current location:Home > Technical Articles > Operation and Maintenance > Safety

  • Using syntax differences between PHP serialization and deserialization to bypass protection
    Using syntax differences between PHP serialization and deserialization to bypass protection
    Website security tutorial: This article introduces the syntax differences between PHP serialization and deserialization. I hope it can be a reference for everyone. Simply put, serialization is the process of converting objects into strings, while deserialization is the process of restoring strings to objects.
    Safety 2207 2020-01-02 16:53:08
  • Exploiting CSRF token verification mechanism vulnerability to authenticate victim accounts
    Exploiting CSRF token verification mechanism vulnerability to authenticate victim accounts
    Server Security Tutorial: This article shares a Facebook CSRF vulnerability. There is a CSRF token verification mechanism vulnerability when using a Gmail or G-Suite account to verify a newly created Facebook account. An attacker can use this vulnerability to verify a newly created Facebook account. , used with minimal user interaction
    Safety 3213 2019-12-28 18:02:07
  • Using Reflected XSS Vulnerability to Hijack Facebook Accounts
    Using Reflected XSS Vulnerability to Hijack Facebook Accounts
    Below, the website security tutorial column will introduce how to use the reflected XSS vulnerability to hijack Facebook accounts. I hope it can be a reference for everyone. The reflected XSS vulnerability is only effective in IE and Edge browsers because some API endpoints do not implement complete and safe escaping measures when processing HTML code responses.
    Safety 3058 2019-12-28 17:59:36
  • JavaScript prototype chain pollution attack
    JavaScript prototype chain pollution attack
    This article is recommended by the web server security column. This article tests the JavaScript prototype chain attack and defense through three cases. I hope it can help you. Prototype chain pollution comes from a vulnerability fixed in jQuery, but if this vulnerability is generalized, both the front and back ends will be affected.
    Safety 3411 2019-12-27 17:41:58
  • Use lexical analysis to extract domain names and IPs
    Use lexical analysis to extract domain names and IPs
    This article is recommended by the web server security column. It introduces how to extract domain names and IPs through lexical analysis. I hope it can be a reference for everyone. The URL structure in the IP form is the simplest: 4 numbers less than 255 are separated by [.]; the domain form is more complex, but they all have top-level domain names [.com].
    Safety 3453 2019-12-25 13:08:10
  • Powerful IP rotation and brute force guessing technology
    Powerful IP rotation and brute force guessing technology
    This article is shared by the web server security column. It introduces how to disable unconfirmed Facebook accounts by using IP rotation and violent guessing methods. I hope it can provide some reference for students in need. The IP rotation method can bypass protection and create an indirect disabling attack on any newly created unconfirmed Facebook user.
    Safety 2376 2019-12-21 11:49:47
  • Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system
    Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system
    This article is recommended by the web server security column. It records an experiment to bypass the 2FA verification mechanism of the target system through brute force enumeration. I hope it can help everyone. For the dynamic password OTP of the target system, by using a simple brute force enumeration method, the target system's two-factor authentication mechanism 2FA can be bypassed or cracked.
    Safety 3771 2019-12-18 11:58:46
  • AWS S3 bucket misconfiguration - millions of personal information exposed
    AWS S3 bucket misconfiguration - millions of personal information exposed
    This article is introduced by the web server security column: the misconfiguration of AWS S3 buckets causes millions of personal information (PII) to be obtained. I hope it can help you. This article also describes the issue of administrator accounts with login access leading to the leakage of business partner company details.
    Safety 3316 2019-12-16 17:56:34
  • In-depth analysis of JavaScript-based DDOS attacks
    In-depth analysis of JavaScript-based DDOS attacks
    This article comes from the web server security column. It analyzes JavaScript-based DDOS attacks for everyone. I hope it can help everyone. In traditional DDoS attacks, attackers control a large number of puppet machines and then send a large number of requests to the target server to prevent legitimate users from accessing the website.
    Safety 2610 2019-12-10 17:34:56
  • Detailed explanation of some problems encountered in developing passive scanner plug-ins
    Detailed explanation of some problems encountered in developing passive scanner plug-ins
    This article uses the web server security tutorial column to introduce solutions to some problems encountered during the development of passive scanner plug-ins. I hope it can help you. Passive scanners mainly conduct testing by collecting normal business traffic, improving the efficiency of testing and achieving better results than active scanners.
    Safety 2090 2019-12-09 13:38:17
  • Obtain target user's local private key information through stored XSS vulnerability
    Obtain target user's local private key information through stored XSS vulnerability
    This article comes from the web server security tutorial column. It demonstrates how to obtain the local private key information of the target user through a stored XSS vulnerability. I hope it can be helpful to everyone. Stored XSS means that the attacker uploads or stores malicious code to the vulnerable server in advance, and the malicious code will be executed as long as the victim browses the page containing this malicious code.
    Safety 2790 2019-12-04 17:40:28
  • Practical attack and defense of one-time stored XSS
    Practical attack and defense of one-time stored XSS
    This article comes from the web server security column and provides a practical demonstration of the attack and defense of stored XSS. Interested students can try it themselves. Stored XSS achieves the purpose of attack by injecting executable code into a web page and successfully executing it by the browser, usually by injecting a JavaScript script.
    Safety 3763 2019-12-03 17:42:52
  • Summary of common unauthorized access vulnerabilities
    Summary of common unauthorized access vulnerabilities
    This article introduces common unauthorized access vulnerabilities from the web security tutorial column. I hope it can help everyone. Common unauthorized access vulnerabilities include: 1. "MongoDB" unauthorized access vulnerability; 2. "Redis" unauthorized access vulnerability; 3. "JBOSS" unauthorized access vulnerability.
    Safety 5024 2019-12-02 17:40:44
  • Analysis of the principle of remote code execution vulnerability caused by java deserialization
    Analysis of the principle of remote code execution vulnerability caused by java deserialization
    This article is recommended by the web security tutorial column and I hope it can help everyone. In order to realize remote transmission and remote code execution of Java code, we can use RMI, RPC, etc. This article uses Socket for server-side and client-side processing.
    Safety 2817 2019-11-30 17:50:38
  • XSS attack principles and protection
    XSS attack principles and protection
    XSS (Cross Site Scripting), also known as CSS, is a common method in Web attacks. Through this attack, the user terminal can be controlled to perform a series of malicious operations, such as stealing, tampering, and adding user data. Or lead to phishing websites, etc.
    Safety 3981 2019-11-30 14:27:07

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03

Bootstrap3 multifunctional data information background management responsive web page template-Novus

Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02

Real estate resource service platform web page template Bootstrap5

Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02

Simple resume information web template Bootstrap4

Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28