Page 43-Safety Programming Tutorials: Learn Safety Online-php.cn

current location：Home > Technical Articles > Operation and Maintenance > Safety

Direction：: All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial

Classify：: phpstudy Windows Operation and Maintenance Mac OS Linux Operation and Maintenance Apache Nginx CentOS Docker Safety LVS vagrant debian zabbix kubernetes ssh fabric

Popular

New

Analysis of smali complex class examples in Android reverse engineering

1. If you don’t understand anything about complex Java classes, please see: JAVA General Outline or Construction Method and post the code here. It is very simple and not difficult. 2. Smali code We need to convert java code to smali code. You can refer to java to smali. We will look at it in modules. 2.1 The first module - information module. This module is basic information, describing the class name, etc. Just knowing it is not very helpful for analysis. 2.2 The second module - the construction method. Let's analyze it sentence by sentence. If there are repeated parts in the previous analysis, we will not repeat them. But a link will be provided. The sentence .methodpublicconstructor(Ljava/lang/String;I)V is divided into .m

Safety 1686 2023-05-12 16:22:13
EVE-NG Mirror Example Analysis

1. Download and decompress the compressed package ikuai-8.rar 2. Upload to the /opt/unetlab/addons/qemu directory 3. Log in to EVE via SSH and execute the script root@eve-ng:~#cd/opt/unetlab/addons /qemu/ikuai-8root@eve-ng:/opt/unetlab/addons/qemu/ikuai-8#sourceikuai.shGreat!!!"iKuaiDevice"importsuccessfully!!!root@eve-ng:/opt/unetl

Safety 1483 2023-05-12 15:40:06
How to use the network security audit tool Nmap

1. Software download https://nmap.org/download.html 2. Scan IPnmap192.168.1.10#Scan single IPnmap192.168.1.10-100#Scan IP segment nmap192.168.1.10192.168.1.11#Scan single multiple IPnmap192 .168.1.1/24#Scan the entire network segment nmap-iLlist.txt#Scan according to the file list#list.txt192.168.1.20192.168.1.21nmap-iR3#Randomly scan 3 IPsnmap192.168.1.10-100--ex

Safety 1186 2023-05-12 15:34:16
What are the fixes for PrestaShop website vulnerabilities?

There are more and more loopholes in the PrestaShop website. The website system is an open source system used by many foreign trade websites. From the previous initial version 1.0 to the current version 1.7, it has gone through many upgrades, and more and more people are using the system. There are many domestic foreign trade companies using this system. PrestaShop has high scalability, many templates, free switching of multiple currencies, and supports credit card and Paypal payment. It is the first choice for foreign trade websites. Just in the past few days, it was revealed that PrestaShop has a remote code injection vulnerability. This vulnerability has a relatively small scope of impact and is relatively harmful. It can upload a webshell to the root directory of the website. On November 7, 2018, PrestaShop officially released the latest

Safety 1713 2023-05-12 15:07:06
How to analyze UDP protocol

1. Socket: socket: ip address + port number. In the TCP/IP protocol, it uniquely identifies a process in network communication. Sockets are used to describe a one-to-one relationship between network connections. The TCP/IP protocol stipulates that network data flow should use big-endian byte order, that is, (memory) low address high byte (data). 2. UDP_SOCKET related UDP protocol----User Datagram Protocol (non-connection oriented)---SOCK_DGRAMh represents host, n represents network, l represents 32-bit long integer, and s represents 16-bit short integer. The IPv4 address format is defined in netinet/in.h, IPv4 address: sockadd

Safety 1440 2023-05-12 14:49:12
How to analyze data link protocols HDLC and PPP

1. Commonly used data link protocols (HDLC, PPP) (1) The idea of analyzing the protocol Step 1: Understand the overview of the protocol, know the purpose and basic characteristics of this protocol design Step 2: Use the protocol data unit (for the data link layer The format of the frame) is the main clue to study the specific implementation of the protocol. Step 3: How does the protocol solve practical problems? (2) HDLC protocol (Advanced Data Link Control Protocol) (bit-oriented protocol) HDLC protocol is a bit-oriented protocol, which mainly solves data link layer link management, addressing, frame synchronization, error control, and flow control , which has two characteristics: equilibrium system and non-equilibrium system. 1. Composition of HDLC: frame structure (syntax) procedure elements (syntax) rule type (semantics) usage

