documentation
.HELP!
Documentation
XSS的高级利用部分总结-蠕虫、HTTP-only、AJAX本地文件操作、镜象网页-
previous page
next page
previous page
start
next page
Menu
Homepage
Table of contents
ÒµÎñÂ߼©¶´
OAuth
URL redirection-URLÖض¨Ïò
˳ÐòÖ´ÐÐ
˳ÐòÖ´ÐÐ
Óû§Ìåϵ
Óû§Ìåϵ
ÔÚÏßÖ§¸¶
ÔÚÏßÖ§¸¶
³£¹æWEB©¶´
Click Jackingµã»÷½Ù³Ö
Click Jacking-µã»÷½Ù³Ö
Clickjacking¹¥»÷¼°·ÀÓù
ClickJacking¼òµ¥Àí½â
clickjacking©¶´µÄÍÚ¾òÓëÀûÓÃ
²âÊÔPayload
CRLF
CRLF Injection©¶´µÄÀûÓÃÓëʵÀý·ÖÎö
Cross-site Request Forgery-CSRF
FlashCSRF
crossdomain.xmlÎļþÅäÖò»µ±ÀûÓÃÊÖ·¨
CSRF with Flash
Flash CSRF
Flash¿çÓòÊý¾Ý½Ù³Ö©¶´ -ÉÏ´«ÎļþÒý·¢-CSRF
Cross-site Request Forgery-CSRF
CSRF POC
CSRF POSTÇëÇó
CSRF-Scanner¡ª¡ª´òÔìÈ«×Ô¶¯¼ì²âCSRF©¶´ÀûÆ÷
Html5ÖÐÀûÓÃCSRFÉÏ´«Îļþ
JS
Javascript»º´æͶ¶¾Ñ§Ï°Óëʵս
Ç°¶Ëµ÷ÊÔ¸ú×Ùjs
JSON
JSONP °²È«¹¥·À¼¼Êõ
JSONPÍÚ¾òÓë¸ß¼¶ÀûÓÃ
ÀûÓÃJSONP½øÐÐË®¿Ó¹¥»÷
LDAP×¢È루LDAP Injection£©
LDAP×¢È루LDAP Injection£©
Race ConditionsÌõ¼þ¾ºÕù
Race Conditions-Ìõ¼þ¾ºÕù
SQL×¢È루SQL Injection£©
Access
AccessÆ«ÒÆ×¢Èë
ASP+ACCESSºǫ́дa.asp;.xlsÒ»¾ä»°
´ÓÒ»¸ö×¢Èëµãµ½ACCESS²éѯ½Ø¶Ï--16
ÀûÓÃ×Ó²éѯºöÂÔ×Ö¶ÎÃû-ACCESSÊý¾Ý¿â-ÀàËÆÆ«ÒÆ×¢Èë-Ö»ÐèÒªÖªµÀ±íÃû£¬ÎÞÐèÖªµÀ×Ö¶ÎÃû
log-dns
Log-Dns ÔÚSql×¢ÈëÖеÄÓ¦ÓÃ--¸÷ÖÖÊý¾Ý¿â·´Á¬
SQL Injection via DNS
Mongodb
Mongodb×¢Èë¹¥»÷
ÕÒMongodbµÄÁ½¸ö·½·¨
mssql
BackDoor
SqlServer 2005 Trigger-¿ÉÒÔʹÓÃxp_cmdshellÖ´ÐÐÃüÁî
±¨´í
mssql error based sqli using security functions
SQL Serverij´Î×¢Èë¹ý³Ì·ÖÎö
Normal
MSSQL³£ÓòÙ×÷¼°·½·¨×ܽá
