Community
Learn
Tools Library
AI Tools
Leisure
search
English

current location:Home > Technical Articles > Operation and Maintenance > Safety

Direction:
All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial
Classify:
Popular
New
  • How to solve the vulnerability caused by misuse of html entities function
    How to solve the vulnerability caused by misuse of html entities function
    The question code is as follows: Vulnerability analysis: According to the meaning of the question, what is being investigated here should be an XSS vulnerability, and the vulnerability trigger point should be at lines 13-14 in the code. The function of these two lines of code is to directly output an html tag. In lines 3-5 of the code, the foreach loop processes the parameters passed in by $_GET, but there is a problem here. Let's take a look at the fourth line of code. This line of code performs type conversion on $value and forces it to be of type int. However, this part of the code only processes the $value variable and does not process the $key variable. After the code processing in lines 3-5, it is divided according to the & symbol, and then spliced ​​into the echo statement in line 13. In the output
    Safety 1709 2023-05-12 14:13:42
  • How to configure IPsec instructions
    How to configure IPsec instructions
    Experimental configuration steps: Phase 1: iaskmpSA (the objects to be protected by IKESA are related to keys) IKE does not directly care about user data, and IKESA is used for security negotiation IPSecSA services 1. Shared key or digital certificate IKE adopts Using the Diffie-Hellman algorithm, the key is calculated through the peer. Group1 The key length is 768 bits. Group2 The key length is 1024 bits. Group5 The key length is 1536 bits. The value of the key used for data encryption is calculated by the algorithm. It cannot be defined and modified by the administrator. 2. Verify neighbors (establish neighbors). Second phase: IPsecSA (the user’s data traffic is actually in
    Safety 3474 2023-05-12 14:13:13
  • What is the overall architecture of MaxCompute access control?
    What is the overall architecture of MaxCompute access control?
    Basic terminology project: project space, the basic unit that MaxCompute provides users with self-service management. Access control: Check whether a request is trustworthy and legal. ACL: Access control list, an expression of authorization. Policy: A rule-based authorization expression. Role: A collection of permissions used to implement role-based permission management. LabelSecurity: Label-based access control, used to implement column-level permission management. ProjectProtection: Project space protection, used to enable data flow access control. TruestedProject: Trusted project space, used for project space data flow access control authorization. Exceed
    Safety 1544 2023-05-12 13:22:06
  • What does VLAN frame format refer to?
    What does VLAN frame format refer to?
    Type/TPID: When the value is 0x8100, it represents an 802.1QTag frame; this field is also called "TPID (TagProtocolIdentifier, tag protocol identifier)" PRI: represents the priority of the frame, the value range is 0~7, the larger the value, the priority The higher the CFI: CanonicalFormatIndicator classic format indicator, indicating whether the MAC address is in the classic format. A CFI of 0 indicates a standard format, a CFI of 1 indicates a non-standard format, and the CFI value of Ethernet is 0. VID: Configurable VLANID value range It is 1 to 4094. 0 and 4095 are reserved VLANIDs specified in the protocol.
    Safety 2334 2023-05-12 12:52:22
  • What is the sqlmap _dns injection configuration method?
    What is the sqlmap _dns injection configuration method?
    There are too few related articles on dns injection for sqlmap on the Internet. They only briefly introduce the --dns-domain parameter. The relevant practical articles are either vague or mentioned in one stroke, which is confusing (mainly dishonest, the key is not yet Big boss). Then I did it again by referring to the methods on the Internet. Things that need to be prepared include one sqlmap, windows blind injection, two domain names, and an external network server. One time when I was doing something, I came across a time blind injection. It happened to be a Windows machine, and I remembered the method of dns injection. Before starting, I plan to use the --sql-shell command of sqlmap to test the dns injection payload. First, go to burpsuite.
    Safety 1510 2023-05-12 12:25:06
  • How to implement analysis of sqlmap time-based inject
    How to implement analysis of sqlmap time-based inject
    1. Preface How to detect SQL injection? My answer is: When Party A is doing security, SQL injection detection is relatively easy to do. 1) Error injection detection. 2) Don’t inject bool error reports as false positives are relatively high. 3) Do time-based time injection, contact operation and maintenance to do slow log db recording, monitor sleep, and benchmark keyword monitoring. You can add the ID number of the scanning task to the decimal point of the sleep time to facilitate positioning. (p.s. This method can find 99% of SQL injections) Therefore, when doing time-based time injection, I limit the time error very harshly. However, @chengable is doing security-related work in Party B, based on t
