Summarized by [geek challenge 2019]RCE ME disable_functions bypass

Summarized by [geek challenge 2019]RCE ME disable_functions bypass source code <?php error_reporting(0); if(isset($_GET['code'])){ $code=$_GET['code']; if(strlen($code)>40){ die("This is too Long."); } if(preg_match("/[A-Za-z0-9]+/",$code)){ die("NO."); } @eval($code); }else ...

Added by Ofro04 on Tue, 01 Feb 2022 11:38:04 +0200

Summary of Linux empowerment (sudo, polkit)

Summary of Linux polkit rights raising As soon as I was about to take my annual leave, I received a regulatory vulnerability alert - "pkexec program in Linux Polkit has a privilege escalation vulnerability (vulnerability number: CVE-2021-4034). Pkexec application is a pre installed tool for Linux system, and the vulnerability affects main ...

Added by texmansru47 on Mon, 31 Jan 2022 22:18:08 +0200

Various postures to deal with privacy detection

background Last November, our team announced its dissolution, but due to the problem of privacy supervision, we have to maintain the last version to meet the requirements of privacy supervision. I am mainly responsible for the privacy issues of our team. Looking back on this year, I was really tossed about by various privacy issues, Fortun ...

Added by angryjohnny on Sun, 30 Jan 2022 19:55:01 +0200

File upload bypass summary

To get more learning materials, join the community and further study, please scan my QR code or add memory2000427 to teach in good faith and take a detour. #File upload bypass There are two kinds: one is based on code restriction and the other is based on firewall. In fact, generally speaking, the two are similar. They both detect the legitima ...

Added by simon551 on Sun, 30 Jan 2022 01:45:28 +0200

WEB Security: DNSlog SQL injection

Solemnly declare: This note is only prepared for the purpose of improving safety knowledge and sharing safety knowledge with more people. Do not use the technology in the note for illegal activities. The consequences caused by using the technology in the note have nothing to do with the author himself. We advocate that everyone is responsible f ...

Added by astaroth on Sat, 29 Jan 2022 07:18:40 +0200

Near source penetration test

๐ŸŒ• Write in front ๐ŸŠ Blog home page: Scorpio_m7๐ŸŽ‰ Welcome to pay attention ๐Ÿ”Ž give the thumbs-up ๐Ÿ‘ Collection โญ Leave a message ๐Ÿ“๐ŸŒŸ This article is written by Scorpio_m7 original, CSDN first!๐Ÿ“† Starting time: ๐ŸŒน January 28, 2022 ๐ŸŒนโœ‰๏ธ Persistence and hard work will surely bring poetry and distance!๐Ÿ™ The author's level is very limited. If y ...

Added by walnoot on Sat, 29 Jan 2022 02:34:03 +0200

OpenSSL3.0 learning 3 encryption library provider CSDN creation punch in

๐Ÿ“’ Blog home page: Actor's blog ๐ŸŽ‰ Welcome to pay attention ๐Ÿ”Ž give the thumbs-up ๐Ÿ‘ Collection โญ Leave a message ๐Ÿ“ โค๏ธ Look forward to communicating together! ๐Ÿ™ The author's level is very limited. If you find an error, please let me know. Thank you! ๐ŸŒบ If you have any questions, you can communicate by private letter!!! ๐Ÿฅฆ OpenSSL pro ...

Added by guilhenfsu on Fri, 28 Jan 2022 03:39:52 +0200

Compliance baseline / safety compliance inspection is enough! (unfinished)

xdm! I'm back! Fight the undead cockroach, fight the undead Li Qiang Compliance baseline Host security compliance check This article contains 16 common safety compliance checks! Xiao Li said: Search and replace files Syntax: sed option's / search content / replace content / action 'file Where s: represents search/ Separator (can be cus ...

Added by Xurion on Fri, 28 Jan 2022 01:15:42 +0200

Detailed explanation of actual combat in DC-3 shooting range

Environmental installation The old version of DC-3 was installed several times before, and nmap couldn't scan the machine. Later, I thought about it for a long time and couldn't find the problem. Then I went to the official website and downloaded it again Official website address: https://www.vulnhub.com/entry/dc-32,312/ Both KALI and ...

Added by thebluebus on Wed, 26 Jan 2022 17:31:36 +0200

ssrf vulnerability description

ssrf is a security vulnerability in which an attacker constructs a request and the server initiates the request. Generally, the target of ssrf attack is the internal system that cannot be accessed by the external network Principle of ssrf vulnerability SSRF is mostly formed because the server provides the function of obtaining data from other ...

Added by apsomum on Wed, 26 Jan 2022 06:18:02 +0200