肥皂的小屋

burpsuite

cover

cover

cover

cover

cover

cover

cover

cover

SSTI漏洞初探

起因在xctf上做题遇到的 0x00 SSTI 漏洞简介 SSTI:Server-Side Template Injection 服务器端模板注入，属于格式化字符串漏洞之一。注入就是格式化字符串漏洞的一种体现不管是二进制还是web，很多的漏洞都能归结为格式化字符串漏洞 sq…

漏洞利用1 min

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

BruteForce_test暴力破解练习

事情起因 3sNwgeek大佬工作上遇到的案例，GitHub 地址这个大佬还有另外一个基于AWD比赛的蠕虫webshell系列也不错有机会可以搞一下配置环境用类似phpstudy的环境就可以搭建 Copy git clone https://github.com…

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

docker搭建pikachu及burp暴力破解基于Token的表单

事情起因持续整理笔记中参考文章： burp 暴力破解基于 Token 的表单安装 docker Copy apt-get install docker.io -y 然后使用docker -v命令验证是否安装完成：换镜像网易加速器：http://hub…

Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#58006
Owner
0xa75bc050d20393dc83b0a7bba2974521594cb660
Transaction Hash
Creation 0x3f2e7120...5c02390f46 Last Update 0x8391bea2...c4f11ea2a4
IPFS Address
ipfs://QmZPvgAy4DSrPxhRfqaKk1XFDWT9LsxrBGLJ69FbRphrp6