随笔分类 -  安全主题

How I Hacked Facebook with a Word Document
摘要:In one day I decided to stop hunting Bugs in Facebook Mobile android , IOS and Windows phone apps and start hunting bugs in facebook.com website. I sa 阅读全文
posted @ 2016-10-23 21:05 独裁者 阅读(772) 评论(0) 推荐(0)
Playing with Content-Type – XXE on JSON Endpoints
摘要:aaa 阅读全文
posted @ 2016-10-05 16:41 独裁者 阅读(201) 评论(0) 推荐(0)
Hijacking tons of Instapage expired users Domains & Subdomains
摘要:Hello all so this post is about how I was able to hijack ton’s of domains/subdomains who using Instapage if there service got expired. What is instapa 阅读全文
posted @ 2016-10-04 10:02 独裁者 阅读(439) 评论(0) 推荐(0)
Hostile Subdomain Takeover using HerokuGithubDesk + more
摘要:Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service provi 阅读全文
posted @ 2016-10-03 20:56 独裁者 阅读(436) 评论(0) 推荐(0)
XSS for domain takeover
摘要:TLDR C'mon, show me the XSS domain takeover 5 mins later… So how did you take over the domain? So is this bad? 阅读全文
posted @ 2016-09-21 23:34 独裁者 阅读(299) 评论(0) 推荐(0)
XSS via XML POST
摘要:I was bug hunting on a site which looked like this: POST /snip/snippet.php HTTP/1.1 <?xml version="1.0"?> I tested in BURP for XSS in XML, and it work 阅读全文
posted @ 2016-09-21 22:44 独裁者 阅读(379) 评论(0) 推荐(0)
ReadingWriting files with MSSQL's OPENROWSET
摘要:Unfortunately,MicrosoftSQLServer'sSQLdialectTransact-SQLdoesnotsupportreadingandwritingfilesinaneasywayasopposedtoMySQL'sLOAD_FILE() functionandINTOOU... 阅读全文
posted @ 2015-06-19 16:28 独裁者 阅读(275) 评论(0) 推荐(0)
Clickjacking简单介绍
摘要:0x00 相关背景介绍Clickjacking(点击劫持)是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼在2008年首创的。是一种视觉欺骗手段,在web端就是iframe嵌套一个透明不可见的页面,让用户在不知情的情况下,点击攻击者想要欺骗用户点击的位置。由于点击劫持的出现,便出现了反frame嵌套... 阅读全文
posted @ 2015-04-03 21:37 独裁者 阅读(3805) 评论(0) 推荐(0)
False SQL Injection and Advanced Blind SQL Injection
摘要:######################################################################ExploitTitle:FalseSQLinjectionandadvancedblindSQLinjection##Date:21/12/2011##Aut... 阅读全文
posted @ 2015-02-21 13:10 独裁者 阅读(189) 评论(0) 推荐(0)
Faster Blind MySQL Injection Using Bit Shifting
摘要:####http://h.ackack.net/faster-blind-mysql-injection-using-bit-shifting.htmlforaHTMLversion#MadebyJelmerdeHen#H.ackAck.net#####Whilestrollingthroughmy... 阅读全文
posted @ 2015-02-12 12:08 独裁者 阅读(210) 评论(0) 推荐(0)
通用的关于sql注入的绕过技巧(利用mysql的特性)
摘要:1直接上语法2select*fromuserswhereid=8E0unionselect1,2,3,4,5,6,7,8,9,03select*fromuserswhereid=8.0unionselect1,2,3,4,5,6,7,8,9,04select*fromuserswhereid=\N... 阅读全文
posted @ 2015-02-08 17:39 独裁者 阅读(2132) 评论(0) 推荐(0)