MSSQLÊý¾Ý¿â±¸·Ý¼Ç¼ɾ³ý
¾µäMSSQLÓï¾ä´óÈ«ºÍ³£ÓÃSQLÓï¾äÃüÁîµÄ×÷ÓÃ
db_ownerȨÏÞϵÄ×¢Èë-¼¸ÖÖ±¸·Ý·½·¨
DB_OWNERȨÏÞÏÂÍøÕ¾ÓëÊý¾Ý¿â·ÖÀë»ñÈ¡mssql·þÎñÆ÷IP
mssql ³£¼û×齨ÐÞ¸´ÒÔ¼°ÀûÓÃÌí¼ÓÓû§Ö´ÐÐϵͳÃüÁî
mssql_saϳ£ÓúͲ»³£ÓÃÌáȨ²Ù×÷´óÈ«
MSSQL2000Á´½Ó·þÎñÆ÷µÄÃÜÂëÆƽâΪÃ÷ÎĵÄ©¶´
MSSQL2005ÊÖ¹¤Ã¤×¢½Ì³Ì
mssqlSAȨÏÞ¹¹½¨×¢ÈëµãµÄasp½Å±¾
MSSQL±¸·ÝÌáȨעÒâµã
Mssql-¸÷ÖÖ´æ´¢¹ý³ÌÐÞ¸´×ÊÁÏ
MSSQL¿ç¿â×¢Èë
mssqlÀûÓÃ×¢ÈëµãµÄ´æ´¢¹ý³ÌÔ¶³ÌÍÑ¿ã
MSSQLÊÖ¹¤×¢Èë±Ê¼Ç
MsSQLÊý¾Ý¿âÀûÓá°SQL SERVER AGENT¡±·þÎñÌáȨ
mssqlÌáȨ ³£ÓÃÃüÁîÌáȨ¼¼ÇÉ
MSSQLͨ¹ý×¢Èëµã»ñÈ¡Êý¾Ý¿âÐÅÏ¢
MSSQLд¶þ½øÖÆÊý¾ÝºÍÎı¾Êý¾Ý
MssqlÕ¾¡¢¿â·ÖÀëÌõ¼þϵÄ×¢Èë
MSSQL×¢ÈëPUBLICȨÏÞϵÄxp_dirtreeÔÙ¶ÈÀûÓ÷½·¨
MSSQL×¢ÈëÓï¾ä´óÈ«
MSSQL×¢Éä֪ʶ¿â v 1.0
MSSQL×¢Éä֪ʶ¿â v 1.0 ·Ç³£ÆëÈ«
Pangolin×¢Èëmssqlʱ¶ÔÖÐÎÄ×Ö·ûµÄ´¦Àí·½·¨
publicȨÏÞϵÄ×¢Èë¹¥»÷
saȨÏÞϵÄ×¢Èë-Ö´ÐÐÃüÁîµÄ¼¸ÖÖ·½Ê½
sql server Á½¸ö·þÎñÆ÷¼ä²Ù×÷Êý¾Ý½Å±¾
sql2005±¸·ÝshellµÄʱ-ÖÐÎÄ·¾¶
²îÒ챸·ÝÓëLOG±¸·ÝµÄÇø±ð
»ñÈ¡MsSQLÊý¾Ý¿âµÄsaÃÜÂëÌáȨ
ÍøÕ¾ºÍÊý¾Ý¿â·ÖÀëÌáȨ˼
Ô¶³ÌÁ¬½Ó¾ÖÓòÍøÄÚµÄMSSQL serverÖ®·À»ðǽµÄÅäÖÃ
mysql
BackDoor
Mysql Trigger-×÷ΪÊý¾Ý¿âºóÃÅ
±¨´í
Mysql±¨´í×¢ÈëµÄ4¸öÎÊÌâ-×Ö½ÚÊý-ÂÒÂ룬load_fie-
MySQL±©´í×¢Èë7ÖÖ·½·¨ÕûÀí
mysql´óÕûÊýÒç³ö±¨´í
mysqlµÄ×¢ÈëµÄËÄÖָ߼¶±¨´í·½Ê½
MySQLÓÖÒ»ÖÖ±¨´í×¢Èë--exp
SQL error-based injection payloads
SQL error-based injection ÐÂpayload
¹ØÓÚmysqlÐÂÐͱ¨´í×¢ÈëµÄѧϰ-»ùÓÚMysqlÊý¾ÝÀàÐÍÒç³ö
¾µäµÄMySQL Duplicate entry±¨´í×¢Èë
ÀûÓÃinsert£¬updateºÍdelete×¢ÈëµÄËÄÖÖ·½·¨£¬Ò²ÊÇÀûÓõı¨´í×¢ÈëµÄ¼¸ÖÖ·½·¨
ʹÓÃexp½øÐÐSQL±¨´í×¢Èë
