-
**攻擊者學號**:splitline
**被攻擊者學號與網址**:`B10730226` @wynn1212 https://wynn1212.websec.mooo.com/
**漏洞類型**:RCE / Path traversal
**漏洞描述**
使用網址上傳大頭貼時,經由如下程式碼處理:
https://github.com/wynn1212/2022WebS…
-
Header Strict-Transport-Security "... includeSubDomains": we need to meed to mention that this can be a big pitfall.
-
https://websec.space/2022/01/26/ctfshow%E7%88%86%E7%A0%B4/
ctfshow爆破开始玩 web21 爆破什么的,都是基操 确实是基操,下面演示两种方法。这题是个tomcat的认证。 法一:bp的intruder 确定好爆破位置,选择类型Custom iterator 导入题目给的附件,进行base64编码,开始攻击! 找到相应长…
-
Let's improve [this security score](https://observatory.mozilla.org/analyze/www.cncf.io) which currently gives us an F.
-
# 概述
SQL注入(SQL injection)是发生于应用程序与数据库层的安全漏洞。简而言之,是在输入的字符串之中注入SQL指令,在设计不良的程序当中忽略了字符检查,那么这些注入进去的恶意指令就会被数据库服务器误认为是正常的SQL指令而运行,因此遭到破坏或是入侵。
# 原理
# 分类
# 注入过程
## 注入点
![注入点](https://user-images.githubus…
-
https://websec.space/2022/04/08/php-fpm%E6%9C%AA%E6%8E%88%E6%9D%83/
php-fpm未授权php-fpm是个中间件,在需要php解释器来处理.php文本时会用到php-fpm。自从php5.3.3以后就将php-fpm集成在php内核中。PHP-FPM提供了更好的PHP进程管理方式,可以有效控制内存和进程、可以平滑重载PHP配…
-
The CSP spec has a nice requirement that CSP reports should have the `content-type` header set to `application/csp-report`. https://www.w3.org/TR/CSP2/#send-violation-reports
Could we introduce a s…
-
攻擊者學號:B10815052
被攻擊者學號與網址:B10815062 @yochan0412 https://demo.yochan.live/
漏洞類型:XSS(upload file)
漏洞描述
上傳php檔裡面使用
```
alert(1)
```
這樣php flag的檢查就會被掠過
PoC
```
alert(1)
```
…
-
As sysadmin for opencaching.ro I received a report from Open Bug Bounty about a discovered vulnerability on the site.
Cited report can be found here: https://www.openbugbounty.org/reports/1930692/
D…
-
**Context**
After the post in medium about the WordPress and serialize bug that can be read here https://medium.com/websec/wordpress-and-recursive-unserialize-5518b124b23b the fix has been applied…
widoz updated
5 years ago