-
漏洞测试平台——SQLi-labs
SQLi-labs是个专门用来学习SQL注入的开源漏洞测试平台,基于php+mysql开发,所以里面涉及的SQL注入都是mysql语法。下载的地址是https://github.com/Audi-1/sqli-labs下载安装按照readme里面要求即可,这里不多废话。下面是每个题目的具体分析:1、error based string sqli首先是源码:$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";$result=mysql_qu...…
-
从零开始学安全
最近投了一堆安全的summer intern,结果不是被拒就是杳无音讯,一个oa或者是电面的机会都没有,自己也实在提不起兴趣找SDE的工作。然后回顾自己去年一年,在学校挣扎着完成课程和在实验室写写代码,安全方面似乎没有丝毫的进步。我发现自己总是在一件事情上不能坚持很长时间,还总是给自己找一堆事情来做,显得自己很牛逼,结果最后很多事情都做不好。想来想去,发现就是自己还是太浮躁了,口口声声说自己对什么什么感兴趣,结果都是嘴上吹牛逼说说几个名词。如果要让我不借助网络来解释某个东西的原理,用中文十...…
-
bug bounty note—-UBER
free uber:POST /api/dial/v2/requests HTTP/1.1 Host: dial.uber.com {“start_latitude”:12.925151699999999,”start_longitude”:77.6657536,“product_id”:”db6779d6-d8da-479f-8ac7-8068f4dade6f”,”payment_method_id”:”xyz”}change payment_method_idreference url...…
-
some useful Linux command
find . -iwholename '*make*' -not -name CMakeLists.txt -deletethis command is like the “cmake clean” but you should make sure there are no more other files contain make in their name.…
-
install eclipse on ubuntu 14.04
before install, you should update your JRE and JDK to 8:Final UpdateJDK<span class="pln">sudo apt</span><span class="pun">-</span><span class="pln">get install openjdk</span><span class="pun">-</span>...…
-
ROS study note
You can choose any editor you like to implement you ROS project. There are some official IDE configuration for ROS : http://wiki.ros.org/IDEsI prefer using VIM. There is an VIM plugin named rosvim we can use. To install it:(I use spf13-vim so it u...…
-
gdb命令笔记
编译的时候: -g开始调试:gdb [-tui] test设置断点:(gdb) breakpoint test.c:123 or (gdb) b main运行程序(后面可以跟参数):(gdb) run [arg1 arg2]清除断点:(gdb) clear跟踪堆栈:(gdb) where打印参数:(gdb) print f.BlockType用16进制打印:(gdb) print/x f.BlockType单步调试(不进入函数内部):(gdb) next or (gdb) n单步调试(进...…
-
PHP弱类型漏洞总结
首先说下强弱类型,根据维基百科的定义: In computer programming, programming languages are often colloquially classified as strongly typed or weakly typed (loosely typed). These terms do not have a precise definition, but in general, a strongly typed language is mor...…
-
pwnable.kr-uaf
题目描述: Mommy, what is Use After Free bug? ssh [email protected] -p2222 (pw:guest)根据题目描述我们知道该题考察UAF(use after free)漏洞,关于UAF,简单说下就是内存地址在free后并没有被销毁,下次为相同的结构类型分配大小类似的空间时,之前的内存空间会被重新使用,如果第二次的指针能够被用户所控制,就造成了UAF漏洞。然后有些基础知识(转自:http://blog.csdn.net/qq_20307...…
-
pwnable.kr-cmd2
题目描述: Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission… but I wanna play anytime I want! ssh [email protected] -p2222 (pw:flag of cmd1)这题ssh的登陆密码是cmd1的flag,登陆后查看cmd2.c的源代码:...…