Safety 2610 2023-05-12 14:43:11
Example analysis of webshell uploaded traceability events

First of all, I understand that what I have to do is not to find where the uploaded location appears. I should log on to the server to perform webshel inspection and inspection to see if it has been invaded by others, whether there is a backdoor, etc. etc. Although the IP address reported is our company's IP address, if a few webshells are missed and uploaded successfully by others but not detected, what can we do if the server is invaded? So I went up to inspect the server, uploaded this webshell killing tool for killing, used netstat-anpt and iptables-L to determine whether there was a backdoor established, checked whether there was a mining program occupying the CPU, etc., I will not go into details here. . Fortunately, the server was not compromised, and then

Safety 1095 2023-05-12 14:43:06
An example analysis of mssql injection + whitelist upload to bypass 360

Information collection: The site is built using vue+aspx+iis8.5. The site login box has a version number and the word siteserver exists in the URL column, so it is suspected that it was built by cms, but I have not seen the cms. Using Google search, I found that the site was built with siteserver cms, the version is the latest, and the vulnerability provided on the Internet is This cannot be used. I tried injection + weak password + verification code bypass + unauthorized and other methods in the login box to no avail. Since I have a test account, I simply log in to the site directly for testing. The picture is the login picture I found online. The red box was the version number instead of the cms prompt. Functional test: After entering the background, I briefly browsed the functions, mostly for page management.

Safety 1708 2023-05-12 14:37:21
How to solve the vulnerability caused by misuse of html entities function

The question code is as follows: Vulnerability analysis: According to the meaning of the question, what is being investigated here should be an XSS vulnerability, and the vulnerability trigger point should be at lines 13-14 in the code. The function of these two lines of code is to directly output an html tag. In lines 3-5 of the code, the foreach loop processes the parameters passed in by $_GET, but there is a problem here. Let's take a look at the fourth line of code. This line of code performs type conversion on $value and forces it to be of type int. However, this part of the code only processes the $value variable and does not process the $key variable. After the code processing in lines 3-5, it is divided according to the & symbol, and then spliced into the echo statement in line 13. In the output

Safety 1504 2023-05-12 14:13:42
How to configure IPsec instructions

Experimental configuration steps: Phase 1: iaskmpSA (the objects to be protected by IKESA are related to keys) IKE does not directly care about user data, and IKESA is used for security negotiation IPSecSA services 1. Shared key or digital certificate IKE adopts Using the Diffie-Hellman algorithm, the key is calculated through the peer. Group1 The key length is 768 bits. Group2 The key length is 1024 bits. Group5 The key length is 1536 bits. The value of the key used for data encryption is calculated by the algorithm. It cannot be defined and modified by the administrator. 2. Verify neighbors (establish neighbors). Second phase: IPsecSA (the user’s data traffic is actually in

Safety 3420 2023-05-12 14:13:13
What is the overall architecture of MaxCompute access control?

Basic terminology project: project space, the basic unit that MaxCompute provides users with self-service management. Access control: Check whether a request is trustworthy and legal. ACL: Access control list, an expression of authorization. Policy: A rule-based authorization expression. Role: A collection of permissions used to implement role-based permission management. LabelSecurity: Label-based access control, used to implement column-level permission management. ProjectProtection: Project space protection, used to enable data flow access control. TruestedProject: Trusted project space, used for project space data flow access control authorization. Exceed

Safety 1453 2023-05-12 13:22:06
What does VLAN frame format refer to?

Type/TPID: When the value is 0x8100, it represents an 802.1QTag frame; this field is also called "TPID (TagProtocolIdentifier, tag protocol identifier)" PRI: represents the priority of the frame, the value range is 0~7, the larger the value, the priority The higher the CFI: CanonicalFormatIndicator classic format indicator, indicating whether the MAC address is in the classic format. A CFI of 0 indicates a standard format, a CFI of 1 indicates a non-standard format, and the CFI value of Ethernet is 0. VID: Configurable VLANID value range It is 1 to 4094. 0 and 4095 are reserved VLANIDs specified in the protocol.

