Programmer Think

subject thinking View interface Open the title and we can see a website that can be operated only through the project management interface. The project management interface is as follows We see a source code link. The source code of the link is as follows <?php session_start(); if (!isset($_GET[page])) { show_sour ...

1. Source code modification (1) Error reporting UnicodeDecodeError: 'gbk' codec can't decode byte 0x9a in position 8: illegal multibyte sequence   Load ../data/PHP-WEBSHELL/xiaoma/1148d726e3bdec6db65db30c08a75f80.php Traceback (most recent call last): ...... t=load_file(file_path) for line in f: UnicodeDecodeError: 'gbk' codec can't deco ...

The 30 second response speed set by this target is really desperate. Seriously, you can play with your mobile phone for half a day every time you do an action prospecting nmap nmap -sS -p 1-65535 10.10.10.11 Starting Nmap 7.91 ( https://nmap.org ) at 2022-01-03 15:31 CST Nmap scan report for 10.10.10.11 Host is up (0.28s latency). Not s ...

Analysis of patrol source code -- detailed understanding and use Patrol is a quick emergency and cruise scanning system for vulnerabilities in the enterprise intranet. View the internal network asset distribution, specify the vulnerability plug-in, quickly detect the vulnerability of the search results, and output the result report Portal ...

SUCTF 2019]EasyWeb Test site: No alphanumeric shellUse htaccess upload fileBypass open_basedir Source code audit <?php function get_the_flag(){ // web admin will remove your upload file every 20 min!!!! $userdir = "upload/tmp_".md5($_SERVER['REMOTE_ADDR']); //Naming format (upload/tmp_md5(ip)) if(!file_exists($userdir)){ ...

This machine involves oracle database and has never been involved before. I also take this opportunity to get familiar with the operation method of this database; As well as the knowledge about memory forensics, I just learned the forensics master in the Meiya Cup last time, so I also took this opportunity to learn the relevant knowledge of for ...

Struts vulnerability collection Some Strtus2 vulnerabilities are summarized. Although there are few vulnerabilities in this part, it is also a part of learning. The collection is not comprehensive, and will be supplemented later. The vulnerability environment can be built using the online vulfucus or deployed using docker S2-001 (CVE-2007-45 ...

ThinkPHP6.0 deserialization vulnerability preface In learning the master's thinkphp6 Recurrence of deserialization vulnerability in 0. X article I found that the TP version I downloaded was the repaired version. So change the old chain to reach RCE. Before reading this article, let's take a look at the above-mentioned master's article. Repai ...

Deserialization analysis (II) -- CommonCollections1 Chain analysis First, create a TransformedMap, in which the second and third parameters are controllable, which will be used later When TransformedMap executes the put method, it will execute the transformKey and transformValue methods respectively It can be seen that in both methods, there ...

File upload - upload Labs 1. Introduction to file upload vulnerability When uploading files, the server does not strictly filter the files uploaded by the client, causing the attacker to upload any type of files, including various script files (php,asp,aspx,jsp, etc.), causing the attacker to control the server. During the attack, the uploaded ...