????λ?????????? >> ?????????????
???????????????λ???????????
?????GoldFire\'s Blog ???????[ 2017/3/9 11:42:24 ] ??????????????? ?????????????
????26.???????????????????????????′???/abc/????????????′????????admin????????????????
??????????????????/abc/?????????????????
????27.????shell??????£???????xss?????????????????
????????????????μ?????????????js???????ж???????????????????????????????????????????·????????л?????????????????????С?(?????????м????????????????????????)??
??????????????????????в???XSS?????
????28.?????????????????????????*??????????????????????????????
?????????? ????????password??????text?????????
????29.????????????????????????????????????????????403.?????
??????????п???web?????????e??????д????????????????????????????
????30.?????????????????????????????????????????
????????в????????????????????????????ж??????????????F12??HTML?巋 ???绤?????????????????? <hws>????<hws> ??
????31.??win2003???????н?????? .zhongzi?????????????
????????????У??????ù???????????????????
????32??sql????????????? ???? ?????????????????????????????
????A. demo.jsp?id=2+1 B. demo.jsp?id=2-1
?????B???? URL ?????? + ?????????????????
????33????????????? sql ?????????????????????????????·??
????demo.do?DATA=AjAxNg==
????DATA?п???????? base64 ??????????????????????????????????? base64 ????????????????
????34?????? demo.jsp?uid=110 ??????????????·??? webshell?????????????
??????д???????????????????????using INTO OUTFILE????????????????????????????У??????д?? WebShell
??????? sqlmap –os-shell ?????????????????????????? Shell??????Ч?????
??????????????????????????????????????????????????????????????????????????????? Shell
????35??CSRF ?? XSS ?? XXE ???????????????????
????XSS?????????????????????????п?????????????У????????????????????????????????????????????塢???HTTP Only?????JavaScript???Cookie????????У?顢???????Web???????????????????
????CSRF????????α??????XSS?????CSRF?????????е?????????????????????????????????????????????????????????????????????CSRF???????????Token?????????????????Referer
????XXE??XML????????????XML?п???????????????????????????????????????????????????????????????????????????????????????XML??????????????????????????????
????36??CSRF??SSRF????????????????
????CSRF????????α???????????????
????SSRF?????????????α?????????????
???????????????????????????????????????????
????37???????????????????????????????????
???????????????д???????????????????????????????????????????????衢????????????????????????????????????????????????????
??????????????г????????????????? Cookie ??e??????? Session ?? Cookie ????α????????
?????????????д????????????????????????????? Javascript ????????????????????
????38???????????п???????????????????????????????
????get /ecskins/demo.jsp?uid=2016031900&keyword=”hello world”
????HTTP/1.1Host:*******.com:82User-Agent:Mozilla/
????5.0 Firefox/40Accept:text/css??*/*;q=0.1
????Accept-Language:zh-CN;zh;q=0.8;en-US;q=0.5??en;q=0.3
????Referer:http://*******.com/eciop/orderForCC/
????cgtListForCC.htm?zone=11370601&v=145902
????Cookie:myguid1234567890=1349db5fe50c372c3d995709f54c273d;
????uniqueserid=session_OGRMIFIYJHAH5_HZRQOZAMHJ;
????st_uid=N90PLYHLZGJXI-NX01VPUF46W;
????status=True
????Connection:keep-alive
????11
????39??????????ó????????????????????????????
????40??????????????????Щ??????????????
????41????????????????о????? CVE ?? POC??
????42???????????????????
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????
sales@spasvo.com