当前位置:网站首页>Attack and defense world web practice area (weak_auth, simple_php, xff_referer)
Attack and defense world web practice area (weak_auth, simple_php, xff_referer)
2022-07-24 02:39:00 【Unknown white hat】
Catalog
weak_auth
Topic introduction
Topic ideas
Visit the shooting range
Generally, this kind of login is weak password
For example, the account number is admin
The password for 123456、admin、root etc.
It can also be used. BP Blasting
utilize burpsuite Burst code
Log in to the password you guessed admin/admin Intercept traffic packets
Upload to intruder
choice cluster bomb Explode account and password
Set up payload
Start blasting
The blast was successful
find flag
cyberpeace{dad2b6ebac23fe80a9dc79eb0c9e5b63}
simple_php
Topic introduction
Topic ideas
Visit the shooting range
PHP Content understanding
a=0 And a Not empty ; therefore a=0a
b>1234 And not pure numbers ; therefore b=1235aa
find flag
Cyberpeace{647E37C7627CC3E4019EC69324F66C7C}
xff_referer
Topic introduction
Topic ideas
Visit the shooting range
forge XFF
return referer
forge feferer
find flag
cyberpeace{e8b2f1bc317d06993ab6349580f5eda6}
边栏推荐
- js传参时传入 string有数据;传入 number时没有数据;2[0]是对的!number类型数据可以取下标
- Resumption: a deck of cards (54), three people fighting the landlord, what is the probability that the big and small kings are in the same family
- JpaRepository扩展接口
- Custom log annotation, request fetching
- Composition API (in setup) watch usage details
- 攻防世界WEB练习区(webshell、command_execution、simple_js)
- [diary of supplementary questions] [2022 Niuke summer multi school 2] k-link with bracket sequence I
- Detailed vector
- 【补题日记】[2022牛客暑期多校1]D-Mocha and Railgun
- 508. 出现次数最多的子树元素和-哈希表法纯c实现
猜你喜欢
输入cnpm -v出现cnpm : 无法加载文件 C:\Users\19457\AppData\Roaming\npm\cnpm.ps1,因为在此系统上禁止运行脚本。
Crop leaf disease identification system
Jina AI and datawhale jointly launched a learning project!
Backward quantum cryptography migration! NIST announces 12 Partners
攻防世界WEB练习区(view_source、get_post、robots)
22 -- range and of binary search tree
理解加载class到JVM的时机
SSM的技术论坛含前后台
![[diary of supplementary questions] [2022 Niuke summer school 1] i-chiitoitsu](/img/be/47b8a86399f760e7cd6181528884c6.png)
[diary of supplementary questions] [2022 Niuke summer school 1] i-chiitoitsu
![[management / upgrade] * 02. View the upgrade path * FortiGate firewall](/img/c7/da6db46d372e7462cd14852b662d6d.png)
[management / upgrade] * 02. View the upgrade path * FortiGate firewall
随机推荐
Backward quantum cryptography migration! NIST announces 12 Partners
Make life full of happiness
无需编码,自动实现“异步 Request-Reply”模式
关于 SAP 电商云 Spartacus UI Transfer State 冗余 API 请求发送的讨论
[diary of supplementary questions] [2022 Hangdian summer school 1] c-backpack
Custom log annotation, request fetching
Brief introduction of tfw6524 perfectly replacing imported pt6524 chip
分享一个基于Abp 和Yarp 开发的API网关项目
rust allow dead_ code
记于2022.7.21
Codeworks 5 questions per day (average 1500) - day 23
Only beautiful ones can be opened
【补题日记】[2022牛客暑期多校1]I-Chiitoitsu
Enter cnpm -v and cnpm appears: the file c:\users\19457\appdata\roaming\npm\cnpm.ps1 cannot be loaded because running scripts is prohibited on this system.
Mysql数据库,排序与单行处理函数篇
【FPGA教程案例38】通信案例8——基于FPGA的串并-并串数据传输
微信小程序实现折线面积图-玫瑰图-立体柱状图
Mysql database, sorting and single line processing functions
自定义log注解,请求抓取
【补题日记】[2022牛客暑期多校1]C-Grab the Seat