Safety 2255 2023-05-12 12:52:22
What is the sqlmap _dns injection configuration method?

There are too few related articles on dns injection for sqlmap on the Internet. They only briefly introduce the --dns-domain parameter. The relevant practical articles are either vague or mentioned in one stroke, which is confusing (mainly dishonest, the key is not yet Big boss). Then I did it again by referring to the methods on the Internet. Things that need to be prepared include one sqlmap, windows blind injection, two domain names, and an external network server. One time when I was doing something, I came across a time blind injection. It happened to be a Windows machine, and I remembered the method of dns injection. Before starting, I plan to use the --sql-shell command of sqlmap to test the dns injection payload. First, go to burpsuite.

Safety 1463 2023-05-12 12:25:06
How to implement analysis of sqlmap time-based inject

1. Preface How to detect SQL injection? My answer is: When Party A is doing security, SQL injection detection is relatively easy to do. 1) Error injection detection. 2) Don’t inject bool error reports as false positives are relatively high. 3) Do time-based time injection, contact operation and maintenance to do slow log db recording, monitor sleep, and benchmark keyword monitoring. You can add the ID number of the scanning task to the decimal point of the sleep time to facilitate positioning. (p.s. This method can find 99% of SQL injections) Therefore, when doing time-based time injection, I limit the time error very harshly. However, @chengable is doing security-related work in Party B, based on t

Safety 872 2023-05-12 12:10:06
Analysis of unsafe decompression GetShell instances discovered through traceability

Recently, when we helped a client trace an intrusion incident, we discovered that the hacker used the website's "ZIP decompression function" to upload a Webshell before gaining access to the server. Because this leakage exploitation method is relatively representative in terms of "attack payload structure" and "actual decompression path", and the industry still does not pay enough attention to the "unsafe decompression" vulnerability. Therefore, we wrote this report, in which we explain the process of intrusion tracing and vulnerability discovery, and put forward some security suggestions from the two dimensions of security development and security dog product protection solutions, hoping to benefit the industry. It is worth noting that although the CMS has made relevant defense configurations, if you directly write the JSP file in the root directory of the CMS, it will not be executed and a 403 error will be reported.

Safety 1085 2023-05-12 11:19:11

...

Top ten trading apps in Hong Kong currency circle Top ten digital currency apps in Hong Kong trading platform

Ranking of the top ten safe virtual currency app trading software. The latest list of the top ten virtual currency APP trading platforms.

7 2025-01-16
What are the safe and easy-to-use exchange platforms? Ranking of the top ten digital currency exchange platforms

10 2025-01-17
Top 10 easy-to-use and safe digital currency exchanges in 2025

5 2025-01-16
How to buy and sell Bitcoin? Bitcoin Trading Tutorial

3 2024-03-02
Which platforms can buy and sell Bitcoin in China? Top ten domestic Bitcoin trading software apps

5 2024-02-06
In-depth analysis of what currency USDT belongs to

1 2024-01-30
How much is one Bitcoin worth in RMB?

3 2024-02-18
Reasons for Bitcoin's plunge

5 2024-04-18
Ranking of the top ten crypto-to-crypto trading apps. List of the top ten crypto-to-crypto exchanges.

4 2024-03-13

Course Classification

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.

form button

2024-02-29

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.

Player special effects

2024-02-29

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.

Menu navigation

2024-02-29

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.

form button

2024-02-29

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5

Bootstrap template

2023-02-03

Bootstrap3 multifunctional data information background management responsive web page template-Novus

backend template

2023-02-02

Real estate resource service platform web page template Bootstrap5

Bootstrap template

2023-02-02

Simple resume information web template Bootstrap4

Bootstrap template

2023-02-02

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.

PNG material

2024-05-09

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.

PNG material

2024-02-29

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.

banner picture

2024-02-29

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.

PNG material

2024-02-27

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-05-09

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-29

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-28

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-28

Recommended Articles

Course Classification

Tool Recommendations