Java SQL Inject
JDBC SQL Inject
If the JDBC native query is not precompiled but directly spliced with SQL statements, then the filtering is not strict, which will cause SQL injection problems. For example, the following code is a Demo with SQL injection vulnerabilities
Connection conn = DriverManage ...
Posted by sufian on Thu, 27 Jan 2022 02:38:09 +0100
I XSSI vulnerability principle
Homology policy is the most basic and core policy in Web application security model.
The so-called homology means that the domain name, protocol and port are the same.
The same origin policy stipulates that client scripts (ja ...
Posted by 2gd-2be-2rue on Mon, 17 Jan 2022 16:37:30 +0100
Sort out the loopholes circulating about ueeditor.
Recently, UEditor is often encountered when mining SRC in the education industry. As shown in the figure below, it is a website using the PHP version of ueeditor (. pdf file is provided by the website with online preview):
The access path for browsing files i ...
Posted by 3r0ss on Sat, 15 Jan 2022 20:00:19 +0100
1, General test methods#
Steps: 0. General: insert as soon as you see the box 1. Input some simple characters in the input box, such as aaa, to facilitate the subsequent search for the output position 2. Press F12 to open the developer mode, and press ctrl+F to search aaa 3. In most cases, it i ...
Posted by zysac on Mon, 03 Jan 2022 09:10:04 +0100
The previous section talked about the closure of XSS, and some articles will confuse the closure with bypass. In my opinion, closing is the basis for meeting the basic syntax requirements of the browser for script execution; Bypassing is a breakthrough means used when the program is equipped with imperfect security measures. So how should this ...
Posted by FourthChapter on Fri, 31 Dec 2021 16:21:58 +0100
Article catalog1. Understand the harm of web attacks.2. Share three common attacks and corresponding defense methods1. Harm of Web attack.What are the hazards of web attacks?A minor attack may steal users' information from your website. Serious web attacks can delete the database, paralyze the website and so on.2. Types of sharing attacks: sql ...
Posted by andycole on Sun, 21 Nov 2021 22:05:35 +0100
The third pass of red sun range
1, Environment configuration
Open the virtual machine image to the suspended state and take a snapshot at the first time. Some services are not self started and cannot run automatically after restart.
Suspended status, account has been logged in by default, centos In order to get out of the network machine and ...
Posted by phuggett on Thu, 18 Nov 2021 17:17:03 +0100