Programming VIP

0x00 introduction to pan micro OA Founded in 2001 and headquartered in Shanghai, fanwei focuses on the field of collaborative management OA software, and is committed to taking collaborative OA as the core to help enterprises build a new mobile office platform. 0x01 vulnerability description SQL injection vulnerability exists in Pan ...

1, Brief description Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...

Front end security Professional NOUNexplainpayloadAttack codeEXPComplete vulnerability exploitation toolsPOCViewpoint verification procedure. Running this program can get the expected resultsGPCGET POST COOKIE 1. Cross site scripting attack Cross site scripting (XSS) refers to a client-side code injection attack in which an attacker executes ...

1. wordpress plug-in vulnerability The security of wordpress itself is relatively perfect. Usually, most of the vulnerabilities in security audit come from the third-party plug-ins installed by wordpress. wordpress does not guarantee the security of these plug-ins, because the third-party plug-ins are written by other developers, and the secur ...

THE PLANETS:EARTH prepare Attacker: kali Target: the planes: Earth NAT 192.168.91.0 network segment Download connection [https://www.vulnhub.com/entry/the-planets-earth,755/] Information collection and utilization Host discovery https://github.com/czheisenberg/MyCode/blob/master/Scan/scapy/ping.py As shown in the figure, use python s ...

1, Causes of Redis unauthorized vulnerability 1.1 basic introduction to redis Redis is an open source (BSD licensed) in memory data structure storage system, which can be used as database, cache and message middleware. It supports many types of data structures, such as strings, hashes, lists, sets, sorted sets and range queries, bitmaps, ...

Last time I wrote an article about SQL injection, someone said that SQL injection is outdated!!! preface: This time, four interesting practical cases are used: Hard - common getshell Fast - fast error injection Quasi - injected under the limit of character length 100 Around – around a university safety dog Although there are only four ...

Vulnerability analysis The environment is built with vulhub. The version is Confluence Server 6.10.2 Widget Connector is a plug-in of Confluence. Compare the plug-ins before and after repair Left Confluence 6.13.0 right 6.13.3 widgetconnector-3.1.0.jar!\com\atlassian\confluence\extra\widgetconnector\WidgetMacro.class You can see that th ...

Click hijack The summary of this article is very clear and easy to understand (manual funny) https://blog.csdn.net/weixin_50464560/article/details/119562912 Self-XSS For the sake of user experience, some websites have such a function, that is, when users fail to submit information and need to return to fill in, they will help you autom ...

upload.test Pass-01 Delete the check method return checkFile(). If the browser does not allow you to modify the front-end code, use the packet capture tool to modify it Then upload a sentence Pass-02 Back end verification content type Change the typege to image/jpeg Pass-03 php:: D ...