Web Applications
文章平均质量分 74
Nixawk
这个作者很懒,什么都没留下…
展开
-
sqli-labs ---- Less-1 & Less-3 & Less-4
[地址]: https://github.com/Audi-1/sqli-labs原创 2014-05-30 18:11:22 · 1687 阅读 · 0 评论 -
Security Lab
Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of o原创 2014-08-10 22:40:16 · 2510 阅读 · 0 评论 -
Pentest Lab - Tr0ll
[Download]: http://vulnhub.com/entry/tr0ll-1,100/<原创 2014-09-12 14:13:46 · 3484 阅读 · 0 评论 -
Pentest Lab - flick
http://vulnhub.com/entry/flick-1,99/http://blog.techorganic.com/2014/08/14/flick-hacking-challenge/原创 2014-08-18 16:44:30 · 2010 阅读 · 0 评论 -
MySQL SQL Injection Cheat Sheet
MySQL SQL Injection Cheat SheetVersionSELECT@@versionCommentsSELECT 1;#commentSELECT /*comment*/1;CurrentUserSELECT user();SELECT system_user();转载 2014-08-26 10:15:27 · 1479 阅读 · 0 评论 -
sqli-labs ---- Less-5 & Less-6
在过去的日子里,我们利用https://github.com/Audi-1/sqli-labs,讨论了SQL注入的不同类型。最新发布的内容见地址。现在,我们将回顾之前的SQL注入内容,并讨论基于错误显示的二阶查询注入,有时候又称子查询注入。有些人喜欢称其为盲注,但是我喜欢称其为显错注入,因为接下来我们会通过错误来获取信息。接下来的内容会如第一部分那样,继续采用分类方案,接下来的内容会以原创 2014-05-31 11:41:45 · 2972 阅读 · 1 评论 -
Cross-site scripting with UTF-7
What is UTF-7?A kind of encoding method of Unicode.Express all Unicode characters by ASCII letters only.Part of symbols are also encoded.Part of symbols are also encoded.ABCDE+转载 2014-06-01 16:57:31 · 1074 阅读 · 0 评论 -
sqli-labs ---- Less-8 & Less-9 & Less-10
引用 OWASP - Blind SQL Injection 简介:Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based原创 2014-05-31 12:46:04 · 2131 阅读 · 0 评论 -
XSS Challenges
http://xss-quiz.int21h.jp/Notes (for all stages):* NEVER DO ANY ATTACKS EXCEPT XSS.* DO NOT USE ANY AUTOMATED SCANNER (AppScan, WebInspect, WVS, ...)* Some stages may fit only IE.Stage #1:原创 2014-06-02 00:50:58 · 5439 阅读 · 0 评论 -
sqli-labs ---- Less-2
[地址]: https://github.com/Audi-1/sqli-labs原创 2014-05-31 10:39:46 · 1113 阅读 · 0 评论 -
sqli-labs
Less-1.GET - Error based - Single quotes - StringLess-2.GET - Error based - Integer basedLess-3.GET - Error based - Single quotes with twist - stringLess-4.GET - Error based - Double Quotes - St原创 2014-05-31 14:08:11 · 1645 阅读 · 0 评论 -
使用Fiddler插件X5S寻找XSS漏洞
跨站脚本是 OWASP 十大威胁中的一个。这种漏洞允许攻击者注入恶意代码。应用程序中任何用于可输入的位置,都有可能发现这种问题。如果网站存在XSS漏洞,攻击者就可以向常规用户注入恶意脚本。XSS漏洞可以用于偷取会话id,也可以劫持处于活动状态的用户会话。 网站开发人员必须测试网站是否容易受到此类攻击。他们需要验证输入,处理输出。为了找到网站上的XSS漏洞,他们也会使用各种可用的扫描器去原创 2014-05-31 21:28:01 · 3703 阅读 · 1 评论 -
sqli-labs ---- Less-7
Errcode: 13 说明写入文件失败,主要原因是因为Apache权限为www-data,而目录的权限是root。(Apache无写入权限).测试将文件写入系统临时目录,如下所示(已经写过一边,所以提示文件已存在):Less -7 实际应用如下所示:对文件进行访问时,一定要确认具备相应的权限。原创 2014-05-31 12:40:42 · 2604 阅读 · 1 评论 -
Joomla - Error-Based SQL Injection
DescriptionTrustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). CVE原创 2015-10-24 13:26:42 · 2100 阅读 · 0 评论