06 2024 档案
[转载]javafx报错问题解决
摘要:原文地址: https://blog.csdn.net/qq_34444097/article/details/126556823 先下javafx https://gluonhq.com/products/javafx/ 然后 java --module-path [lib目录] --add-mo
「CVE-2024-34470爆破目录」[任意文件读取用bash命令爆破指北]拿到目录遍历漏洞后用wfuzz爆破
摘要:该CVE的fofa: body="mailinspector/public" ┌──(root㉿kali)-[~] └─# wfuzz -u http://XXX.XXX.XXX.XXX/mailinspector/public/loader.php?path=../../../../../../.
[粗略的速通]BURP靶场API testing通关记录
摘要:第一关[Easy]: Exploiting an API endpoint using documentation 目标是删carlos 在更新自己邮箱的界面可以抓到一个PATCH请求,请求的URI是: /api/user/wiener (URI生成逻辑可以在前端js找到,👇前端js) const
彻底理解BURP靶场的nosql最终关Lab: Exploiting NoSQL operator injection to extract unknown fields
摘要:参考: https://www.freebuf.com/articles/web/358650.html https://youtu.be/I3zNZ8IBIJU 关于NoSQL 数据库分为传统的RDBMS(Relational Database Management System)(比如mysql
[罗嗦的详解]BURP官方靶场Lab: SSRF with filter bypass via open redirection vulnerability
摘要:参考视频:官方把场下的俩个视频 https://youtu.be/iF1BPVTqM10 抓取checkstore按钮的POST请求,请求体: stockApi=/product/stock/check?productId=3&storeId=1 nextstore 按钮的get请求: GET /p
[学习JWT安全]JWT安全的学习笔记
摘要:学习了JWT(json web token),下边是笔记👇 0x01 原理 先挂一个加解密jwt的站: https://www.bejson.com/jwt/ JWT就是经过对称加密后的json ,密文前两个部分一般以 ”eyJ” 开头.整体分为首部(header) 载荷(payload) 密钥(
[CVE-2024-4577] php CGI RCE漏洞python POC
摘要:参考:https://www.ddosi.org/cve-2024-4577/ http包👇 POST /test.hello?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1 Host: xxx.xx
[转载]btrfs文件系统的kali linux 用snapper创建快照
摘要:https://www.techrepublic.com/article/how-to-install-the-new-kali-linux-snapshot-tool-unkaputtbar/