ÐÂÐÍMysql±¨´í×¢Èë-»ùÓÚMysqlÊý¾ÝÀàÐÍÒç³ö
ÐÂÐÍMysql±¨´í×¢ÈëʹÓÃÀý×Ó-»ùÓÚMysqlÊý¾ÝÀàÐÍÒç³ö
¶àÓï¾ä
Mysql×¢ÈëÖеĶàÓï¾äÖ´ÐÐ
PHP+MySQL¶àÓï¾äÖ´ÐÐ
¾Ü¾ø·þÎñ
Mysql¾Ü¾ø·þÎñ
¿í×Ö½Ú
¿í×Ö½Ú×¢ÈëÏê½â-Êý¾Ý¿â×Ö·û¼¯ÉèÖá¢×ªÂ빦Äܺ¯Êý¡¢GBKµ½UTF-8×¢Ê͵¥ÒýºÅ
ÌØÊâ
concat±»¹ýÂËʱʹÓÃupdateXml ±¨´íµÄ¼¼ÇÉ
MYSQL 4.0ÀûÓñðÃû½øÐÐ×Ó²éѯºöÂÔ×Ö¶ÎÃû
Mysql ÁíÀàäעÖеÄһЩ¼¼ÇÉ-order by-limit-join...as--rand(tr
mysql¹ýÂ˶ººÅºÍ-ʱ¹¹ÔìÁªºÏ²éѯJOIN-from x for y-
MysqläעʱµÄÅжϷ½·¨£¬REGEXPÖð¸öÆ¥Åä
Mysql×¢Èë²»ÄÜʹÓöººÅ
mysql×¢ÈëµÄÎÊÌâ-¶ººÅ£¬Çл»Óû§£¬webĿ¼-
mysql×¢Èë¼ì²âpayload--xor sleep
Order by ºóÃæ²»ÄÜÓÃand×¢Èë×Ó²éѯ-ÔÒò¼°½â¾ö°ì·¨
SQL Injections in MySQL LIMIT clause by PROCEDURE-
±»¹ýÂËUNION SELECTʱinto outfile-ÀûÓÃÔÀ´µÄselectÓï¾ä
¹ýÂË-µ¼²»³öshell--µ¼³öÓï¾äÎÞÌØÊâ·ûºÅ£¬hex
äעÓï¾äÊÕ¼¯
ÕûÀíµÄmysql¸÷ÖÖλÖÃsql×¢Èë»ù±¾¼ì²âÓï¾ä
ÌáȨ
Mylsql mofÌáȨ
Mysql UDF ÌáȨ
Mysql UDF.dllÌáȨ²½Öè-Ö±Á¬mysqlʱ
Mysql UDF.dllÌáȨµÄÏêϸ¹ý³Ì¼°º¯Êý--ÔÚphp½Å±¾²»Äܳɹ¦Ê±£¬ÊÖ¹¤
Mysql Æô¶¯ÏîÌáȨ
MysqlÊý¾Ý¿â±¸·ÝľÂíÖÁÆô¶¯ÏîÌáȨ
MysqlÊý¾Ý¿âÀûÓÃUdfÌáȨ
MYSQLÌáȨ×ܽá
windows server 2008µÈͨ¹ýdllÌáȨ
Êý¾Ý¿â´¥·¢Æ÷ÌáȨʵÑé
ÍøÉϵÄMOFÌáȨ½Å±¾
Normal
Mysql²éѯÖдæÔÚϵͳ±£Áô×Ö·û£¬Èç#
MySQL³£ÓÃÄÚÖú¯Êý
mysqlÃüÁî´óÈ«(ÍêÕû°æ±¾)
MysqlȺÊý¾ÝÕûÀí¹ý³Ì
information_schema.schemata-Mysql²éѯ
load data fileʹÓÃÏê½â-¿ÉÒÔµÍȨÏÞ¶ÁÎļþ-
LOAD DATA LOCAL INFILE¶Áusr.myd ±»-00½Ø¶ÏµÄ´¦Àí·½·¨
Load_file() ÄÃshell ʵÀýÒÔ¼°ÍøÕ¾Ãô¸ÐĿ¼Îļþ-phpinfo»ñȡ·¾¶-¶ÁsamµÄÃÜ
load_file()²é¿´³£ÓõÄһЩÅäÖÃÎļþ
