Page 39-Safety Programming Tutorials: Learn Safety Online-php.cn

Article Tags

All
web3.0
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Backend Development
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Web Front-end
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Database
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Operation and Maintenance
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Development Tools
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
PHP Framework
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Common Problem
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Other
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Tech
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
CMS Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Java
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
System Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Computer Tutorials
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Hardware Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Mobile Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Software Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric
Mobile Game Tutorial
- Mac OS
- Linux Operation and Maintenance
- Apache
- Nginx
- CentOS
- Docker
- LVS
- vagrant
- debian
- zabbix
- kubernetes
- ssh
- fabric

Home

Technical Articles

Operation and Maintenance

Safety

How to conduct Google Play malware analysis

Multiple malicious applications were recently discovered on Google Play (detected by TrendMicro as AndroidOS_BadBooster.HRX) that are capable of accessing remote malvertising configuration servers, conducting ad fraud, and downloading up to 3,000+ malware variants or malicious payloads. These malicious apps improve device performance by cleaning, organizing and deleting files and have been downloaded more than 470,000 times. The campaign has been active since 2017, and Google Play has removed the malicious apps from the store. According to the analysis, 3,000 malware variants or malicious payloads are downloaded to devices, disguised as device launchers or system icons that do not display in the program list.

May 15, 2023 pm 06:16 PM

google play

What does lookahead assertion mean in javascript

Note 1. The first assertion tells JavaScript to search forward in the string for a matching pattern. Might be useful if you want to search for multiple matching patterns on the same string. 2. There are two types of lookahead assertions: positive lookahead assertions and negative lookahead assertions. Example letquit="qu";letnoquit="qt";letquRegex=/q(?=u)/;letqRegex=/q(?!u)/;quit.match(quRegex);noquit.match(qRegex);

May 15, 2023 pm 05:49 PM

JavaScript

How to configure H3C HWTACACS

hwtacacsschemeacsprimaryauthentication10.222.250.13primaryauthorization10.222.250.13primaryaccounting10.222.250.13secondaryauthentication10.222.250.14secondaryauthorization10.222.250.14secondaryaccounting10.222.250.14keyauthenticationsimplenaskeyauth

May 15, 2023 pm 05:07 PM

h3c hwtacacs

What are the 4 common misunderstandings about windows antivirus software?

For computer novices, there are generally four misunderstandings about anti-virus software: 1) As long as you are not online, you will not be infected by viruses. Many people think that as long as you are not connected to the Internet, your computer will not be infected by viruses. There are indeed many viruses. It spreads through the Internet, but mobile storage is also a major source of spreading viruses, such as U disks, mobile hard drives, pirated CDs, etc. 2) As long as you have anti-virus software, you are not afraid of viruses. Anti-virus software cannot predict what viruses will appear in the future. Anti-virus software can only kill known viruses or some common virus characteristic behaviors. Therefore, don’t sit back and relax with anti-virus software, and anti-virus software must renewed on time. 3) If you set the file to read-only, you will not be afraid of viruses. If you set the file to read-only, you will not be able to modify or delete the file. This will help prevent accidental modification or deletion of the file.

May 15, 2023 pm 04:46 PM

Windows

How to use third-party software to elevate FlashFXP privileges

Privilege escalation environment: Windows 2003 Tools used: ASP environment, shell A privilege escalation idea: Using the FlashFXP replacement file vulnerability, you can read the site account password linked by the administrator. This is my first release in I Spring and Autumn. 1. Introduction to flashfxp FlashFXP is a powerful FXP/FTP software that integrates the advantages of other excellent FTP software, such as CuteFTP's directory comparison and supports color text display; such as BpFTP supports multiple directory selection files and temporary storage directories; and Such as the interface design of LeapFTP. 2. The specific process is as follows: I installed the FTP software in win03. There is nothing in it to create a new link. The linked account and password are all saved in qu

May 15, 2023 pm 04:16 PM

flashfxp

What is the role of NQA?

H3C's nqa is mainly used for primary and backup routing to ensure that the line is normal. 1. Networking requirements: Server can reach the opposite end line through two routers to ensure redundancy and automatic switching when disconnected. 2. The actual configuration of nqanqa is mainly divided into three steps: 1. Configure nqa detection. 2. Configure the association between track and nqa. 3. The specific configuration commands for the written static routing associated track are as follows: 1. You need to write nqa related commands on the main router. For example: nqaentryadminpiaojiaosuo to create an nqa event group (the name of the line marked to the ticket exchange can be set as required) typeicmp- echo determines the detection method destinationip49.10

