摘要：1、除了SQL注入外还要考虑XPTH的过滤。 在用户名处注入 Smith' or 1=1 or 'a'='a，这将会显示你登录系统的第一个用户。密码是必须的字段，可以任意输入。 阅读全文

摘要：The grey area below represents what is going to be logged in the web server's log file.* Your goal is to make it like a username "admin" has succeeded 阅读全文

摘要：1、The user should be able to exploit the concurrency error in this web application and view login information for another user that is attempting the 阅读全文

摘要：1、代码审查 Developers are notorious for leaving statements like FIXME's, TODO's, Code Broken, Hack, etc... inside the source code. Review the source code 阅读全文