current location:Home > Technical Articles > Operation and Maintenance > Safety
- Direction:
- All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial
- Classify:
-
- How to analyze SQLMap and SQLi injection defense
- Part One: Using Sqlmap 1.1 Introduction to sqlmap 1. I mentioned some basic statements of sql injection, but manual injection is very troublesome. We can use sqlmap, a powerful sql injection tool, to obtain data. 2. Introduction to sqlmap (1)# sqlmap is an open source penetration testing tool that can automatically detect and exploit SQL injection vulnerabilities and servers connected to the database. It has a very powerful detection engine, a penetration tester with multiple features, access the underlying file system through database fingerprinting and execute commands over an out-of-band connection. Official website: sqlmap.org(2)#Supported databases: MySQL, Oracle, PostgreS
- Safety 1113 2023-05-11 18:37:06
-
- What are the knowledge points for web security testing?
- What is security testing? Security testing is about providing evidence that the application can still adequately meet its requirements in the face of hostile and malicious input. a. How to provide evidence? We use a set of failed security test case execution results to prove that the web application does not meet security requirements. b. How do you view the need for security testing? Security testing is more dependent on requirements than functional testing because it has more possible inputs and outputs to sift through. True software security actually refers to risk management, that is, we can ensure that the security level of the software meets business needs. How to conduct security testing? Adding security test cases based on common attacks and vulnerabilities combined with actual practice is how to turn security testing into a simple and common part of daily functional testing.
- Safety 1397 2023-05-11 18:34:06
-
- How to easily bypass human-machine authentication Captcha
- The Writeup shared today is a simple human-computer authentication (Captcha) bypass method discovered by the author during vulnerability testing of the target website. Captcha bypass was achieved by simply editing elements on the login page of the target website using Chrome developer tools. Pass. Human-machine authentication (Captcha) usually appears on the registration, login and password reset pages of the website. The following is the Captcha mechanism arranged by the target website in the login page. As you can see from the picture above, only after the user checks "I'mnotarobot" of the Captcha verification mechanism, the login button (Sign-IN) will be enabled and displayed for the user to click. So based on this, I right clicked on Si
- Safety 5795 2023-05-11 17:55:12
-
- What is the implementation path for the evolution from IPv4 to IPv6?
- Technical Model for Transformation from IPv4 to IPv6 The industry provides three solutions for the transformation from IPv4 to IPv6, namely dual-stack technology mode, tunnel technology mode, and address translation mode. 1. Dual-stack technology model: Run two independent planes on the same network: an IPv4 network plane and an IPv6 network plane, each maintaining its own IGP/EGP status and routing. In this mode, IPv4 and IPv6 coexist, which does not affect existing IPv4 services and can also meet the new needs of IPv6. However, the implementation cost in this mode is relatively high. Firstly, it requires the support of network equipment of the entire network. Secondly, it is difficult to adjust IGP/EGP of the entire network equipment. If it is only implemented in a small area, this is a better choice. mold
- Safety 1720 2023-05-11 17:52:13
-
- How to analyze the source code leak vulnerability of Facebook Ads advertising business API interface
- More than a month after discovering the vulnerability, I discovered a vulnerability in the API of the FacebookAds advertising business system. The vulnerable API is an image processing interface, which is used for Facebook merchant accounts to upload advertising images. The uploaded images will be stored in a directory called "/adimages" and encoded in base64 format. Therefore, my test idea is that in the mechanism here, a malicious payload can be injected into the uploaded image, which will be converted into Base64 format by the API and then passed to the server by Facebook. The following is the POST request to upload images: POST/v2.10/act_123456789/adimagesHTT
- Safety 1493 2023-05-11 17:40:13
-
- Example analysis of XML external entity injection vulnerability
- 1. XML external entity injection XML external entity injection vulnerability is what we often call XXE vulnerability. XML is a widely used data transmission format, and many applications contain code for processing XML data. By default, many outdated or improperly configured XML processors will reference external entities. If an attacker can upload an XML document or add malicious content to the XML document, through vulnerable code, dependencies, or integrations, he or she can attack a flawed XML processor. The occurrence of XXE vulnerabilities has nothing to do with the development language. As long as the xml data is parsed in the application and the data is controlled by the user, the application may be vulnerable to XXE attacks. This article uses java
- Safety 2264 2023-05-11 16:55:12
-
- Remote code execution vulnerability case analysis
- 0x01 Get to know mongo-expressmongo-express is a MongoDB AdminWeb management interface, written using NodeJS, Express, and Bootstrap3. Currently, mongo-express should be the MongoDBadmin management interface with the most stars on Github. Easy to deploy and simple to use, it has become the choice of many people to manage mongo. 0x02 Set up the debugging environment 0x1 Start the docker service After reading the official GitHub security bulletin, we found that the vulnerability affects all versions below 0.54.0. We chose to use 0.49 as an example for testing. Due to this vulnerability environment, M
- Safety 1604 2023-05-11 16:46:06
-
- Gogs arbitrary user login vulnerability instance analysis
- 1. Vulnerability background Gogs is an open source file/code management system (based on Git) similar to GitHub. The goal of Gogs is to create the simplest, fastest and easiest way to build self-service Git services. Developed using the Go language, Gogs can be distributed through independent binaries and supports all platforms supported by the Go language, including Linux, MacOSX, Windows and ARM platforms. 2. Vulnerability description gogs is a self-service Git service platform that is easy to build. It has the characteristics of easy installation, cross-platform, and lightweight, and has many users. In its 0.11.66 and previous versions, (go-macaron/session library) does not perform sessionid
- Safety 2436 2023-05-11 16:43:06
-
- What does rebound shell mean?
