12 Feb 2022 06:39:37 +0100
OpenSSL3.0 learning 18 provider - signature CSDN creation punch in
📒 Blog home page: Actor's blog 🎉 Welcome to pay attention 🔎 give the thumbs-up 👍 Collection ⭐ Leave a message 📝 ❤️ Look forward to communicating together! 🙏 The author's level is very limited. If you find an error, please let me know. Thank you! 🌺 If you have any questions, you can communicate by private letter!!!
🌺 outline
# ...
Posted by Grunge on Sat, 12 Feb 2022 00:39:42 +0100