[netding Cup 2018]Fakebook - SSRF / deserialization vulnerability / SQL injection

Solution I Solution II Solution III Test site • directory scanning • SSRF • SQL injection • PHP deserialization When we get the website, we first need to collect information about the website to expand the probability of vulnerability discovery, such as whois, fingerprint identification, scanning the directory of ...

Posted by IndianaRogers on Wed, 29 Sep 2021 15:46:51 -0700

PHP common array functions and examples

1, Some basic operation functions of array about key name and value1. Get all keys or values of the array: array_keys() array_values() $arr_keys = array_keys($array);$arr_values = array_values($arr); 2. Exchange the positions of keys and values in the array. If the previous one is repeated, it will be overwritten by the following one: array_f ...

Posted by Anim9or on Fri, 24 Sep 2021 00:56:15 -0700

PHP deserialization vulnerability & netding cup ctf instance

Vulnerability profile php deserialization vulnerability, also known as php object injection vulnerability. In short, when php is deserialized, the content of the deserialization is under the control of the user, so the malicious user can construct the code of the specific serialized content, carry out the specific deserialization operation ...

Posted by karimali831 on Tue, 21 Sep 2021 20:48:13 -0700

PHP7 enables opcache to create powerful performance

Bird brother said in his blog that the first of several tips to improve PHP 7 performance is to enable opcache: Remember to enable Zend Opcache, because even if PHP7 does not enable Opcache, it is faster than PHP-5.6 with Opcache enabled,   Therefore, during the previous testing period, it happened that someone had not enabled Opcache ...

Posted by bfranco on Mon, 20 Sep 2021 09:23:53 -0700

php process learning

1. What signals are in the Linux operating system 1. Brief introduction of signal Signals are a mechanism for notifying a process when an event occurs, sometimes referred to as software interrupts. A process can send a signal to another process, such as SIGCHLD (signal 17) to the parent process at the end of a child process, to notify the pare ...

Posted by akumakeenta on Mon, 20 Sep 2021 01:23:46 -0700

API interface design

API interface design First of all, the interface cannot run naked, otherwise you will BOOM!!!First of all, the interface cannot run naked, otherwise you will BOOM!!!First of all, the interface cannot run naked, otherwise you will BOOM!!! 1, Then the interface generally faces three security problems Is the requested identity legalIs the requ ...

Posted by rivasivan on Sat, 18 Sep 2021 08:03:26 -0700

php visitor pattern implementation

summary Visitor pattern: represents an operation that acts on elements in an object structure. It allows you to define new operations on elements without changing their classes. This paper takes the motorcycle manufacturer as an example. Due to market competition and long-term development, we hope that the company can have the ability of moto ...

Posted by mmarif4u on Fri, 17 Sep 2021 19:09:52 -0700

Sqli labs customs clearance (less41~less50)

catalogue Less41 Less42 Less43 Less44 Less45 Less46 Less47 Less48 Less49 Less50 Less41 This level is similar to Less40. First find the closure through Boolean blind injection, and then stack and inject recklessly. Find closure: http://192.168.101.16/sqli-labs-master/Less-41/?id=1   There are query results http://192.168.10 ...

Posted by jaikar on Thu, 16 Sep 2021 13:44:57 -0700

Install php7.4, mysql5.7, mongodb and nginx environment under mac

First of all, a digression, the black apple of NUC is really fragrant! The company installed a black apple for the NUC. After using it for a period of time, I felt that the landline at home was tasteless and decided to start a NUC. The integration software MxSrvs used in the company's development environment is also very easy to use. But I ...

Posted by khalidorama on Mon, 13 Sep 2021 21:44:49 -0700

JQuery Plugin ajaxFileUpload Asynchronous Upload File (PHP version)

AjaxFileUpload is a good plugin to find, so use it to upload files asynchronously. There are also many articles on the use of the ajaxFileUpload plugin on the Internet, but I find that there is no PHP version, so this time the server side of the process will be handled in PHP language. 1. Explain the grammar parameters of the ajaxFileUpload pl ...

Posted by elie on Mon, 13 Sep 2021 17:11:59 -0700