Programmer Think

Struts vulnerability collection Some Strtus2 vulnerabilities are summarized. Although there are few vulnerabilities in this part, it is also a part of learning. The collection is not comprehensive, and will be supplemented later. The vulnerability environment can be built using the online vulfucus or deployed using docker S2-001 (CVE-2007-45 ...

ThinkPHP6.0 deserialization vulnerability preface In learning the master's thinkphp6 Recurrence of deserialization vulnerability in 0. X article I found that the TP version I downloaded was the repaired version. So change the old chain to reach RCE. Before reading this article, let's take a look at the above-mentioned master's article. Repai ...

Structure forming 1. SpringSecurity 2. Introductory cases Create a new SpringBoot project and add Security and Web dependencies Create a new login and home page in resources – static Start the project and visit localhost:8080/login to see the login page that appears (this page is generated by Security by default) When the pr ...

The pan entertainment audio and video chat scene is full of uncontrollable risk factors, such as pornography, violent fear and political information. With the increasingly strict national supervision, each platform needs to control the audio and video content of the platform, and it needs to invest a lot of manpower to process the audio and vid ...

computer network one.Computer Network Overview Concept of computer network:(*) 1.**Definition of computer network**: 2.**Composition of computer network:** 3.Type of computer network: Computer network architecture 1.Transmission mode: 2.Data exc ...

1. Introduction to struts 2 Struts 2 is a Web application framework based on MVC design pattern. It is essentially equivalent to a servlet. In MVC design pattern, struts 2 acts as a controller to establish the data interaction between model and view. Struts 2 is the next generation product of struts. It is a new struts 2 framework based on the ...

This column is the author's network security learning notes, which are shared and used as notes at the same time Previous link Construction of Wamp / DVWA / sqli LabsUse of burpsuite tool to capture packets and Intruder brute force crackingUse of directory scanning, request retransmission, vulnerability scanning and other toolsWebsite infor ...

to configure 1. Add WebSecurityConfigurerAdapter configuration A password parser is added, a user is added in memory, and other configurations will be added later. @Configuration @EnableWebSecurity(debug = true) @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) public class MyWebSecurityConfigura ...

File upload - upload Labs 1. Introduction to file upload vulnerability When uploading files, the server does not strictly filter the files uploaded by the client, causing the attacker to upload any type of files, including various script files (php,asp,aspx,jsp, etc.), causing the attacker to control the server. During the attack, the uploaded ...

preface Recently, I was working on a Web project. At first, I used Spring boot + Spring security, and then found that Spring security was too bloated (maybe I haven't used it yet). Just now, a WeChat official account tweeted me into the Token authentication mode. After understanding it, I thought it was very useful, so I began to change it ...