Programmer Think

preface java selects 8u111 for reproduction According to ysoserial prompt, CC4 is required 0 version <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 --> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> <vers ...

Implementation of process scheduling algorithm Summary: The process scheduling algorithm is realized, including FCFS (first in first out), SPF (short process priority), HRRF (highest response ratio priority method) and HPF (priority method). A process management simulation system that allows n processes to run concurrently is designed. The syst ...

1. Application of dnslog chain 2. Use idea and ysoserial for debugging 3. Analyze the payload of ysosecial Application of DNSLOG chain Dnslog chain can only be used to prove the entry of deserialization and judge whether the target can go out of the network. Dnslog is used to judge the existence of deserialization vulnerability and whether th ...

preface Here is a brief summary of some attacks on FPM and FastCGI Pre knowledge What is CGI? Early Web servers could only respond to the request for HTTP static resources sent by the browser and return the static resources stored in the server to the browser. With the development of Web technology, dynamic technology gradually appea ...

In this paper, the bypass technology of SQL injection for web security is explained in detail, and the principle and application method of SQL injection bypass technology are more deeply mastered through the content in this paper, so as to be better used in penetration testing; The contents of the article are all compiled by personal understand ...

web78 if(isset($_GET['file'])){ $file = $_GET['file']; include($file); }else{ highlight_file(__FILE__); } See the include function in the source code. This means that the php file is imported from the outside and executed. If the execution is unsuccessful, the source code of the file is returned.The get parameter of the file ...

Security Level: LOW Brute Force Source code analysis: <?php if( isset( $_GET[ 'Login' ] ) ) { // Get username $user = $_GET[ 'username' ]; // Get password $pass = $_GET[ 'password' ]; $pass = md5( $pass ); // Check the database $query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; ...

catalogue 1, What is an arbitrary code execution vulnerability 2, Harm of vulnerability 3, Arbitrary Code Execution Vulnerability 1. Exploit of eval() function Exploit function (1 EVAL)_ one 1.2 exploit of eval() function_ two 1.3. Exploit of eval() function_ three 1.4preg_replace+/e utilization 2.assert() function 3.preg_replace(); ...

Purpose of this chapter Popularize the application scenarios and conditions of delayed blind injection technology, be familiar with the usage of functions such as length(), Substr(), ascii(), sleep(), if(), and master the basic process of time-based blind injection. PS: the interview questions and answers are delayed without deep questions E ...

web week1 Fujiwara Tofu Shop See qiumingshan Net to try Referer directly Hachi roku guessed What raspberry cookie is a bit of a pit father Cookies are cookies, but direct setting is wrong. There is no key value. If you see a set cookie in response, just use that key; The same is true for gasoline. Finally, payload is as follows: Spider.. ...