上一页 1 ··· 18 19 20 21 22 23 24 25 26 ··· 51 下一页
2020年5月6日
DVWA-3.4 CSRF(跨站请求伪造)-Impossible
摘要: Impossible Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_tok 阅读全文
posted @ 2020-05-06 16:35 zhengna 阅读(720) 评论(0) 推荐(0)
DVWA-3.3 CSRF(跨站请求伪造)-High-绕过token
摘要: High Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 阅读全文
posted @ 2020-05-06 16:34 zhengna 阅读(2410) 评论(0) 推荐(0)
DVWA-3.2 CSRF(跨站请求伪造)-Medium-绕过Referer验证
摘要: Medium Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Checks to see where the request came from if( stripos( $_SERVER[ 'HTTP_REFERER' ] ,$_SER 阅读全文
posted @ 2020-05-06 16:33 zhengna 阅读(1201) 评论(0) 推荐(0)
DVWA-3.1 CSRF(跨站请求伪造)-Low
摘要: Low Level 查看源码 <?php if( isset( $_GET[ 'Change' ] ) ) { // Get input $pass_new = $_GET[ 'password_new' ]; $pass_conf = $_GET[ 'password_conf' ]; // Do 阅读全文
posted @ 2020-05-06 16:31 zhengna 阅读(544) 评论(0) 推荐(0)
DVWA-2.4 Command Injection(命令注入)-Impossible-安全的白名单
摘要: Impossible Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_to 阅读全文
posted @ 2020-05-06 16:30 zhengna 阅读(864) 评论(0) 推荐(0)
DVWA-2.3 Command Injection(命令注入)-High-绕过强的黑名单
摘要: High Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = trim($_REQUEST[ 'ip' ]); // Set blacklist $substitutions = array( '&' 阅读全文
posted @ 2020-05-06 16:29 zhengna 阅读(930) 评论(0) 推荐(0)
DVWA-2.2 Command Injection(命令注入)-Medium-绕过弱的黑名单
摘要: Medium Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = $_REQUEST[ 'ip' ]; // Set blacklist 黑名单:删掉&&和; $substitutions = arr 阅读全文
posted @ 2020-05-06 16:28 zhengna 阅读(586) 评论(0) 推荐(0)
DVWA-2.1 Command Injection(命令注入)-Low
摘要: Low Level 查看源码 <?php if( isset( $_POST[ 'Submit' ] ) ) { // Get input $target = $_REQUEST[ 'ip' ]; // Determine OS and execute the ping command. if( s 阅读全文
posted @ 2020-05-06 16:17 zhengna 阅读(587) 评论(0) 推荐(0)
DVWA-1.4 Brute Force(暴力破解)-Impossible
摘要: Impossible Level 查看源码 <?php if( isset( $_POST[ 'Login' ] ) && isset ($_POST['username']) && isset ($_POST['password']) ) { // Check Anti-CSRF token 校验 阅读全文
posted @ 2020-05-06 16:06 zhengna 阅读(1275) 评论(0) 推荐(0)
DVWA-1.3 Brute Force(暴力破解)-High-绕过token
摘要: High Level 查看源码 <?php if( isset( $_GET[ 'Login' ] ) ) { // Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 阅读全文
posted @ 2020-05-06 16:04 zhengna 阅读(2136) 评论(0) 推荐(1)
上一页 1 ··· 18 19 20 21 22 23 24 25 26 ··· 51 下一页