current location:Home > Technical Articles > Operation and Maintenance > Safety
- Direction:
- All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial
- Classify:
-
- Using syntax differences between PHP serialization and deserialization to bypass protection
- Website security tutorial: This article introduces the syntax differences between PHP serialization and deserialization. I hope it can be a reference for everyone. Simply put, serialization is the process of converting objects into strings, while deserialization is the process of restoring strings to objects.
- Safety 2128 2020-01-02 16:53:08
-
- Exploiting CSRF token verification mechanism vulnerability to authenticate victim accounts
- Server Security Tutorial: This article shares a Facebook CSRF vulnerability. There is a CSRF token verification mechanism vulnerability when using a Gmail or G-Suite account to verify a newly created Facebook account. An attacker can use this vulnerability to verify a newly created Facebook account. , used with minimal user interaction
- Safety 3159 2019-12-28 18:02:07
-
- Using Reflected XSS Vulnerability to Hijack Facebook Accounts
- Below, the website security tutorial column will introduce how to use the reflected XSS vulnerability to hijack Facebook accounts. I hope it can be a reference for everyone. The reflected XSS vulnerability is only effective in IE and Edge browsers because some API endpoints do not implement complete and safe escaping measures when processing HTML code responses.
- Safety 2993 2019-12-28 17:59:36
-
- JavaScript prototype chain pollution attack
- This article is recommended by the web server security column. This article tests the JavaScript prototype chain attack and defense through three cases. I hope it can help you. Prototype chain pollution comes from a vulnerability fixed in jQuery, but if this vulnerability is generalized, both the front and back ends will be affected.
- Safety 3330 2019-12-27 17:41:58
-
- Use lexical analysis to extract domain names and IPs
- This article is recommended by the web server security column. It introduces how to extract domain names and IPs through lexical analysis. I hope it can be a reference for everyone. The URL structure in the IP form is the simplest: 4 numbers less than 255 are separated by [.]; the domain form is more complex, but they all have top-level domain names [.com].
- Safety 3392 2019-12-25 13:08:10
-
- Powerful IP rotation and brute force guessing technology
- This article is shared by the web server security column. It introduces how to disable unconfirmed Facebook accounts by using IP rotation and violent guessing methods. I hope it can provide some reference for students in need. The IP rotation method can bypass protection and create an indirect disabling attack on any newly created unconfirmed Facebook user.
- Safety 2318 2019-12-21 11:49:47
-
- Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system
- This article is recommended by the web server security column. It records an experiment to bypass the 2FA verification mechanism of the target system through brute force enumeration. I hope it can help everyone. For the dynamic password OTP of the target system, by using a simple brute force enumeration method, the target system's two-factor authentication mechanism 2FA can be bypassed or cracked.
- Safety 3723 2019-12-18 11:58:46
-
- AWS S3 bucket misconfiguration - millions of personal information exposed
- This article is introduced by the web server security column: the misconfiguration of AWS S3 buckets causes millions of personal information (PII) to be obtained. I hope it can help you. This article also describes the issue of administrator accounts with login access leading to the leakage of business partner company details.
- Safety 3245 2019-12-16 17:56:34
-
- In-depth analysis of JavaScript-based DDOS attacks
- This article comes from the web server security column. It analyzes JavaScript-based DDOS attacks for everyone. I hope it can help everyone. In traditional DDoS attacks, attackers control a large number of puppet machines and then send a large number of requests to the target server to prevent legitimate users from accessing the website.
- Safety 2535 2019-12-10 17:34:56
-
- Detailed explanation of some problems encountered in developing passive scanner plug-ins
- This article uses the web server security tutorial column to introduce solutions to some problems encountered during the development of passive scanner plug-ins. I hope it can help you. Passive scanners mainly conduct testing by collecting normal business traffic, improving the efficiency of testing and achieving better results than active scanners.
- Safety 2017 2019-12-09 13:38:17
-
- Obtain target user's local private key information through stored XSS vulnerability
- This article comes from the web server security tutorial column. It demonstrates how to obtain the local private key information of the target user through a stored XSS vulnerability. I hope it can be helpful to everyone. Stored XSS means that the attacker uploads or stores malicious code to the vulnerable server in advance, and the malicious code will be executed as long as the victim browses the page containing this malicious code.
- Safety 2693 2019-12-04 17:40:28
-
- Practical attack and defense of one-time stored XSS
- This article comes from the web server security column and provides a practical demonstration of the attack and defense of stored XSS. Interested students can try it themselves. Stored XSS achieves the purpose of attack by injecting executable code into a web page and successfully executing it by the browser, usually by injecting a JavaScript script.
- Safety 3692 2019-12-03 17:42:52
-
- Summary of common unauthorized access vulnerabilities
- This article introduces common unauthorized access vulnerabilities from the web security tutorial column. I hope it can help everyone. Common unauthorized access vulnerabilities include: 1. "MongoDB" unauthorized access vulnerability; 2. "Redis" unauthorized access vulnerability; 3. "JBOSS" unauthorized access vulnerability.
- Safety 4938 2019-12-02 17:40:44
-
- Analysis of the principle of remote code execution vulnerability caused by java deserialization
- This article is recommended by the web security tutorial column and I hope it can help everyone. In order to realize remote transmission and remote code execution of Java code, we can use RMI, RPC, etc. This article uses Socket for server-side and client-side processing.
- Safety 2729 2019-11-30 17:50:38
-
- XSS attack principles and protection
- XSS (Cross Site Scripting), also known as CSS, is a common method in Web attacks. Through this attack, the user terminal can be controlled to perform a series of malicious operations, such as stealing, tampering, and adding user data. Or lead to phishing websites, etc.
- Safety 3912 2019-11-30 14:27:07