Programmer Think

Java SQL Inject JDBC SQL Inject If the JDBC native query is not precompiled but directly spliced with SQL statements, then the filtering is not strict, which will cause SQL injection problems. For example, the following code is a Demo with SQL injection vulnerabilities Class.forName("com.mysql.cj.jdbc.Driver"); Connection conn = DriverManage ...

I XSSI vulnerability principle Homology strategy Homology policy is the most basic and core policy in Web application security model. Now all browsers that support JavaScript will use this strategy. The so-called homology means that the domain name, protocol and port are the same. The same origin policy stipulates that client scripts (ja ...

0x00 Preface Sort out the loopholes circulating about ueeditor. "Full demo" Recently, UEditor is often encountered when mining SRC in the education industry. As shown in the figure below, it is a website using the PHP version of ueeditor (. pdf file is provided by the website with online preview): The access path for browsing files i ...

https://www.cnblogs.com/wjrblogs/p/12341190.html 1, General test methods# Steps: 0. General: insert as soon as you see the box 1. Input some simple characters in the input box, such as aaa, to facilitate the subsequent search for the output position 2. Press F12 to open the developer mode, and press ctrl+F to search aaa 3. In most cases, it i ...

The previous section talked about the closure of XSS, and some articles will confuse the closure with bypass. In my opinion, closing is the basis for meeting the basic syntax requirements of the browser for script execution; Bypassing is a breakthrough means used when the program is equipped with imperfect security measures. So how should this ...

Article catalog1. Understand the harm of web attacks.2. Share three common attacks and corresponding defense methods1. Harm of Web attack.What are the hazards of web attacks?A minor attack may steal users' information from your website. Serious web attacks can delete the database, paralyze the website and so on.2. Types of sharing attacks: sql ...

The third pass of red sun range 1, Environment configuration Open the virtual machine image to the suspended state and take a snapshot at the first time. Some services are not self started and cannot run automatically after restart. Suspended status, account has been logged in by default, centos In order to get out of the network machine and ...