02 2021 档案

Portswigger web security academy:Clickjacking (UI redressing)
摘要:Portswigger web security academy:Clickjacking (UI redressing) 1 - Basic clickjacking with CSRF token protection 题目描述 登陆后可以删除账号,但是该功能点有csrf token保护 要求 阅读全文
posted @ 2021-02-28 21:33 autumnnnnnnnnn 阅读(215) 评论(0) 推荐(0)
Portswigger web security academy:Cross-origin resource sharing (CORS)
摘要:Portswigger web security academy:Cross-origin resource sharing (CORS) 1 - CORS vulnerability with basic origin reflection 题目描述 该网站的跨域设置不安全,允许所有跨域请求 要求 阅读全文
posted @ 2021-02-28 17:10 autumnnnnnnnnn 阅读(427) 评论(0) 推荐(0)
Portswigger web security academy:XML external entity (XXE) injection
摘要:Portswigger web security academy:XML external entity (XXE) injection 1 - Exploiting XXE using external entities to retrieve files 题目描述 Check stock功能点可 阅读全文
posted @ 2021-02-27 17:02 autumnnnnnnnnn 阅读(293) 评论(0) 推荐(0)
Portswigger web security academy:Cross-site request forgery (CSRF)
摘要:Portswigger web security academy:Cross-site request forgery (CSRF) 1 - CSRF vulnerability with no defenses 题目描述 邮箱修改功能点存在CSRF漏洞 要求 通过CSRF修改受害者邮箱 解题过程 阅读全文
posted @ 2021-02-26 23:20 autumnnnnnnnnn 阅读(359) 评论(0) 推荐(0)