Programming VIP

[npuctf2020] ezlogin XPath injection learning After entering this question, there is a simple login page. I took the imperial sword and didn't sweep out anything else. I tried a simple sql injection and didn't show any echo. If it exploded, he had a token that was refreshing all the time, so it would be a little troublesome. I shouldn't take t ...

The following picture shows the little sister pointed by the blogger! Hee hee! 1, What is sql injection SQL injection is one of the more common network attacks. It does not use the BUG of the operating system to realize the attack, but for the negligence of programmers when writing, it realizes no account login and even tampers with the ...

Last time I wrote an article about SQL injection, someone said that SQL injection is outdated!!! preface: This time, four interesting practical cases are used: Hard - common getshell Fast - fast error injection Quasi - injected under the limit of character length 100 Around – around a university safety dog Although there are only four ...

Principle of SQL injection vulnerability The principle of SQL injection vulnerability is that developers do not effectively filter and judge the legitimacy of the controllable parameters entered by the attacker in the process of coding and developing web applications, resulting in the attacker taking advantage of the controllable malicious ...

catalogue 1. Principle Secondary injection process 2. Experimental process (1) View initial users table (2) Registered user (3) Modify user password 3. Cause   Specific code 4. Defensive measures 1. Principle Secondary injection can be understood as the injection caused by the malicious data constructed by the attacker being st ...