Mysql Union select - from information_schemaʵÀý
mysql-CREATE FUNCTION-DROP FUNCTIONÓï·¨
MysqlµÍȨÏÞÕ˺ÅÓÃLOAD DATA LOCAL¶ÁÎļþ
MYSQLÊý¾Ý¿âÃÜÂëµÄ¼ÓÃÜ·½Ê½¼°Æƽⷽ·¨
MysqlϵͳÃÜÂëµÄÈý¸öÎļþ£ºuser.MYD user.MYI user.frm
MySQLԽȨ¶ÁÈ¡Ñо¿-LOAD DATA LOCAL INFILE
Mysql×¢ÈëpayloadÊÕ¼¯
ʹÓÃselect - into outfileµÄÌõ¼þ
×¢ÈëʱµÄ´úÂë-Ö±½ÓÔÚµ±Ç°Êý¾Ý¿âÏÔʾËùÓÐÊý¾Ý¿âÄÚÈÝ
Oracle
Exploiting SQL Injection in ORDER BY on Oracle-ora
Hacking Oracle with Sql Injection
hibernate ¿ò¼Ü ×¢ÈëµÄÎÊÌâ
oracle 11g·ÇdbȨÏÞxxeäעµÄ¿ìËÙ»ñÈ¡´óÁ¿Êý¾Ý--ͨ¹ýxxe·¢ÆðhttpÇëÇó
Oracle error based injection
Oracle publicȨÏÞÓû§Í¨¹ýOracleË÷ÒýÌáȨ-CVE-2015-0393
Oracle UnionÊÖ¹¤×¢Èë
Oracle äע DBAȨÏÞÖ´ÐÐϵͳÃüÁîµÄÎÊÌâ
Oracle+JSPƽ̨עÈë¹¥»÷¼¼Êõ-²»Ö§³Öunion-·´Á¬
OracleJDBCÁ¬½Ó´®½âÃÜ»ñÈ¡µÇ¼ÃÜÂë
Oracleäע½áºÏXXE©¶´Ô¶³Ì»ñÈ¡Êý¾Ý
Oracleäע--×¢ÒâһЩº¯Êý
OracleÊý¾Ý¿âÀûÓÃJavaÖ´ÐÐϵͳÃüÁîÌáȨ
OracleÊý¾Ý¿â×¢ÈëʹÓá°--¡±À´Á¬½Ó×Ö·û
ORACLEͨ¹ýPL-SQLÖ´ÐÐÃüÁî-ÐèÒª¿ª·Å¶Ë¿Ú¼°È¨ÏÞ
ÎÞÐèuser-password¿ìËÙÈëÇÖOracleÊý¾Ý¿â
postgresql
Hacking PostgreSQL--ÌáȨ
postgresql udfÎļþ´ò°ü
PostgreSQL³£ÓòÙ×÷
PostgreSQL´Ó×¢ÈëµãдÎļþ
Postgres×¢È뷽ʽ×ܽá
SQL·ÀÓù
Data-Hack SQL×¢Èë¼ì²â--ÓûúÆ÷ѧϰÀ´×öÊý¾Ý·ÖÎö£¬´Ó¶ø¼ì²âSQL
Waf
360
360webscan·À×¢ÈëÈƹý(HPF)-ÀûÓöà¸ö²ÎÊýºÏ²¢-
360webscan¼ì²â½Å±¾Èƹý-ͨ¹ý°×Ãûµ¥path_info
CMSeasy 360Webscan Bypass
mysql ÌØÐÔÈƹý webscan360-union select
MysqlÓï·¨Èƹý360scan insert·À×¢Èë
Webscan360µÄ·ÀÓùÓëÈƹý
Èƹý360Ö÷»úÎÀÊ¿
ͨ¹ýunicode±àÂëÈƹýÍøÕ¾ÎÀÊ¿-¶Ô¹Ø¼ü×ÖµÄij¸ö×Ö·û½øÐÐUnicode±àÂë
