Java SQL Inject/XSS/SSRF

Java SQL Inject JDBC SQL Inject If the JDBC native query is not precompiled but directly spliced with SQL statements, then the filtering is not strict, which will cause SQL injection problems. For example, the following code is a Demo with SQL injection vulnerabilities Class.forName("com.mysql.cj.jdbc.Driver"); Connection conn = DriverManage ...

Posted by sufian on Thu, 27 Jan 2022 02:38:09 +0100

Ten thousand word summary of XSS's strongest knowledge system vulnerabilities

I XSSI vulnerability principle Homology strategy Homology policy is the most basic and core policy in Web application security model. Now all browsers that support JavaScript will use this strategy. The so-called homology means that the domain name, protocol and port are the same. The same origin policy stipulates that client scripts (ja ...

Posted by 2gd-2be-2rue on Mon, 17 Jan 2022 16:37:30 +0100

Baidu ueeditor vulnerability record

0x00 Preface Sort out the loopholes circulating about ueeditor. "Full demo" Recently, UEditor is often encountered when mining SRC in the education industry. As shown in the figure below, it is a website using the PHP version of ueeditor (. pdf file is provided by the website with online preview): The access path for browsing files i ...

Posted by 3r0ss on Sat, 15 Jan 2022 20:00:19 +0100

Simple WAF summary of XSS

https://www.cnblogs.com/wjrblogs/p/12341190.html 1, General test methods# Steps: 0. General: insert as soon as you see the box 1. Input some simple characters in the input box, such as aaa, to facilitate the subsequent search for the output position 2. Press F12 to open the developer mode, and press ctrl+F to search aaa 3. In most cases, it i ...

Posted by zysac on Mon, 03 Jan 2022 09:10:04 +0100

Basic logic of XSS test bypass

The previous section talked about the closure of XSS, and some articles will confuse the closure with bypass. In my opinion, closing is the basis for meeting the basic syntax requirements of the browser for script execution; Bypassing is a breakthrough means used when the program is equipped with imperfect security measures. So how should this ...

Posted by FourthChapter on Fri, 31 Dec 2021 16:21:58 +0100

Summary of common web security problems (share common 12 attack types and defense measures)

Article catalog1. Understand the harm of web attacks.2. Share three common attacks and corresponding defense methods1. Harm of Web attack.What are the hazards of web attacks?A minor attack may steal users' information from your website. Serious web attacks can delete the database, paralyze the website and so on.2. Types of sharing attacks: sql ...

Posted by andycole on Sun, 21 Nov 2021 22:05:35 +0100

The third pass of red sun range

The third pass of red sun range 1, Environment configuration Open the virtual machine image to the suspended state and take a snapshot at the first time. Some services are not self started and cannot run automatically after restart. Suspended status, account has been logged in by default, centos In order to get out of the network machine and ...

Posted by phuggett on Thu, 18 Nov 2021 17:17:03 +0100