Programming VIP

title: file upload learning notes date: 2021-5-22 tags: penetration test, file upload, basic categories: Penetration test File upload Basics File upload learning notes 2021 / 3 / 6 notes What is a sentence In one sentence, Trojan horse "server" (locally stored script Trojan horse file) It is the execution permission we want to u ...

To get more learning materials, join the community and further study, please scan my QR code or add memory2000427 to teach in good faith and take a detour. #File upload bypass There are two kinds: one is based on code restriction and the other is based on firewall. In fact, generally speaking, the two are similar. They both detect the legitima ...

🌕 Write in front 🍊 Blog home page: Scorpio_m7🎉 Welcome to pay attention 🔎 give the thumbs-up 👍 Collection ⭐ Leave a message 📝🌟 This article is written by Scorpio_m7 original, CSDN first!📆 Starting time: 🌹 January 28, 2022 🌹✉️ Persistence and hard work will surely bring poetry and distance!🙏 The author's level is very limited. If y ...

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor will I be responsible for an ...

Gongzong No.: black palm A blogger who focuses on sharing network security, hot spots in the hacker circle and hacker tool technology area! PE file Brief description of PE documents The full name of PE file is Portable Executable, which means Portable Executable file. Common exe, DLL, OCX, SYS and COM are PE files. PE file is a program fil ...

Gongzong No.: black palm A blogger who focuses on sharing network security, hot spots in the hacker circle and hacker tool technology area! Webfinger brief introduction This is a very small tool, written by Python 2, using Fofa's fingerprint library Github address: https://github.com/se55i0n/Webfinger Please refer to the official screensh ...

Last time I wrote an article about SQL injection, someone said that SQL injection is outdated!!! preface: This time, four interesting practical cases are used: Hard - common getshell Fast - fast error injection Quasi - injected under the limit of character length 100 Around – around a university safety dog Although there are only four ...

DC1 Attacker ip: 192.168.1.164 Target ip: 192.168.1.163 Objective: to obtain 5 flag s on the target 1. For intranet penetration, first scan the entire network segment with namp The target machine is 192.168.1.163 2. Continue nmap sniffing port information,. Port 22 / 80 / 111 / 56771 is open 3. Then access port 80 It's a website ...

Vulnerability analysis The environment is built with vulhub. The version is Confluence Server 6.10.2 Widget Connector is a plug-in of Confluence. Compare the plug-ins before and after repair Left Confluence 6.13.0 right 6.13.3 widgetconnector-3.1.0.jar!\com\atlassian\confluence\extra\widgetconnector\WidgetMacro.class You can see that th ...

Information collection_ CDN bypass What is CDN? Why bypass? ​ The full name of CDN is content delivery network. Its purpose is to enable users to get the requested data more quickly. ​ I found a picture on the Internet. Take Tencent as an example. Users want to visit Tencent's official website to rush QB. First, computers want to know whi ...