DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...
Posted by simon622 on Sun, 28 Nov 2021 11:04:39 -0800
In this article, we will learn the URLDNS chain of ysoserial tool. Compared with the CC chain learned earlier, the URLDNS chain is relatively simple.
URLDNS is a utilization chain used by ysoserial tool to detect the existence of Java deserialization vulnerability. Through URLDNS utilization chain, you can initiate a DNS query request, so as ...
Posted by thefortrees on Tue, 23 Nov 2021 19:21:35 -0800
SQL injection concept
Basic concepts of database
Data refers to the symbols that record and identify objective events. It is the physical symbols or a combination of these physical symbols that record the nature, state and relationship of objective things. It is a recognizable and abstract symbol.
See for details Baidu ...
Posted by carleyvibe on Thu, 11 Nov 2021 00:10:37 -0800
Blind injection, as the name suggests, means that the return value can not be seen directly during injection, but we can judge it by other methods: next, I will introduce error echo, time blind injection and Boolean blind injection one by one.
Blind injection is divided into three categories:
reference resources: like 'ro%' # judge whe ...
Posted by noisenet on Sat, 06 Nov 2021 13:54:55 -0700
The path of painful penetration
The CTF was very sour this time. There were 7 WEB penetration topics, which was also the beginning of pain. Good audit, why add so many high thresholds.
Open the complete page, that is, log in to the registration page. Name, age, uplo ...
Posted by ntjang on Wed, 27 Oct 2021 23:06:31 -0700
Passive information collection using Recon ng
Full feature web information search framework, developed based on Python. Note: when reading this article, pay attention to reading the comments in the code at the same time.
1. Enter Recon ng environment
1.1 welcome interface
_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ ...
Posted by deurwaarder on Fri, 08 Oct 2021 18:28:29 -0700
• directory scanning
• SQL injection
• PHP deserialization
When we get the website, we first need to collect information about the website to expand the probability of vulnerability discovery, such as whois, fingerprint identification, scanning the directory of ...
Posted by IndianaRogers on Wed, 29 Sep 2021 15:46:51 -0700
preface This blog post only talks about vulnerability utilization and batch mining. Before contacting src, I had the same question with many masters, that is, how did those masters dig holes in batches? After climbing for two months, I gradually have my own understanding and experience, so I intend to share it and communicate with all masters. ...
Posted by LaWr3nCe on Thu, 23 Sep 2021 05:58:29 -0700