Programmer Think

preface Recently, I was working on a Web project. At first, I used Spring boot + Spring security, and then found that Spring security was too bloated (maybe I haven't used it yet). Just now, a WeChat official account tweeted me into the Token authentication mode. After understanding it, I thought it was very useful, so I began to change it ...

Environment construction Project address https://github.com/DarthTon/Blackbone Project introduction As Windows developers, they often encounter operations of enumerating processes, enumerating modules, reading and writing process memory; Windows security developers will involve injection, hook, operating PE files and writing drivers. We ...

preface The video version of this article is available at station B: https://www.bilibili.com/video/BV1aq4y1X7oE?p=2 Burp Suite is an integrated penetration testing tool, which integrates a variety of penetration testing components, enabling us to better complete penetration testing and attacks on web applications automatically or manually. I ...

DDoS attack methods Most of the content of this paper draws lessons from the in-depth analysis of DDoS attack and prevention of the king of destruction. Interested students can read this book, which is very helpful to me as an introductory book. DDoS (Distributed Denial of Service), the first denial of service attack, dates back to 1996. Why ...

Project introduction System introduction This project, named sec tools, is a multi-functional Web application penetration test system based on Python Django, including vulnerability detection, directory identification, port scanning, fingerprint identification, domain name detection, side station detection, information leakage detection and o ...

File contains vulnerability Vulnerability description When the server contains arbitrary files through PHP features (functions), because the source of the file to be included is not filtered strictly, it can contain a malicious file, and we can use the included file to construct malicious code for attack. Causes of vulnerabilities ...

1, Tool introduction 1. Introduction Nucleus is a customized rapid vulnerability scanner based on YAML syntax template. It is developed with Go language and has strong configurability, scalability and ease of use. At present, the project has 6.6k stars on Github. Official website: https://nuclei.projectdiscovery.ioNucleoi project addres ...

1, Input / output class (1) PHP realizes search and query function 1. After obtaining the data input by users, the website connects to the database to retrieve the information input by users, and then returns the search results to users, so as to realize the function of search and query. 2. Code example (1) index home page, search box <!DOC ...

1, ajax to achieve a simple file upload (1) Code example <html> <head> <meta charset="utf-8"> <title>ajax</title> </head> <body> <form class="upload" method="post" enctype="multipart/form-data" action=""> <input class="uploadfile" type="file" name="upload" onchange="checkFileExt(th ...

less-1 Judge injection point Add in the url according to the prompt? id=1 - note that all the symbols entered here are in English Of course 2, it's OK. It's just to pass a parameter and output a login result After we know the successful landing page, we should now try his guess about the closing mode of a piece of code (here are "' ...