In 2020ciscn final .We meet an easy js prototype pollution attack question named “Final-Monster Battle”.In my fault,it makes me angur.I understand if you want learn some thing well you need practice it.practice make perfect!
In 2020ciscn final .We meet an easy js prototype pollution attack question named “Final-Monster Battle”.In my fault,it makes me angur.I understand if you want learn some thing well you need practice it.practice make perfect!
There are some interesting php pop chain I really enjoy it.
Symmetric Cryptography means this encryption algorithm use the same key for encryption and decryption. Although I am a web dog, encryption algorithm in some web question recently let me broken heart.
国庆返校了,感觉这是最后一段时间在学校,发现实验室有一台废弃的笔记本(4G内存,240G固态,废物U),丢了怪可惜的,就用这个笔记本来搭建一套基础设施吧。最后成效是靶场和所有题目穿透出网
最近项目中碰到了两个shiro反序列化,能出网反弹shell失败的情况,和公司师傅请教了一下,豁然开朗,修改了一下ysoserial的一些源码,也成功打通了
改动的仓库https://github.com/Kit4y/shuyu-ysoserial
打包版本https://github.com/Kit4y/Awesome_shiro/tree/master/shiro_shuyu
两次项目均是这种情况,可以出网,可以反弹shell,但是命令执行就是没有回显
这是java代码审计入门的第三篇,其实才算真的入门了一点java代码审计的皮毛
如果大家对java一点都不懂,还是建议看本博客前2篇关于反序列化和反射的基础知识
这个漏洞挺久远的,但是又很常见,还是有很多站点有这个问题,但是之前总是没打通,分析了一下发现是自己的姿势错了,感谢菠萝师傅远程帮我调试
目录
Update your browser to view this website correctly. Update my browser now