Mr.Be1ieVe's Treasure

路虽远行则将至,事虽难做则必成

From Zero To Keep Learning

本文作为备份,给19,20的学弟学妹们学习。 多读书,多看推送,多学习 Week 1 原文-精简版 我的学习过程 graph TD; First[用Typora写md笔记];

Posted by Mr.Be1ieVe on Tuesday, June 29, 2021

WebGoat代码审计其3-路径穿越

Path traversal 2 请求 URL: http://localhost:8080/WebGoat/PathTraversal/profile-upload 请求方法: POST 全局搜索后找到 跳入 ProfileUploadBase类,看里面的execute函数 先检查file和fullName

Posted by Mr.Be1ieVe on Thursday, June 17, 2021

WebGoat代码审计其2-sql注入

Intro 2 select 点击submit后, 查看数据包,发往/SqlInjection/attack2, 表单数据为query: select * from Employees where first_name='Bob'; 别的查询都不会返回数

Posted by Mr.Be1ieVe on Monday, May 31, 2021

WebGoat代码审计其1-登录注册

IDEA配置 下载idea之后, webgoat要求 * Java 15 * Maven > 3.2.1 * Your favorite IDE * Git, or Git support in your IDE 但是调试的话, 只安装java即可 安装好后先配置Proj

Posted by Mr.Be1ieVe on Tuesday, May 25, 2021

OpenCanary使用及理解

协议支持列表 22 ssh : a Secure Shell server which alerts on login attempts 21 ftp - a File Transfer Protocol server which on login attempts git - a Git protocol which alerts on repo cloning 80 http - an HTTP web server that alerts on login attempts httpproxy - an HTTP web proxy that alerts when there is an attempt to proxy to another page

Posted by Mr.Be1ieVe on Monday, May 10, 2021

avatar

安全运营,兼任应用安全、基础安全。

FEATURED TAGS
awd buu ctf hackthebox linux使用 xray 专业学习 基础知识 学习笔记