Programming VIP

CTFSHOW blasting [21-28] Web21 You can see that the selected text - > decoded from is decoded by Base64 The format of account password is [username]:[password] So we can use the custom payload in the introder module position 1: admin position 2: (:) is a colon and does not need parentheses (easy to see) position 3: you can use the ...

What DS_Store .DS_Store is a hidden file for Mac OS to save custom properties of folders, such as the icon position or background color of the file, which is equivalent to desktop.ini of Windows. The side effect of deletion is the loss of this information. When exchanging files with others (or when your web page needs to be uploaded), you s ...

A previous article introduced it in detail Principle of php deserialization No more here Do some practice in this shooting range     0x01 source code audit   At present, my understanding is that mining deserialization requires knowing the details of the classes, objects and parameters of the interface, And the magic method. The call here is re ...

1: Normal construction mode: 1. No filter, write directly:<script>alert(1)</script> 2. Normal truncation: "> <script>alert(1)</script> '> <script>alert(1)</script> 3. No < > angle brackets " onmouseover=alert(1) Space ' onmouseover=alert(1) Space ' onclick=alert(1) Space " onfocus=alert(1) ...

Xiaodi v17 Encryption and decryption sqlilabs-page2-less21 You can see that the cookie has been base64 processed Use error injection ')union select 1,count(*),concat((select table_name from information_schema.tables where table_schema=database() limit 0,1),floor(rand()*2))x from information_schema.tables group by x# base64 encryption ...

What is AMSI Antimalware Scan Interface(AMSI) is an anti malware scanning interface. Microsoft described his purpose: The Windows antimalware scanning interface (AMSI) is a common interface standard that allows your applications and services to integrate with any antimalware products that exist on your machine. AMSI provides enhanced malw ...

Ethereum supports RPC mode. When this mode is enabled, the Ethereum account can automatically complete some operations, such as automatic transfer to the wallet after digging out coins in the mine pool. Attackers mainly use RPC open ports, so they can protect themselves by limiting RPC ports. 1, The following main attack methods are analyz ...

Principle analysis of deserialization vulnerability Start with serialization and deserialization What are serialization and deserialization? In short, serialization is the process of converting an object into a byte sequence (that is, a form that can be stored or transmitted), while deserialization is its inverse operation, that is, the pro ...

preface WebLogic is an application server produced by American Oracle company, specifically a middleware based on JAVAEE architecture. Java application server is mainly used to develop, integrate, deploy and manage large-scale distributed Web applications, network applications and database applications. In recent years, many RCE vulnerabilitie ...

injection 1. Determine injection type 1 and 1=1 Normal output 1 and 1=2 No output (Digital injection)      2. Number of guess fields 1 order by 2 Page echo normal 1 order by 3 Page no echo The number of fields is 2 3. View display bit -1 union select 1,2 The display bit is Data 4. View data ...