modsecurity
ModSecurity SQL×¢Èë¹¥»÷ ¨C Éî¶ÈÈƹý¼¼ÊõÌôÕ½
ModsecurityÔÀí·ÖÎö--´Ó·ÀÓù·½Ãæ̸WAFµÄÈƹý£¨Ò»£©
ModsecutiryÈƹý-»Ø³µ¡¢»»ÐС¢×¢ÊÍ¡¢±àÂë-×¢Èëdiscuz7.2
Mssql
Mssql¹ýwaf
Á½Ìõasp¹ý·À×¢Èë¼°Êý¾Ý¿âÌØÐÔ
ÍøÕ¾°²È«¹·SQL×¢ÈëÀ¹½Øbypass--ÀûÓÃN¸ö½Ø¶Ï×Ö·û
Ò»¸öÓÐÒâ˼µÄͨÓÃwindows·À»ðǽbypass(ÔÆËøΪÀý)--selectÖÐeµÄ×ÖĸÄÜ·ñ±»-uµÄÆä
Mysql
Mysql -a0Èƹý·À×¢Èë
mysql syntax bypass some WAF
MySQL×¢Èë¼¼ÇÉ--²»Í¬Óï·¨Ìæ»»
MySQL×¢ÉäµÄ¹ýÂËÈƹý¼¼ÇÉ
ÈƹýwafµÄ×¢ÈëÅжÏ
ÉîÈëÁ˽âSQL×¢ÈëÈƹýwafºÍ¹ýÂË»úÖÆ-cmsÒÔ¼°wafÈƹý·½·¨
ʹÓÃMySQL×Ö·û´®ÔËËãʵʩ¾«ÇÉ»¯SQL×¢Èë¹¥»÷
ͨÓõĹØÓÚsql×¢ÈëµÄÈƹý¼¼ÇÉ£¨ÀûÓÃmysqlµÄÌØÐÔ£©
Í»ÆÆ·À×¢ÈëµÄ¼¼ÇÉ-mysqlº¯ÊýÌæ»»¡¢¶à²ÎÊý´¦Àí¡¢´òËé¹Ø¼ü×Ö
Ò»¸ömysqlÌØÐÔµ½wafÈƹý
ÔÚSQL×¢ÈëÖÐÀûÓÃMySQLÒþÐεÄÀàÐÍת»»ÈƹýWAF¼ì²â
waf¹æÔò
WAFÖ®SQL×¢Èë·ÀÓù˼··ÖÏí
°²È«¹·
Content-DispositionÍ»ÆÆ°²È«¹·ÉÏ´«
pdf¡¢zip¡¢rar¡¢pngÎļþ°üº¬Í»ÆÆ°²È«¹·
phpÈƹý°²È«¹·¼ì²âµÄСÂí¼°·ÖÎö-ÓÃÓÚÉÏ´«¹ý¹·Ò»¾ä»°
°²È«¹· 4.0.05221ʹÓÃnetÌí¼ÓÓû§
°²È«¹·Ð¹¦ÄܽûÖ¹iisÔËÐгÌÐòÈƹý
°²È«¹·Ö®ÉÏ´«Èƹýiis+apache°æ±¾Í¨É±
°²È«¹·×îаæV3.3ÈƹýÀ¹½Ø×¢È멶´
²Ëµ¶ÇáËÉ¿³É±°²È«¹·£¬aspÒ»¾ä»°ÖÐת½Å±¾
¹ý°²È«¹·ÊµÀý×ܽá
ÀûÓýضÏ-x00¡¢-x09Èƹý°²È«¹·
È«·½Î»Èƹý°²È«¹·
Èƹý°²È«¹·
Èƹý°²È«¹·ÉÏ´«
ʹÓò˵¶Í¨¹ýburp Èƹý»¤ÎÀÉñ Ò»¾ä»°ÖÐbase64_decode
ÌØÊâÎļþÃûÈƹý°²È«¹·ÉÏ´«
ͨ¹ý×î´ó¼ì²â³¤¶ÈÈƹý°²È«¹·
Í»ÆÆ°²È«¹·ÓëÉÏ´«ÏÞÖÆ-¶à´Î½Ø¶Ï
ÍøÕ¾°²È«¹·IIS6.0½âÎöwebshell·ÃÎÊÏÞÖÆbypass-ÀûÓÃÖÐÎij¬³¤×Ö·û´®
ÍøÕ¾°²È«¹·½ûÖ¹IISÖ´ÐгÌÐòbypass
ÍøÕ¾°²È«¹·×îаæÈƹý²âÊÔ--0A+×¢ÊÍ·û
ÓÃÊäÈë·¨v1Ñ¡Ôñ¡ûÈƹý°²È«¹·ÉÏ´«[3.3 08722]
¶þ½øÖÆÎļþÓò
