上一页 1 ··· 18 19 20 21 22 23 24 25 26 ··· 51 下一页
2020年5月6日
DVWA-4.2 File Inclusion(文件包含)-Medium-双写绕过str_replace替换规则
摘要: Medium Level 服务器端核心代码 <?php // The page we wish to display $file = $_GET[ 'page' ]; // Input validation $file = str_replace( array( "http://", "https: 阅读全文
posted @ 2020-05-06 16:39 zhengna 阅读(1164) 评论(0) 推荐(0)
DVWA-4.1 File Inclusion(文件包含)-Low
摘要: File Inclusion File Inclusion,意思是文件包含(漏洞),是指当服务器开启allow_url_include选项时,就可以通过php的某些特性函数(include(),require()和include_once(),require_once())利用url去动态包含文件, 阅读全文
posted @ 2020-05-06 16:36 zhengna 阅读(653) 评论(0) 推荐(0)
DVWA-3.4 CSRF(跨站请求伪造)-Impossible
摘要: Impossible Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_tok 阅读全文
posted @ 2020-05-06 16:35 zhengna 阅读(729) 评论(0) 推荐(0)
DVWA-3.3 CSRF(跨站请求伪造)-High-绕过token
摘要: High Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 阅读全文
posted @ 2020-05-06 16:34 zhengna 阅读(2443) 评论(0) 推荐(0)
DVWA-3.2 CSRF(跨站请求伪造)-Medium-绕过Referer验证
摘要: Medium Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Checks to see where the request came from if( stripos( $_SERVER[ 'HTTP_REFERER' ] ,$_SER 阅读全文
posted @ 2020-05-06 16:33 zhengna 阅读(1212) 评论(0) 推荐(0)
DVWA-3.1 CSRF(跨站请求伪造)-Low
摘要: Low Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Get input $pass_new = $_GET[ 'password_new' ]; $pass_conf = $_GET[ 'password_conf' ]; // Do 阅读全文
posted @ 2020-05-06 16:31 zhengna 阅读(549) 评论(0) 推荐(0)
DVWA-2.4 Command Injection(命令注入)-Impossible-安全的白名单
摘要: Impossible Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_to 阅读全文
posted @ 2020-05-06 16:30 zhengna 阅读(870) 评论(0) 推荐(0)
DVWA-2.3 Command Injection(命令注入)-High-绕过强的黑名单
摘要: High Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = trim($_REQUEST[ 'ip' ]); // Set blacklist $substitutions = array( '&' 阅读全文
posted @ 2020-05-06 16:29 zhengna 阅读(941) 评论(0) 推荐(0)
DVWA-2.2 Command Injection(命令注入)-Medium-绕过弱的黑名单
摘要: Medium Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = $_REQUEST[ 'ip' ]; // Set blacklist 黑名单:删掉&&和; $substitutions = arr 阅读全文
posted @ 2020-05-06 16:28 zhengna 阅读(593) 评论(0) 推荐(0)
DVWA-2.1 Command Injection(命令注入)-Low
摘要: Low Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = $_REQUEST[ 'ip' ]; // Determine OS and execute the ping command. if( s 阅读全文
posted @ 2020-05-06 16:17 zhengna 阅读(593) 评论(0) 推荐(0)
上一页 1 ··· 18 19 20 21 22 23 24 25 26 ··· 51 下一页