Programmer Group

java_ Command execution Runtime class analysis First look at the demo of a command execution, as follows import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; public class RuntimeTest { public static void main(String[] args) throws IOException { Runtime runtime = Runtime.getRuntime(); ...

1, Pre knowledge 1. Basic concepts A class definition starts with the keyword class, followed by the name of the class. The body of a class is contained in a pair of curly braces, which contain the definition of class properties and methods. Class attributes exist in the data segment and class methods exist in the code segment. For a class, cla ...

Vulnerability type SSTI RCE Utilization conditions Scope of influence application Vulnerability overview On September 30, 2021, Steven Seeley, a foreign security researcher, disclosed an SQL injection vulnerability and an RCE vulnerability caused by SSTI in the latest DedeCMS version. Because the utilization conditions of SQL injection vul ...

web29 The source code is: <?php /* # -*- coding: utf-8 -*- # @Author: h1xa # @Date: 2020-09-04 00:12:34 # @Last Modified by: h1xa # @Last Modified time: 2020-09-04 00:26:48 # @email: h1xa@ctfer.com # @link: https://ctfer.com */ error_reporting(0); if(isset($_GET['c'])){ $c = $_GET['c']; if(!preg_match("/flag/i", $c)){ ...

This article is reproduced in https://blog.csdn.net/qq_33942040/article/details/111831536 These three types of vulnerabilities may be greater The uglier the station, the more likely there is a hole. Asp aspx The possibility of vulnerabilities is greater There may be no verification code at the landing port 1, Unauthorized access There ...

0x00 Oracle Foundation Oracle basic usage What is an Oracle database? Oracle is currently one of the largest software providers in the world, alongside Microsoft and Adode. With the development of Oracle, it has become one of the largest software providers of enterprise office platform. Oracle database is the core product of Oracle (Chine ...

Introduction to Webshell What is a WebShell webshell is a command execution environment in the form of web page files such as asp, php, jsp or cgj, which can also be called a web page back door Because Web shell mostly appears in the form of dynamic script, it is also called the back door tool of the website Attackers can use webshell t ...

2021SC@SDUSC 1, Web part source code analysis 1. Brief description The most users contact the OSSIM platform is the Web UI. They can easily obtain various security analysis charts through the web. As ordinary operation and maintenance personnel or monitoring personnel, most operations are completed through the Web UI. The Web UI interface ...

Utilization point base64 + filter protocol bypasses death exit Source code <?php error_reporting(0); class A { protected $store; protected $key; protected $expire; public function __construct($store, $key = 'flysystem', $expire = null) { $this->key = $key; $this->store = $store; $this ...

Vulnerability profile php deserialization vulnerability, also known as php object injection vulnerability. In short, when php is deserialized, the content of the deserialization is under the control of the user, so the malicious user can construct the code of the specific serialized content, carry out the specific deserialization operation ...