Page 50-Safety Programming Tutorials: Learn Safety Online-php.cn

current location：Home > Technical Articles > Operation and Maintenance > Safety

Direction：: All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial

Classify：: phpstudy Windows Operation and Maintenance Mac OS Linux Operation and Maintenance Apache Nginx CentOS Docker Safety LVS vagrant debian zabbix kubernetes ssh fabric

Popular

New

Using syntax differences between PHP serialization and deserialization to bypass protection

Website security tutorial: This article introduces the syntax differences between PHP serialization and deserialization. I hope it can be a reference for everyone. Simply put, serialization is the process of converting objects into strings, while deserialization is the process of restoring strings to objects.

Safety 2150 2020-01-02 16:53:08
Exploiting CSRF token verification mechanism vulnerability to authenticate victim accounts

Server Security Tutorial: This article shares a Facebook CSRF vulnerability. There is a CSRF token verification mechanism vulnerability when using a Gmail or G-Suite account to verify a newly created Facebook account. An attacker can use this vulnerability to verify a newly created Facebook account. , used with minimal user interaction

Safety 3173 2019-12-28 18:02:07
Using Reflected XSS Vulnerability to Hijack Facebook Accounts

Below, the website security tutorial column will introduce how to use the reflected XSS vulnerability to hijack Facebook accounts. I hope it can be a reference for everyone. The reflected XSS vulnerability is only effective in IE and Edge browsers because some API endpoints do not implement complete and safe escaping measures when processing HTML code responses.

Safety 3014 2019-12-28 17:59:36
JavaScript prototype chain pollution attack

This article is recommended by the web server security column. This article tests the JavaScript prototype chain attack and defense through three cases. I hope it can help you. Prototype chain pollution comes from a vulnerability fixed in jQuery, but if this vulnerability is generalized, both the front and back ends will be affected.

Safety 3355 2019-12-27 17:41:58
Use lexical analysis to extract domain names and IPs

This article is recommended by the web server security column. It introduces how to extract domain names and IPs through lexical analysis. I hope it can be a reference for everyone. The URL structure in the IP form is the simplest: 4 numbers less than 255 are separated by [.]; the domain form is more complex, but they all have top-level domain names [.com].

Safety 3406 2019-12-25 13:08:10
Powerful IP rotation and brute force guessing technology

This article is shared by the web server security column. It introduces how to disable unconfirmed Facebook accounts by using IP rotation and violent guessing methods. I hope it can provide some reference for students in need. The IP rotation method can bypass protection and create an indirect disabling attack on any newly created unconfirmed Facebook user.

Safety 2332 2019-12-21 11:49:47
Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system

This article is recommended by the web server security column. It records an experiment to bypass the 2FA verification mechanism of the target system through brute force enumeration. I hope it can help everyone. For the dynamic password OTP of the target system, by using a simple brute force enumeration method, the target system's two-factor authentication mechanism 2FA can be bypassed or cracked.

Safety 3735 2019-12-18 11:58:46
AWS S3 bucket misconfiguration - millions of personal information exposed

This article is introduced by the web server security column: the misconfiguration of AWS S3 buckets causes millions of personal information (PII) to be obtained. I hope it can help you. This article also describes the issue of administrator accounts with login access leading to the leakage of business partner company details.

Safety 3260 2019-12-16 17:56:34
In-depth analysis of JavaScript-based DDOS attacks

This article comes from the web server security column. It analyzes JavaScript-based DDOS attacks for everyone. I hope it can help everyone. In traditional DDoS attacks, attackers control a large number of puppet machines and then send a large number of requests to the target server to prevent legitimate users from accessing the website.

Safety 2550 2019-12-10 17:34:56
Detailed explanation of some problems encountered in developing passive scanner plug-ins

This article uses the web server security tutorial column to introduce solutions to some problems encountered during the development of passive scanner plug-ins. I hope it can help you. Passive scanners mainly conduct testing by collecting normal business traffic, improving the efficiency of testing and achieving better results than active scanners.

Safety 2037 2019-12-09 13:38:17
Obtain target user's local private key information through stored XSS vulnerability

This article comes from the web server security tutorial column. It demonstrates how to obtain the local private key information of the target user through a stored XSS vulnerability. I hope it can be helpful to everyone. Stored XSS means that the attacker uploads or stores malicious code to the vulnerable server in advance, and the malicious code will be executed as long as the victim browses the page containing this malicious code.

Safety 2716 2019-12-04 17:40:28
Practical attack and defense of one-time stored XSS

This article comes from the web server security column and provides a practical demonstration of the attack and defense of stored XSS. Interested students can try it themselves. Stored XSS achieves the purpose of attack by injecting executable code into a web page and successfully executing it by the browser, usually by injecting a JavaScript script.

Safety 3708 2019-12-03 17:42:52
Summary of common unauthorized access vulnerabilities

This article introduces common unauthorized access vulnerabilities from the web security tutorial column. I hope it can help everyone. Common unauthorized access vulnerabilities include: 1. "MongoDB" unauthorized access vulnerability; 2. "Redis" unauthorized access vulnerability; 3. "JBOSS" unauthorized access vulnerability.

Safety 4954 2019-12-02 17:40:44
Analysis of the principle of remote code execution vulnerability caused by java deserialization

This article is recommended by the web security tutorial column and I hope it can help everyone. In order to realize remote transmission and remote code execution of Java code, we can use RMI, RPC, etc. This article uses Socket for server-side and client-side processing.

Safety 2750 2019-11-30 17:50:38
XSS attack principles and protection

XSS (Cross Site Scripting), also known as CSS, is a common method in Web attacks. Through this attack, the user terminal can be controlled to perform a series of malicious operations, such as stealing, tampering, and adding user data. Or lead to phishing websites, etc.

Safety 3926 2019-11-30 14:27:07

...

PEPE the Frog Meme Coin Soars 42% as Coinbase and Robinhood Revive the Crypto Market

DOGEN, Kaspa (KAS), TRON (TRX) Set to Break Records as Altcoin Season Approaches

4 2024-11-14
IntelMarkets (INTL) Presale: A Lucrative Investment Opportunity Positioned to Dominate the Cryptocurrency Space

4 2024-11-15
Bitcoin Boom: Uncovered Insights and Their Unexpected Ripple Effects

6 2024-11-16
Summary of PHP interview questions in 2023 (Collection)

5 2023-02-15
How can a novice learn programming with zero basic knowledge?

5 2020-09-08
Summary of the latest PHP interview questions in 2023 (with answers)

6 2022-12-19
Summary of common PHP interview questions (with answers)

4 2022-04-08
12 excellent Vue backend management system template recommendations (free download)

5 2021-09-06
The latest 18 dark horse programmers full set of video tutorial recommendations in 2023 (free)

1 2022-12-15

Course Classification

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.

form button

2024-02-29

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.

Player special effects

2024-02-29

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.

Menu navigation

2024-02-29

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.

form button

2024-02-29

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5

Bootstrap template

2023-02-03

Bootstrap3 multifunctional data information background management responsive web page template-Novus

backend template

2023-02-02

Real estate resource service platform web page template Bootstrap5

Bootstrap template

2023-02-02

Simple resume information web template Bootstrap4

Bootstrap template

2023-02-02

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.

PNG material

2024-05-09

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.

PNG material

2024-02-29

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.

banner picture

2024-02-29

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.

PNG material

2024-02-27

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-05-09

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-29

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-28

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.

Front-end template

2024-02-28

Recommended Articles

Course Classification

Tool Recommendations