sqlmap×¢Èë¹ý×îа²È«¹·-ÖÐת½Å±¾
ͨ¹ý¶þ½øÖÆÎļþÓòmultipart-form-dataµÄÉÏ´«·½Ê½Èƹýwaf
ͨ¹ý¶þ½øÖÆÎļþÓòÈƸ÷ÖÖWAFµÄPOST×¢Èë¡¢¿çÕ¾·ÀÓù
·ÖÎö
IPS BYPASS×ËÊÆ
mysql×¢Èë¹ýwaf±Ê¼Ç-select-1.0¡¢`mysql`.user¡¢mysql-252eus
SQL×¢ÈëÈƹýWAF²ßÂÔʵÀý·ÖÎö
WAF bypass×ܽá
WAF·ÖÎö¼°Èƹý·½·¨£¬¹ý¹·Ð¡Âí¼°ÖÐת½Å±¾
WAFÈƹý(ÍøÕ¾°²È«¹·Ê¾Àý)
WAFÖ®SQL×¢ÈëÈƹýÌôսʵ¼
¼ûÕвðÕУºÈƹýWAF¼ÌÐøSQL×¢Èë³£Ó÷½·¨
ijעÈëÌâĿ˼·ÒѾ·À×¢ÈëÈƹý-ÓÃa ---1 --- ¹¹ÔìÓÀÕæÓï¾ä
ÈçºÎÈƹýWAF£¨WebÓ¦Ó÷À»ðǽ£©
Ò»´Î¼èÄѵݲȫ¹·¹æÔòÈƹý
»¤ÎÀÉñ
Ãë¹ý¹ý»¤ÎÀÉñ-ÀûÓÃÎļþ°üº¬
Bypassing web application firewalls using HTTP hea
Bypass°¢ÀïÔƶܡ¢°Ù¶ÈÔƼÓËÙ¡¢°²È«±¦¡¢°²È«¹·¡¢ÔÆËø¡¢360Ö÷»úÎÀÊ¿SQL×¢Èë·ÀÓù
Bypass°Ù¶ÈÔƼÓËÙ-°¢ÀïÔƶÜ-ÌÚѶÔÆ°²È«-´´Óî¼ÓËÙÀÖSQL×¢Èë·ÀÓù
cookie×¢ÈëÈƹý
PHPÒ»¾ä»° ²Ëµ¶¹ý°²È«¹· ÖÐת½Å±¾ ½«ase64_decode×÷Ϊ²ÎÊý´«µÝ
±àÂë¹ýÂË´úÂëÈƹý
´æÔÚÃüÁîÖ´Ðв¢ÇÒÓа²È«¹·Ê±Ð´ÈëÒ»¾ä»°
¹ýwafµÄÓÃÓÚgetÐÍ´úÂëÖ´ÐЩ¶´µÄphp´úÂë
¹ýWAF·½·¨ÊÕ¼¯
¹ý°²È«¹·¼¼Êõ»ã×Ü£º
¼ÓËÙÀÖ×¢ÈëÈƹý
ÀûÓÃcookieд¹ý¹·Ò»¾ä»°ºÍ¿Í»§¶Ë
Èƹý°²È«¹·Ð´shellºÍÒþ²ØºóÃÅ´óÂí--дÈë´óÓÚ1MµÄÎļþ
ÕûÀíµÄ¼¸ÖÖ¹ý°²È«¹·µÄ°ì·¨
ÍÑ¿ã
sqlcmdÍÑmssqlÊý¾Ý¿â-´óÐÍ¿âºÜÓÐЧ-Õ¾¿â·ÖÀë
SQL´óÐÍÍøÂçÍÑ¿ã
base64±àÂë¿ìËÙÖÐתעÈë-×ÐϸעÒâ²ÎÊý-²»Òªµ¥´¿ÈÏΪÊÇ×Ö·û
in ×¢Èë¼ì²â
sqlÖÐ×Ö·ûÊý×ֱȽÏ
SQL×¢È루SQL Injection£©
SQL×¢È뱸Íüµ¥
SQL×¢Èë¹ØÁª·ÖÎö
²Ëµ¶¹ÜÀíhsqldbÊý¾Ý¿â
µ¥ÒýºÅÅжÏ×¢Èëµã
µ¼³ö´óÁ¿Êý¾ÝµÄ·½·¨
¸÷ÖÖÊý¾Ý¿â±£´æSQLÖ´ÐеÄÈÕÖ¾£¬¿ÉÓÃÓÚ×îÖÕʼþ
¿ìËÙ¶¨Î»DBÖÐÁжÔÓ¦µÄ±í-Mysql Mssql Oracle
ÀûÓÃSQL×¢ÈëÖÆÔìÒ»¸öºóÃÅ-ͨ¹ý´¥·¢Æ÷-²»ÄܶàÓï¾ä²éѯ--
Êý×ÖÐÍ×¢È멶´ÅжϷ¨
ËÑË÷ÐÍ×¢È멶´ÅжϷ¨
