-
深入理解多種 PHP 系統函數的差別 (system, shell_exec, exec, passthru, popen, proc_open)
在戳 Webshell 時,時常會被 Disable Function 給雷,而網路上的各種 Cheat Sh…
-
Cross-site scripting (XSS) (PortSwigger Writeup)
我覺得 XSS 的題目都有一點通,還有一點無聊 QQ Contents Lab: Reflected XSS …
-
簡單 PHP Webshell 免殺
原本想隨便寫一個 Webshell 測試使用,但一下就被 Defender 吃掉了 然後發現隨便繞一下,就輕鬆…
-
PHP Linux Extensions Hello World
要做這個主要是碩論的研究跟 RASP 有一點點關係,而 PHP RASP 需要透過 PHP Extenstio…
-
Server-side request forgery (SSRF) (PortSwigger Writeup)
Contents Lab: Basic SSRF against the local server題目敘述題目…
-
Business logic vulnerabilities (PortSwigger Writeup)
Contents Lab: Excessive trust in client-side controls題目…
-
WebSockets (PortSwigger Writeup)
Contents Lab: Manipulating WebSocket messages to exploi…
-
Access control vulnerabilities (PortSwigger Writeup)
Contents Lab: Unprotected admin functionality題目敘述題目解釋解答…
-
Server-side template injection (PortSwigger Writeup)
Contents Lab: Basic server-side template injection題目敘述題…
-
Information disclosure (PortSwigger Writeup)
Contents Lab: Information disclosure in error messages題…