java selects 8u111 for reproduction
According to ysoserial prompt, CC4 is required 0 version
<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 -->
Posted by danville on Thu, 10 Mar 2022 14:48:55 +0100
Implementation of process scheduling algorithm Summary: The process scheduling algorithm is realized, including FCFS (first in first out), SPF (short process priority), HRRF (highest response ratio priority method) and HPF (priority method). A process management simulation system that allows n processes to run concurrently is designed. The syst ...
Posted by kennethl on Mon, 07 Mar 2022 05:54:46 +0100
1. Application of dnslog chain 2. Use idea and ysoserial for debugging 3. Analyze the payload of ysosecial
Application of DNSLOG chain
Dnslog chain can only be used to prove the entry of deserialization and judge whether the target can go out of the network. Dnslog is used to judge the existence of deserialization vulnerability and whether th ...
Posted by snoopgreen on Sat, 05 Mar 2022 05:07:00 +0100
Here is a brief summary of some attacks on FPM and FastCGI
What is CGI?
Early Web servers could only respond to the request for HTTP static resources sent by the browser and return the static resources stored in the server to the browser. With the development of Web technology, dynamic technology gradually appea ...
Posted by ColinP on Sun, 27 Feb 2022 11:40:25 +0100
In this paper, the bypass technology of SQL injection for web security is explained in detail, and the principle and application method of SQL injection bypass technology are more deeply mastered through the content in this paper, so as to be better used in penetration testing; The contents of the article are all compiled by personal understand ...
Posted by newbiehacker on Sat, 26 Feb 2022 13:14:26 +0100
$file = $_GET['file'];
See the include function in the source code. This means that the php file is imported from the outside and executed. If the execution is unsuccessful, the source code of the file is returned.The get parameter of the file ...
Posted by pineapple1 on Fri, 25 Feb 2022 15:16:21 +0100
1, What is an arbitrary code execution vulnerability
2, Harm of vulnerability
3, Arbitrary Code Execution Vulnerability
1. Exploit of eval() function
Exploit function (1 EVAL)_ one
1.2 exploit of eval() function_ two
1.3. Exploit of eval() function_ three
Posted by wpsd2006 on Wed, 23 Feb 2022 13:13:44 +0100
Purpose of this chapter
Popularize the application scenarios and conditions of delayed blind injection technology, be familiar with the usage of functions such as length(), Substr(), ascii(), sleep(), if(), and master the basic process of time-based blind injection.
PS: the interview questions and answers are delayed without deep questions
Posted by jokkis on Sun, 20 Feb 2022 14:50:47 +0100
Fujiwara Tofu Shop
See qiumingshan Net to try Referer directly
Hachi roku guessed
What raspberry cookie is a bit of a pit father
Cookies are cookies, but direct setting is wrong. There is no key value. If you see a set cookie in response, just use that key; The same is true for gasoline. Finally, payload is as follows:
Posted by tycragg on Sun, 20 Feb 2022 12:23:01 +0100