Design of Web security module based on Token
preface
Recently, I was working on a Web project. At first, I used Spring boot + Spring security, and then found that Spring security was too bloated (maybe I haven't used it yet). Just now, a WeChat official account tweeted me into the Token authentication mode. After understanding it, I thought it was very useful, so I began to change it ...
Posted by Phoenixheart on Sun, 16 Jan 2022 17:35:02 +0100
The strongest hacker library Blackbone tutorial
Environment construction
Project address
https://github.com/DarthTon/Blackbone
Project introduction
As Windows developers, they often encounter operations of enumerating processes, enumerating modules, reading and writing process memory; Windows security developers will involve injection, hook, operating PE files and writing drivers. We ...
Posted by cac_azure03 on Fri, 14 Jan 2022 13:13:11 +0100
Burpsuit2021 series environment configuration and crack installation
preface
The video version of this article is available at station B: https://www.bilibili.com/video/BV1aq4y1X7oE?p=2
Burp Suite is an integrated penetration testing tool, which integrates a variety of penetration testing components, enabling us to better complete penetration testing and attacks on web applications automatically or manually. I ...
Posted by SueHubert on Fri, 14 Jan 2022 03:20:25 +0100
DDoS attack methods
DDoS attack methods
Most of the content of this paper draws lessons from the in-depth analysis of DDoS attack and prevention of the king of destruction. Interested students can read this book, which is very helpful to me as an introductory book.
DDoS (Distributed Denial of Service), the first denial of service attack, dates back to 1996. Why ...
Posted by seanrock on Thu, 13 Jan 2022 16:14:28 +0100
Design of multifunctional Web security penetration testing tool based on Python Django
Project introduction
System introduction
This project, named sec tools, is a multi-functional Web application penetration test system based on Python Django, including vulnerability detection, directory identification, port scanning, fingerprint identification, domain name detection, side station detection, information leakage detection and o ...
Posted by Keith Scott on Wed, 12 Jan 2022 04:29:55 +0100
WEB security file contains vulnerability ---------
File contains vulnerability
Vulnerability description
When the server contains arbitrary files through PHP features (functions), because the source of the file to be included is not filtered strictly, it can contain a malicious file, and we can use the included file to construct malicious code for attack.
Causes of vulnerabilities
...
Posted by Jackomo0815 on Tue, 11 Jan 2022 10:58:10 +0100
Nucleus -- a fast vulnerability scanning tool based on YAML syntax template
1, Tool introduction
1. Introduction
Nucleus is a customized rapid vulnerability scanner based on YAML syntax template. It is developed with Go language and has strong configurability, scalability and ease of use.
At present, the project has 6.6k stars on Github.
Official website: https://nuclei.projectdiscovery.ioNucleoi project addres ...
Posted by leeperryar on Sun, 09 Jan 2022 10:31:51 +0100
Xiaodi security Web security PHP development - day 14 - personal blog project & input / output class & message board & access IP&UA header
1, Input / output class
(1) PHP realizes search and query function
1. After obtaining the data input by users, the website connects to the database to retrieve the information input by users, and then returns the search results to users, so as to realize the function of search and query.
2. Code example
(1) index home page, search box
<!DOC ...
Posted by Joshua4550 on Thu, 06 Jan 2022 01:36:44 +0100
Xiaodi security Web security day 16 - PHP development - personal blog project & JS Ajax & front end logic & Shopping & login & upload
1, ajax to achieve a simple file upload
(1) Code example
<html>
<head>
<meta charset="utf-8">
<title>ajax</title>
</head>
<body>
<form class="upload" method="post" enctype="multipart/form-data" action="">
<input class="uploadfile" type="file" name="upload" onchange="checkFileExt(th ...
Posted by pbarney on Wed, 05 Jan 2022 23:14:59 +0100
SQL injection vulnerability shooting range - sqli labs learning
less-1
Judge injection point
Add in the url according to the prompt? id=1 - note that all the symbols entered here are in English
Of course 2, it's OK. It's just to pass a parameter and output a login result
After we know the successful landing page, we should now try his guess about the closing mode of a piece of code (here are "' ...
Posted by Online Connect on Tue, 04 Jan 2022 02:25:33 +0100