[netding Cup 2018]Fakebook - SSRF / deserialization vulnerability / SQL injection
Solution I
Solution II
Solution III
Test site
• directory scanning
• SSRF
• SQL injection
• PHP deserialization
When we get the website, we first need to collect information about the website to expand the probability of vulnerability discovery, such as whois, fingerprint identification, scanning the directory of ...
Posted by IndianaRogers on Wed, 29 Sep 2021 15:46:51 -0700
PHP common array functions and examples
1, Some basic operation functions of array about key name and value1. Get all keys or values of the array: array_keys() array_values()
$arr_keys = array_keys($array);$arr_values = array_values($arr);
2. Exchange the positions of keys and values in the array. If the previous one is repeated, it will be overwritten by the following one: array_f ...
Posted by Anim9or on Fri, 24 Sep 2021 00:56:15 -0700
PHP deserialization vulnerability & netding cup ctf instance
Vulnerability profile
php deserialization vulnerability, also known as php object injection vulnerability.
In short, when php is deserialized, the content of the deserialization is under the control of the user, so the malicious user can construct the code of the specific serialized content, carry out the specific deserialization operation ...
Posted by karimali831 on Tue, 21 Sep 2021 20:48:13 -0700
PHP7 enables opcache to create powerful performance
Bird brother said in his blog that the first of several tips to improve PHP 7 performance is to enable opcache:
Remember to enable Zend Opcache, because even if PHP7 does not enable Opcache, it is faster than PHP-5.6 with Opcache enabled, Therefore, during the previous testing period, it happened that someone had not enabled Opcache ...
Posted by bfranco on Mon, 20 Sep 2021 09:23:53 -0700
php process learning
1. What signals are in the Linux operating system 1. Brief introduction of signal
Signals are a mechanism for notifying a process when an event occurs, sometimes referred to as software interrupts. A process can send a signal to another process, such as SIGCHLD (signal 17) to the parent process at the end of a child process, to notify the pare ...
Posted by akumakeenta on Mon, 20 Sep 2021 01:23:46 -0700
API interface design
API interface design
First of all, the interface cannot run naked, otherwise you will BOOM!!!First of all, the interface cannot run naked, otherwise you will BOOM!!!First of all, the interface cannot run naked, otherwise you will BOOM!!!
1, Then the interface generally faces three security problems
Is the requested identity legalIs the requ ...
Posted by rivasivan on Sat, 18 Sep 2021 08:03:26 -0700
php visitor pattern implementation
summary
Visitor pattern: represents an operation that acts on elements in an object structure. It allows you to define new operations on elements without changing their classes.
This paper takes the motorcycle manufacturer as an example. Due to market competition and long-term development, we hope that the company can have the ability of moto ...
Posted by mmarif4u on Fri, 17 Sep 2021 19:09:52 -0700
Sqli labs customs clearance (less41~less50)
catalogue
Less41
Less42
Less43
Less44
Less45
Less46
Less47
Less48
Less49
Less50
Less41
This level is similar to Less40. First find the closure through Boolean blind injection, and then stack and inject recklessly.
Find closure:
http://192.168.101.16/sqli-labs-master/Less-41/?id=1 There are query results
http://192.168.10 ...
Posted by jaikar on Thu, 16 Sep 2021 13:44:57 -0700
Install php7.4, mysql5.7, mongodb and nginx environment under mac
First of all, a digression, the black apple of NUC is really fragrant!
The company installed a black apple for the NUC. After using it for a period of time, I felt that the landline at home was tasteless and decided to start a NUC. The integration software MxSrvs used in the company's development environment is also very easy to use. But I ...
Posted by khalidorama on Mon, 13 Sep 2021 21:44:49 -0700
JQuery Plugin ajaxFileUpload Asynchronous Upload File (PHP version)
AjaxFileUpload is a good plugin to find, so use it to upload files asynchronously. There are also many articles on the use of the ajaxFileUpload plugin on the Internet, but I find that there is no PHP version, so this time the server side of the process will be handled in PHP language.
1. Explain the grammar parameters of the ajaxFileUpload pl ...
Posted by elie on Mon, 13 Sep 2021 17:11:59 -0700