Programming VIP

summary   this part is the advanced part of sql injection knowledge, and introduces more injection skills. Time injection attack    the scenario of time injection attack is also that the server does not return the information of query statements, which is similar to boolean injection attack. boolean injection guesses the d ...

CVE-2020-1938 Apache Tomcat file contains a duplicate vulnerability 1. Environmental construction 1.1 Vulhub target aircraft construction 1.1.1 environmental installation (1) Install docker $ curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun (2) Install docker compose $ pip install docker-compose #If there is no pip, ...

ysoserialBefore we talk about the reverse sequencing benefit chain, we can't skip a procedural tool, ysoserial.Reverse sequencing is not a new term in all languages, but Gabriel Lawrence (@gebl) and Chris Frohoff (@frohoff) proposed to use Apache Commons Collections to construct the benefit chain of command execution on AppSecCali in 2015. At t ...

1, Causes of Redis unauthorized vulnerability 1.1 basic introduction to redis Redis is an open source (BSD licensed) in memory data structure storage system, which can be used as database, cache and message middleware. It supports many types of data structures, such as strings, hashes, lists, sets, sorted sets and range queries, bitmaps, ...

1. Download and install powercat powercat can be regarded as the powershell version of nc, so it can also connect with nc. powercat can be downloaded from github. The project address is: https://github.com/besimorhino/powercat Download powercat PS1 files can be imported directly Import-Module .\powercat.ps1 If the prompt fails to load th ...

1. The database data is damaged due to misoperation of drop statement. Please write down the recovery idea and actual general steps? #The recovery of all data depends on backup. If there is no backup, it cannot be recovered In case of recovery after misoperation, the incremental recovery method shall be used for recovery. The specific steps ...

To get more learning materials, join the community and further study, please scan my QR code or add memory2000427 to teach in good faith and take a detour. #File upload bypass There are two kinds: one is based on code restriction and the other is based on firewall. In fact, generally speaking, the two are similar. They both detect the legitima ...

preface The HashSet and Hashtable used by both CC6 and CC7 chains of ysoserial deserialization vulnerability exploitation tool are hash table based data storage structures. When it comes to hash table, the HashMap class is the most used hash table storage structure in Java. At the same time, HashMap class is also the underlying implementation ...

Theoretical basis of network based RSTP protocol 1, Introduction of RSTP Although STP protocol can solve the loop problem, the slow convergence of network topology (the state in which the network can communicate) affects the user communication quality, and if the topology in the network changes frequently, the network will also lose connectivit ...

In daily life, biometric technology has been the standard configuration of most smart phones. Most mobile phones have face recognition, fingerprint recognition and other functions. At present, fingerprint recognition technology has been very mature. But what we want to talk about today is not fingerprint identification in biometrics, but browse ...