- *Stern statement: This article is limited to technical discussion and sharing, and is strictly prohibited from being used in illegal ways. 0x00 Preface Rebound shell means that the control terminal monitors a certain TCP/UDP port, the controlled terminal initiates a request to the port, and transfers the input and output of its command line to the control terminal. In layman's terms, rebound shell is a kind of reverse link, which is different from forward ssh. It is an attack mode in which the other party's computer executes a command to connect to our side, and this attack mode must be used with a remote command execution vulnerability. Why rebound shell? It is usually used when the controlled end is restricted by firewall, lacks permissions, and the port is occupied. Suppose we attack a machine and open a port on the machine. The attacker connects to the target machine on his own machine. This
- Safety 6859 2023-05-11 16:25:20
-
- Real experience sharing: Information security engineer of 'Du Xiaoman'
- This article will share with you what questions I was asked when I was interviewing Du Xiaoman Information Security Engineer (Financial Security Department). I went through one, two, and three interviews in total. Let’s take a look at it together. I hope it will help those in need. Friends can help~
- Safety 2029 2023-01-12 14:30:38
-
- Let's see how to learn network protocols through the QUIC protocol
- This article will take you to understand the QUIC protocol, and use the QUIC protocol as an example to talk about how to learn network protocols. I hope it will be helpful to everyone!
- Safety 3373 2022-03-01 10:09:02
-
- session consistency design
- What is session consistency? Web-server can automatically create sessions for users accessing the same browser and provide storage functions. Generally, user login information is stored in the session. What is the session consistency problem? When there is only one web-server in the backend, the correct session can be found for every http request. The problem is that it cannot meet high availability. If one server hangs up, it will be over. Redundancy + failover, deploy multiple web-servers, nginx path...
- Safety 248 2021-06-26 15:54:56
-
- Introducing several commonly used web security authentication methods
- This article introduces five commonly used web security authentication methods, which has certain reference value. I hope it can be helpful to everyone.
- Safety 7092 2021-03-15 10:40:55
-
- How to keep the web safe
- In the early days of the development of the Internet, it was still the era of the IE browser. At that time, the purpose of everyone surfing the Internet was to share information and obtain news through the browser. With the rapid development of the Internet, web pages can do more and more things. You can not only read news and play games, but also shop and chat. These functions have greatly enriched our lives.
- Safety 4264 2021-03-09 09:51:38
-
- Share solutions to several common web security risks
- Web server security: This article shares solutions to several common web security risks. It has certain reference value and I hope it can be helpful to everyone.
- Safety 4321 2021-03-01 10:44:49
Tool Recommendations
jQuery enterprise message form contact code
jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29
HTML5 MP3 music box playback effects
HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.
Player special effects
2024-02-29
HTML5 cool particle animation navigation menu special effects
HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29
jQuery visual form drag and drop editing code
jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29
Organic fruit and vegetable supplier web template Bootstrap5
An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03
Bootstrap3 multifunctional data information background management responsive web page template-Novus
Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02
Real estate resource service platform web page template Bootstrap5
Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02
Simple resume information web template Bootstrap4
Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02
Cute summer elements vector material (EPS PNG)
This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09
Four red 2023 graduation badges vector material (AI EPS PNG)
This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29
Singing bird and cart filled with flowers design spring banner vector material (AI EPS)
This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29
Golden graduation cap vector material (EPS PNG)
This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27
Home Decor Cleaning and Repair Service Company Website Template
Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09
Fresh color personal resume guide page template
Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29
Designer Creative Job Resume Web Template
Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28
Modern engineering construction company website template
The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28