α¾²Ì¬SQL×¢Èë
×Ö·ûÐÍ×¢È멶´ÅжϷ¨
SSI£¨Server Side Include£©
SSI½âÎö£¨Server Side Include£©
SSRF£¨Server Side Request Forgery£©
SSRF£¨Server Side Request Forgery£©
ssrf+gopher=ssrfsocks
ÀûÓà Gopher ÐÒéÍØÕ¹¹¥»÷Ãæ
URL redirectionURLÖض¨Ïò
URL redirection-URLÖض¨Ïò
XML
XML External Entity attack XXE¹¥»÷
Having Fun with XML Hacking
java»·¾³ÏÂÀûÓÃblind xxeÀ´ÁÐĿ¼ºÍÎļþ¶ÁÈ¡-ftp-ghoperÐÒé
Preventing XXE in PHP-libxml_disable_entity_loader
XML External Entity attack-XXE¹¥»÷
XML°²È«Ö®Web Services--1¡¢±ÕºÏ£¬2¡¢XXE¡¢doc()£¬3¡¢DDOS
XMLʵÌå¹¥»÷
XXE-xmlʵÌå×¢Èë
ÄãËù²»ÖªµÀµÄXML°²È«
ÉñÆæµÄContent-Type¡ª¡ªÔÚJSONÖÐÍæתXXE¹¥»÷--ÐèҪͬʱ֧³ÖjsonºÍxml
XPATH×¢Èë(XPATH Injection)
XPATH InjectionºÍXXEÏà½áºÏµÄÀûÓÃ
XPATH×¢Èë(XPATH Injection)
XSCH (Cross Site Content Hijacking)
XSCH (Cross Site Content Hijacking)
¿çÕ¾ÄÚÈݽٳÖ
XSS(cross site scripting)
FlashXSS
³£¼ûFlash XSS¹¥»÷·½Ê½
·À·¶´ëÊ©
POC
jsonp̽Õë»ñÈ¡µÄÐÅÏ¢¹ýÂË
JSON̽Õ롪¶¨Î»Ä¿±êÍøÂçÐéÄâÐÅÏ¢Éí·Ý-POC
XSS½ØÆÁ-POC
XSSͨ¹ýActiveXObject·¢ËÍÎļþ¡¢Ö´ÐÐÃüÁî
»ñµÃÄÚÍøIP-POC
»ñµÃÖ¸¶¨Ò³ÃæµÄÄÚÈÝ-POC
ɨÃèÄÚÍøÍø¶ÎÖ÷»úËù¿ª·ÅµÄ¶Ë¿Ú-POC
XSSI
XSSI¹¥»÷ÀûÓÃ
·À»¤
xss·À»¤Ïà¹ØµÄ¿ªÔ´ÏîÄ¿--4¸ö³£ÓõÄHTTP°²È«Í·²¿
´æ´¢ÐÍXSS©¶´½â¾ö·½°¸--ÔÚÖ§³ÖÒµÎñ¸»Îı¾UGCµÄÇ°ÌáÏ£¬ÈçºÎÓÐЧ½â¾ö´æ´¢XSS©¶´
ÀûÓÃCSP̽²âÍøÕ¾µÇ½״̬£¨alipay-baiduΪÀý£©
½Å±¾¡¢Èƹý
Bypass xss¹ýÂ˵IJâÊÔ·½·¨
Chrome XSS Auditor Bypass Using SVG-Êä³öµãÔÚ-script-ÖеÄ
-input-ϵÄbypassÔ²À¨ºÅ()µÄ¼¼ÇÉ
locationÀ´Èƹý¹ýÂË(-(-)-&-)£¬¶øûÓйýÂËË«
