Article Tags
-
All
-
web3.0
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Backend Development
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Web Front-end
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Database
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Operation and Maintenance
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Development Tools
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
PHP Framework
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Common Problem
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Other
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Tech
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
CMS Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Java
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
System Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Computer Tutorials
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Hardware Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Mobile Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Software Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Mobile Game Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
Using syntax differences between PHP serialization and deserialization to bypass protection
Website security tutorial: This article introduces the syntax differences between PHP serialization and deserialization. I hope it can be a reference for everyone. Simply put, serialization is the process of converting objects into strings, while deserialization is the process of restoring strings to objects.
Jan 02, 2020 pm 04:53 PM
Exploiting CSRF token verification mechanism vulnerability to authenticate victim accounts
Server Security Tutorial: This article shares a Facebook CSRF vulnerability. There is a CSRF token verification mechanism vulnerability when using a Gmail or G-Suite account to verify a newly created Facebook account. An attacker can use this vulnerability to verify a newly created Facebook account. , used with minimal user interaction
Dec 28, 2019 pm 05:57 PM
Using Reflected XSS Vulnerability to Hijack Facebook Accounts
Below, the website security tutorial column will introduce how to use the reflected XSS vulnerability to hijack Facebook accounts. I hope it can be a reference for everyone. The reflected XSS vulnerability is only effective in IE and Edge browsers because some API endpoints do not implement complete and safe escaping measures when processing HTML code responses.
Dec 28, 2019 pm 05:20 PM
JavaScript prototype chain pollution attack
This article is recommended by the web server security column. This article tests the JavaScript prototype chain attack and defense through three cases. I hope it can help you. Prototype chain pollution comes from a vulnerability fixed in jQuery, but if this vulnerability is generalized, both the front and back ends will be affected.
Dec 27, 2019 pm 05:41 PM
Use lexical analysis to extract domain names and IPs
This article is recommended by the web server security column. It introduces how to extract domain names and IPs through lexical analysis. I hope it can be a reference for everyone. The URL structure in the IP form is the simplest: 4 numbers less than 255 are separated by [.]; the domain form is more complex, but they all have top-level domain names [.com].
Dec 25, 2019 pm 01:08 PM
Powerful IP rotation and brute force guessing technology
This article is shared by the web server security column. It introduces how to disable unconfirmed Facebook accounts by using IP rotation and violent guessing methods. I hope it can provide some reference for students in need. The IP rotation method can bypass protection and create an indirect disabling attack on any newly created unconfirmed Facebook user.
Dec 21, 2019 am 11:49 AM
Experiment on simple brute force enumeration method to bypass the 2FA verification mechanism of the target system
This article is recommended by the web server security column. It records an experiment to bypass the 2FA verification mechanism of the target system through brute force enumeration. I hope it can help everyone. For the dynamic password OTP of the target system, by using a simple brute force enumeration method, the target system's two-factor authentication mechanism 2FA can be bypassed or cracked.
Dec 18, 2019 am 11:58 AM
AWS S3 bucket misconfiguration - millions of personal information exposed
This article is introduced by the web server security column: the misconfiguration of AWS S3 buckets causes millions of personal information (PII) to be obtained. I hope it can help you. This article also describes the issue of administrator accounts with login access leading to the leakage of business partner company details.
Dec 16, 2019 pm 05:56 PM
In-depth analysis of JavaScript-based DDOS attacks
This article comes from the web server security column. It analyzes JavaScript-based DDOS attacks for everyone. I hope it can help everyone. In traditional DDoS attacks, attackers control a large number of puppet machines and then send a large number of requests to the target server to prevent legitimate users from accessing the website.
Dec 10, 2019 pm 05:34 PM
Detailed explanation of some problems encountered in developing passive scanner plug-ins
This article uses the web server security tutorial column to introduce solutions to some problems encountered during the development of passive scanner plug-ins. I hope it can help you. Passive scanners mainly conduct testing by collecting normal business traffic, improving the efficiency of testing and achieving better results than active scanners.
Dec 09, 2019 pm 01:15 PM
Obtain target user's local private key information through stored XSS vulnerability
This article comes from the web server security tutorial column. It demonstrates how to obtain the local private key information of the target user through a stored XSS vulnerability. I hope it can be helpful to everyone. Stored XSS means that the attacker uploads or stores malicious code to the vulnerable server in advance, and the malicious code will be executed as long as the victim browses the page containing this malicious code.
Dec 04, 2019 pm 05:39 PM
Practical attack and defense of one-time stored XSS
This article comes from the web server security column and provides a practical demonstration of the attack and defense of stored XSS. Interested students can try it themselves. Stored XSS achieves the purpose of attack by injecting executable code into a web page and successfully executing it by the browser, usually by injecting a JavaScript script.
Dec 03, 2019 pm 05:42 PM
Summary of common unauthorized access vulnerabilities
This article introduces common unauthorized access vulnerabilities from the web security tutorial column. I hope it can help everyone. Common unauthorized access vulnerabilities include: 1. "MongoDB" unauthorized access vulnerability; 2. "Redis" unauthorized access vulnerability; 3. "JBOSS" unauthorized access vulnerability.
Dec 02, 2019 pm 05:40 PM
Analysis of the principle of remote code execution vulnerability caused by java deserialization
This article is recommended by the web security tutorial column and I hope it can help everyone. In order to realize remote transmission and remote code execution of Java code, we can use RMI, RPC, etc. This article uses Socket for server-side and client-side processing.
Nov 30, 2019 pm 05:50 PM
Hot tools Tags
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
vc9-vc14 (32+64 bit) runtime library collection (link below)
Download the collection of runtime libraries required for phpStudy installation
VC9 32-bit
VC9 32-bit phpstudy integrated installation environment runtime library
PHP programmer toolbox full version
Programmer Toolbox v1.0 PHP Integrated Environment
VC11 32-bit
VC11 32-bit phpstudy integrated installation environment runtime library
SublimeText3 Chinese version
Chinese version, very easy to use
Hot Topics
1654
14
1413
52
1306
25
1252
29
1225
24