    Safety 933 2023-05-12 12:10:06
  • Analysis of unsafe decompression GetShell instances discovered through traceability
    Analysis of unsafe decompression GetShell instances discovered through traceability
    Recently, when we helped a client trace an intrusion incident, we discovered that the hacker used the website's "ZIP decompression function" to upload a Webshell before gaining access to the server. Because this leakage exploitation method is relatively representative in terms of "attack payload structure" and "actual decompression path", and the industry still does not pay enough attention to the "unsafe decompression" vulnerability. Therefore, we wrote this report, in which we explain the process of intrusion tracing and vulnerability discovery, and put forward some security suggestions from the two dimensions of security development and security dog ​​product protection solutions, hoping to benefit the industry. It is worth noting that although the CMS has made relevant defense configurations, if you directly write the JSP file in the root directory of the CMS, it will not be executed and a 403 error will be reported.
    Safety 1135 2023-05-12 11:19:11
  • How to configure Apache
    How to configure Apache
    Apache's configuration is configured by the httpd.conf file, so the following configuration instructions are modified in the httpd.conf file. Main site configuration (basic configuration) (1) Basic configuration: ServerRoot "/mnt/software/apache2" #The location where your apache software is installed. If no absolute path is specified for other specified directories, the directories are relative to this directory. PidFilelogs/httpd.pid#The process number file location of the first httpd process (the parent process of all other processes). Listen80#The port number that the server listens to. ServerNamewww.cl
    Safety 1018 2023-05-12 11:13:19
  • What is the basic topology used by Ethernet?
    What is the basic topology used by Ethernet?
    The topology of Ethernet is "bus type"; the topology used by Ethernet is basically bus type. The bus topology uses a single cable trunk as a public transmission medium, and all computers in the network are directly connected to each other through corresponding hardware interfaces and cables. Shared bus; the bus topology needs to ensure that there are no conflicts when data is eventually sent. What is the topology of Ethernet? The topology of Ethernet is "bus type". The topology used by Ethernet is basically a bus type. The bus topology uses a single cable trunk as a public transmission medium, and all computers in the network are directly connected to the shared bus through corresponding hardware interfaces and cables; the bus topology needs to ensure that when data is finally sent There is no conflict. Ethernet is the most common type of computer network in the real world. There are two types of Ethernet:
    Safety 2413 2023-05-12 10:52:12
  • How to compare crawlergo, rad, burpsuite and awvs crawlers
    How to compare crawlergo, rad, burpsuite and awvs crawlers
    Preface I have been writing code recently, which involves web crawling links. I came across this article on Baidu: superSpider. Suddenly I was curious about the capabilities of common crawler tools and crawler modules in scanners, so I came to test it. The main test is a blind crawler handwritten by myself, as well as crawlergo, rad, burpsuiteprov202012, and awvs2019. The handwritten benchmark crawler only grabs the href under the a tag and the src under the script tag; fromurllib.parseimporturlparse, urljoinfrombs4importBeautifulSoupimpor
    Safety 1583 2023-05-12 10:49:13
  • How to use exp for SQL error injection
    How to use exp for SQL error injection
    0x01 Preface Overview The editor discovered another Double data overflow in MySQL. When we get the functions in MySQL, the editor is more interested in the mathematical functions. They should also contain some data types to save values. So the editor ran to test to see which functions would cause overflow errors. Then the editor discovered that when a value greater than 709 is passed, the function exp() will cause an overflow error. mysql>selectexp(709);+-----------------------+|exp(709)|+---------- ------------+|8.218407461554972
    Safety 1904 2023-05-12 10:16:12
  • What does it mean when dhcp is not enabled?
    What does it mean when dhcp is not enabled?
    Not enabling dhcp means that the computer has not been set to automatically obtain an IP address, causing Internet access errors. The solution is: 1. Press the key combination "win+r" to open the run window, enter "services.msc" and press Enter; 2. After bringing up the service window, find the "DHCPClient" service and double-click it to open it; 3. After opening the dhcp service, change its activation type to automatic and the service status to started, and then press OK to save the settings. What does it mean if dhcp is not enabled? This means that the computer is not set to automatically obtain an IP address, causing Internet access errors. DHCP (Dynamic Host Configuration Protocol) is a network protocol for local area networks. It refers to a range of IP addresses controlled by the server, which can be accessed when the client logs in to the server.