locationÖ®ÁíÒ»¸ö»°Ìâ-ÆäËû¸ß¼¶ÀûÓÃ
Short XSS
XSS auditor bypass
XSS Bypassä¯ÀÀÆ÷
XSS Filter Evasion Cheat Sheet-88ÖÖ´¥·¢XSSµÄ·½·¨
XSS½Å±¾ÊÕ¼¯
XSSÌôÕ½Ìâ-Í»ÆƳ¤¶ÈÏÞÖÆ
XSSÏÖ´úWAF¹æÔò̽²â¼°Èƹý¼¼Êõ
XSSÖдúÌæ¿Õ¸ñµÄ·ûºÅ
Xss×Ö·û±àÂëÍ»ÆƹýÂË·½·¨×ܽá
¿çÕ¾²âÊÔÓëÀûÓÃÖеÄÈƹý¼¼Êõ
Í»ÆÆXSS×Ö·ûÊýÁ¿ÏÞÖÆÖ´ÐÐÈÎÒâJS´úÂë
¿Í»§¶Ë
È¥Äê¿ç¹ýµÄ¿Í»§¶Ë
antixss´úÂë
Cross IframeµÄ2¸ö¹æÔò¼°ÀûÓÃ
HTMLµÄ16½øÖÆתÒå·û HTML Punctuation Special Characters
JSONObjectÊä³öjson´®¿ÉÒý·¢XSS
-string-.source Èƹý±àÂ룿䶮
URL Hacking - Ç°¶Ëâ«ËöÁ÷
XSS(cross site scripting)
XSSµÄ¸ß¼¶ÀûÓò¿·Ö×ܽá-Èä³æ¡¢HTTP-only¡¢AJAX±¾µØÎļþ²Ù×÷¡¢¾µÏóÍøÒ³-
xss¿çÕ¾½Å±¾¹¥»÷»ã×Ü-¶ÔÕÕ-XSS_Filter_Evasion_Cheat_Sheet
XSS¿çÕ¾½Å±¾¹¥»÷ʵÀý½âÎö
XSSÀûÓÃÓëÍÚ¾ò
xssÈçºÎ¼ÓÔØÔ¶³ÌjsµÄһЩtips
XSSС¼Ç
XSSÓë×Ö·û±àÂëµÄÄÇЩʶù
´ÓXSSerµÄ½Ç¶È²âÊÔÉÏ´«Îļþ¹¦ÄÜ
´ÓÒ»¸öʵÀýµ½×ܽáÒ»²¿·Ö
´æ´¢ÐÍXss³ÉÒò¼°ÍÚ¾ò·½·¨
»ùÓÚDOMµÄXSS-¿É±»ÀûÓõĽű¾
ÀûÓô°¿ÚÒýÓ鶴ºÍXSS©¶´ÊµÏÖä¯ÀÀÆ÷½Ù³Ö
ÈçºÎXSS×Ô¶¯»¯ÈëÇÖÄÚÍø
ÌÔ±¦Ç°¶Ë°²È«Ê¹Óù淶
СËÉÊóµÄºÚħ·¨--XSS¶àÖÖÀûÓ÷½Ê½
ÑÓ³¤ XSS ÉúÃüÆÚ-DOM
±¾µØÎļþ°üº¬£¨Local File Include£©
±¾µØÎļþ°üº¬£¨Local File Include£©
´úÂë×¢È루CODE Injection£©
´úÂë×¢È루CODE Injection£©
ÃüÁîÖ´ÐУ¨OS Commanding£©
ÃüÁîÖ´ÐУ¨OS Commanding£©
ÃüÁîÖ´Ðв»ÄÜʹÓÿոñÈƹý
ÎļþÉÏ´«Â©¶´
±¾µØÏÞÖÆ
±¾µØÏÞÖÆ
ÈƹýwafÉÏ´«¼°ÌáȨ
ÈçºÎÔÚPNGͼƬµÄIDAT CHUNKSÖвåÈëWebshell
ÎļþÉÏ´«Â©¶´
Ô¶³ÌÎļþ°üº¬£¨Remote File Include£©
Ô¶³ÌÎļþ°üº¬£¨Remote File Include£©
Get in touch
Submit feedback about this site to:
[email protected]