Programming VIP

Vulnerability analysis The environment is built with vulhub. The version is Confluence Server 6.10.2 Widget Connector is a plug-in of Confluence. Compare the plug-ins before and after repair Left Confluence 6.13.0 right 6.13.3 widgetconnector-3.1.0.jar!\com\atlassian\confluence\extra\widgetconnector\WidgetMacro.class You can see that th ...

Today, I saw the source code of the shooting range uploaded by the file, all of which have flag files Looks like I lost a billion Simply put the source code on the small skin of the virtual machine (because the machine has a mysql environment, it is not willing to delete, but also useful) A new station was established with the help o ...

The leaders in the group have fun. Take out the vegetable chicken, sort it out and study it, and fry some cold rice. It mainly includes the following three parts: jndi injection principle jndi injection and deserialization jndi injection and jdk version jndi injection principle: JNDI (Java name and Dictionary interface), a set of Java EE stan ...

1. Black hat A person who hacks for illegal purposes, usually for economic gain. They enter the secure network to destroy, redeem, modify or steal data, or make the network unavailable to authorized users. The name comes from the fact that villains in old-fashioned black-and-white western films are easy to be recognized by film viewers because ...

Environmental preparation Network topology The network topology is as follows: Configure network card Since the address of the virtual machine has been written to death, problems are likely to occur if it is changed. Therefore, directly create two network cards vm18 and vm19, and specify the following subnet addresses For a web serve ...

00x1 vulnerability environment Apache APIs IX dashboard version 2.7 - 2.10 is affected Build an environment in docker by pulling git git clone https://github.com/apache/apisix-docker   Note that you need to change the yml file to version 2.7     Then use docker to build it     00x2 attack process   After the environment runs, it successfully ...

Huxiang cup 2021 Pastebin recurrence learning 1, Introduction to Service Worker Service Worker can be understood as a proxy server between the client and the server. When a Service Worker is registered in the website, it can intercept the request and judge whether to send the request to the server or directly return it to the client through t ...

CSRF & SSRF] - explanation of vulnerability cases - day29 1, CSRF - Cross Site Request Forgery Attack 1. Explain CSRF vulnerability explanation, principle CSRF(Cross-site request forgery) Cross Site Request Forgery, initiated by the client, is an attack method of hijacking trusted users to send unexpected requests to the server XSS Si ...

CSRF (Cross-site request forgery), Chinese name: Cross-site request forgery, also known as one click attack/session riding, abbreviated as CSRF/XSRF. You can understand CSRF attacks as follows: an attacker steals your identity and sends malicious requests on your behalf. CSRF can do things like send mail on your behalf, send messages, steal yo ...

preface After hitting the peak of geeks, talk about your feelings: it's really becoming more and more delicious?? They didn't sign in and didn't leave. They scored 0 directly, which was worse than when they first started There are two Pwns, one five or six libc + two executable files. They don't bother to decompress them. A malloc direc ...