-
深入理解多種 PHP 系統函數的差別 (system, shell_exec, exec, passthru, popen, proc_open)
在戳 Webshell 時,時常會被 Disable Function 給雷,而網路上的各種 Cheat Sh […]
-
Cross-site scripting (XSS) (PortSwigger Writeup)
我覺得 XSS 的題目都有一點通,還有一點無聊 QQ Contents Lab: Reflected XSS […]
-
簡單 PHP Webshell 免殺
原本想隨便寫一個 Webshell 測試使用,但一下就被 Defender 吃掉了 然後發現隨便繞一下,就輕鬆 […]
-
PHP Linux Extensions Hello World
要做這個主要是碩論的研究跟 RASP 有一點點關係,而 PHP RASP 需要透過 PHP Extenstio […]
-
Server-side request forgery (SSRF) (PortSwigger Writeup)
Contents Lab: Basic SSRF against the local server題目敘述題目 […]
-
Business logic vulnerabilities (PortSwigger Writeup)
Contents Lab: Excessive trust in client-side controls題目 […]
-
WebSockets (PortSwigger Writeup)
Contents Lab: Manipulating WebSocket messages to exploi […]
-
Access control vulnerabilities (PortSwigger Writeup)
Contents Lab: Unprotected admin functionality題目敘述題目解釋解答 […]
-
Server-side template injection (PortSwigger Writeup)
Contents Lab: Basic server-side template injection題目敘述題 […]
-
Information disclosure (PortSwigger Writeup)
Contents Lab: Information disclosure in error messages題 […]