    Safety 6631 2023-05-12 10:16:05
  • How to analyze and bypass reCAPTCHA verification during Tumblr user registration process
    How to analyze and bypass reCAPTCHA verification during Tumblr user registration process
    Hello everyone, the writeup shared below was discovered by the author during the Tumblr user registration process, and Tumblr's "human-machine authentication" mechanism (reCAPTCHA) is flawed and can be easily bypassed. The security risk caused by this bypass is that malicious attackers can create a large number of fake social accounts and enumerate usernames and emails for the accounts, which indirectly leads to abnormal traffic in the Tumblr website application and even leaks of user information. I share my understanding and experience of vulnerability testing. On June 16 last year, during the hackathon competition held by HackerOne in London, the bounty paid for discovering vulnerabilities exceeded US$80,000. Vulnerability public testing is indeed an industry with a promising future. For public testing platforms, there are organizations that provide bounties
    Safety 2058 2023-05-12 10:04:11
  • How to reproduce the RCE vulnerability of unauthorized access to the XXL-JOB API interface
    How to reproduce the RCE vulnerability of unauthorized access to the XXL-JOB API interface
    XXL-JOB Description XXL-JOB is a lightweight distributed task scheduling platform. Its core design goals are rapid development, easy learning, lightweight, and easy expansion. The source code is now open and connected to the online product lines of many companies, ready to use out of the box. 1. Vulnerability details The core issue of this vulnerability is GLUE mode. XXL-JOB supports multi-language and script tasks through "GLUE mode". The task features of this mode are as follows: ●Multi-language support: supports Java, Shell, Python, NodeJS, PHP, PowerShell... and other types. ●WebIDE: Tasks are maintained in the dispatch center in source code mode and support online development and maintenance through WebIDE. ●Dynamic effective: user online communication
    Safety 5464 2023-05-12 09:37:05
  • How to perform security configuration to turn off detailed content display on iis error page
    How to perform security configuration to turn off detailed content display on iis error page
    For web security, prevent *** from obtaining useful information through web error page information, turn off the iis error page to display detailed content 1. Open the iis function view, open the error page, click Edit function, set the default to detailed error, select custom error
    Safety 1654 2023-05-12 09:28:13

Recommended Articles

Sesame Open Door Exchange Web Page Registration Link Gate Trading App Registration Website Latest

Sesame Open Door Exchange Web Page Registration Link Gate Trading App Registration Website Latest

Course Classification

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29
HTML5 MP3 music box playback effects

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.
Player special effects
2024-02-29
HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29
jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29
Organic fruit and vegetable supplier web template Bootstrap5

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03
Bootstrap3 multifunctional data information background management responsive web page template-Novus

Bootstrap3 multifunctional data information background management responsive web page template-Novus

Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02
Real estate resource service platform web page template Bootstrap5

Real estate resource service platform web page template Bootstrap5

Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02
Simple resume information web template Bootstrap4

Simple resume information web template Bootstrap4

Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02
Cute summer elements vector material (EPS PNG)

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09
Four red 2023 graduation badges vector material (AI EPS PNG)

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29
Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29
Golden graduation cap vector material (EPS PNG)

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27
Home Decor Cleaning and Repair Service Company Website Template

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09
Fresh color personal resume guide page template

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29
Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28
Modern engineering construction company website template

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28