May 15, 2023 pm 03:58 PM

nqa

Struts2 vulnerability S2-001 example analysis

Vulhub vulnerability series: struts2 vulnerability S2-0011. Vulnerability description: struts2 vulnerability S2-001 is when the user submits form data and verification fails, the server uses OGNL expression to parse the parameter value previously submitted by the user, %{value} and refills the corresponding form data. For example, in a registration or login page. If the submission fails, the server will usually default to returning the previously submitted data. Since the server uses %{value} to perform OGNL expression parsing on the submitted data, the server can directly send the payload to execute the command. 2. Vulhub vulnerability exploitation: Using vulhub to reproduce vulnerabilities can save the environment construction process, which is very convenient. vu

May 15, 2023 pm 03:58 PM

struts2

How to implement text gradient using css

Text Gradient The text gradient effect is very popular and can be easily achieved using CSS3: h3[data-text]{position:relative;}h3[data-text]::after{content:attr(data-text);z-index :10;color:#e3e3e3;position:absolute;top:0;left:0;-webkit-mask-image:-webkit-gradient(linear,lefttop,leftbottom,from(rgba(0,0,0,0) ),color

May 15, 2023 pm 02:52 PM

CSS

How to analyze the application of automated web penetration testing framework

About VajarVajra is an automated web penetration testing framework that helps a wide range of security researchers to automate boring reconnaissance tasks and the same scans against multiple targets during web application penetration testing. Vajra is highly customizable, allowing researchers to customize the scanning scope. We do not need to perform all scans on the target. We can choose the scanning tasks to be performed according to our own needs, which can minimize unnecessary communication traffic and Output the scan results to CouchDB. Vajra uses the most common open source tools, which are tools that many security researchers use when conducting security testing. Vajra will be done through a web browser

May 15, 2023 pm 01:46 PM

web

What are common web security vulnerabilities and testing methods?

1. Six basic principles of security testing: Authentication: Return of requests to authenticated users Access control: Permission control and data protection for unauthenticated users Integrity: Users must accurately receive information sent by the server Confidentiality: Information must Accurate delivery to intended users Reliability: How often does it fail? How long does it take for the network to recover from a failure? What steps are taken to deal with catastrophic failure? (Personally, I understand that this place should be more inclined to the category of fault-tolerance and disaster-tolerance testing) Non-repudiation: users should be able to prove that the data received comes from a specific server 2. Common security test content permission control SQL injection URL security test XSS (cross-site scripting) Attacks) CSRF (cross-site request forgery) URL redirect vulnerability and other security considerations

May 15, 2023 pm 01:28 PM

web

Example analysis of remote code execution caused by uploading any jar package in apache flink

Vulnerability description: On November 11, 2019, security engineer Henry Chen disclosed a vulnerability that allows Apache Flink to upload jar packages without authorization, leading to remote code execution. Since Apache Flink Dashboard can be accessed without authentication by default, a shell can be obtained by uploading a malicious jar package and triggering the execution of malicious code. Scope of influence Export (export) b. Then select java-->RunnableJARfilec. Then select the corresponding java project, export path and export file name image. This will generate a rebound shell jar package msf to generate jar horse: (1) Use msfvenom afterlife

May 15, 2023 pm 01:01 PM

flink jar包

How to use Smarty SSTi

Title description: The title provides an API for reading XFF headers. There is the word BuildWithSmarty at the bottom of the page. It can be determined that it is written with the Smarty engine. Basically, it can be determined that the page has the possibility of SSTi. Change the xff header from 127.0.0.1 to The following result appears on 127.0.0{1+2} ssti. There is no doubt that the final payload is of

May 15, 2023 am 11:37 AM

smarty SSTI

Analysis of examples of contaminated memory allocation functions in C language

1. Polluted memory allocation. The memory allocation functions of C language include malloc(), kmalloc, smalloc(), xmalloc(), realloc(), calloc(), GlobalAlloc(), HeapAlloc(), etc., with malloc() For example, the prototype of the malloc() function is: externvoid*malloc(unsignedintnum_bytes); the malloc() function allocates num_bytes bytes of memory and returns a pointer to this memory. When the integer of the memory allocation length comes from an untrusted source that may be contaminated, if there is no knowledge of the external input

May 15, 2023 am 11:13 AM

C语言

How to perform AppLocker bypass analysis

Preface What is applocker? AppLocker, the "Application Control Policy", is a newly added security feature in the Windows 7 system. This function is integrated by default in systems above win7. We can enable ApplicationIdentity in services, and then find the Applocker option in ApplicationControlPolicies in localsecuritypolicy. applocker rules The default Applocker rules support the following types: Rule **|Associated file format---|---Executable file|.exe, .com file

May 15, 2023 am 10:55 AM

AppLocker