Programming VIP

preface: phpMyAdmin is a MySQL database management tool based on PHP and built on the server in Web mode. It enables managers to manage MySQL database through web interface. Because of its simple and easy to operate graphical interface based on Web, it is loved by website managers. When we get the MySQL account and password through other ...

catalogue 1. Principle Secondary injection process 2. Experimental process (1) View initial users table (2) Registered user (3) Modify user password 3. Cause   Specific code 4. Defensive measures 1. Principle Secondary injection can be understood as the injection caused by the malicious data constructed by the attacker being st ...

preface The above analyzes the TemplatesImpl utilization chain, analyzes the fastjson parseObject function, understands the whole process of triggering vulnerabilities, and then comes to learn the JdbcRowSetImpl utilization chain. The utilization chain of JdbcRowSetImpl is widely used in practice. There are basically no restrictions on this cha ...

What is a format character vulnerability The format string function can accept a variable number of parameters, take the first parameter as the format string, and parse the parameters according to it. Generally speaking, the format string function is to convert the data represented in computer memory into a human readable string format. Al ...

AES encryption details Introduction: the full name is advanced encryption standard (English Name: Advanced Encryption Standard), also known as Rijndael encryption method in cryptography, which is sponsored by the National Institute of standards and technology of the United States (NIST) was released in 2001 and became an effective standard in ...

Statement: the series is first official account: Xuan Xuan is safe, please indicate the source of the reprint. The contents of this official account are only used for technical discussions among network fans. All penetration and use of tools need authorization, and no use of illegal channels. Otherwise, the official account and author will not ...

The first "Hecheng Cup" Henan Hebi CTF network security challenge Official account: Th0r security 1 $ tshark -r timu.pcapng http|grep ' GET ' > timu-get $ for i in `seq 1 30`; do a=`grep "),$i,1)" timu-get|tail -1|cut -d= -f3|cut - d- -f1`;b=`printf "%x" $a`;echo -n $b; done 666c61677b77317265736841524b5f657a5f31736e74697 ...

upload.test Pass-01 Delete the check method return checkFile(). If the browser does not allow you to modify the front-end code, use the packet capture tool to modify it Then upload a sentence Pass-02 Back end verification content type Change the typege to image/jpeg Pass-03 php:: D ...

CORS vulnerability detection and utilization Cross origin resource sharing, the full name of CORS, is a new feature of HTML5. It has been supported by all browsers. Unlike the old jsonp, it can only get requests. Detection method: 1.curl visit the website curl https://www.junsec.com -H "Origin: https://test.com" -I Check whether the acces ...

Where there are people, there is competition. The development of Android is accompanied by the development of reverse and secure reinforcement. Reverse workers can accelerate the speed of reverse through some very easy-to-use software, such as IDA, JEB, etc; Application developers will also use various means to prevent reverse workers from reve ...