Page 31-Safety Programming Tutorials: Learn Safety Online-php.cn

Article Tags

Safety

Home

Technical articles

Operation and Maintenance

Safety

How to implement manual SQL injection

SQL injection is one of the common methods used by *** to attack the database. Its core idea is: *** constructs a database query code after the normal URL that needs to call the database data, and then based on the returned results, obtain Some data you want. Next, we will perform SQL injection on the *** platform that has been built before. The ultimate goal is to obtain the administrator account and password of the website. Target server IP address: 192.168.80.129, *** host IP address: 192.168.80.128. (1) Find the injection point, open a web page at random, and pay attention to the URL. The injection point must be something like "http://192.168.80.129/shownews

May 20, 2023 pm 07:13 PM

SQL

How to deploy Django

PART1. Safety First The best time to fix vulnerabilities is during development. 1.1CSRFTOKENCSRFTOKEN is a very important security measure in the Django security system. However, in many cases, some students who have just come into contact with Django will find that the form they finally wrote will report an error during POST. After some searches, they find that it is a CSRFTOKEN problem, and then follow the online method to divide the settings by three and five. All CSRFTOKEN configurations in .py were removed and the code ran normally. Familiar people don’t know that this kind of operation will greatly affect the security of the website and increase the cost of patching vulnerabilities in the later stage; eliminating security problems in the development stage is the cost

May 20, 2023 pm 05:26 PM

django

How to write a database mining script

01.Code1#! The first line of the/bin/sh script looks like a line of comments, but it is not. It specifies which SHELL will be used to execute the next script. The bash, zsh, etc. we usually use are a superset of sh. This script uses sh as the execution shell, which has better portability. 02.Code2setenforce02>dev/nullechoSELINUX=disabled>/etc/sysconfig/selinux2>/dev/nullsetenforce is the Linux selinux firewall configuration command, execute sete

May 20, 2023 pm 05:02 PM

数据库

What is the reverse analysis and protection mechanism of Android APP?

Want to know the common protection methods for Android Apps and their corresponding reverse analysis methods? Android APP security includes a lot of content. This time we share obfuscated code, overall Dex reinforcement, split Dex reinforcement, virtual machine reinforcement, etc. In fact, these contents are also a major trend in Android App security protection in China in recent years. 1. Obfuscated code Java code is very easy to decompile. As a cross-platform, interpreted language, Java source code is compiled into intermediate "bytecode" and stored in class files. Due to cross-platform requirements, these bytecodes carry a lot of semantic information and can be easily decompiled into Java source code. In order to protect Java source code well, developers often compile

May 20, 2023 pm 04:20 PM

App

How to implement virtual machine NAT mode to access the Internet

When using a vmware virtual machine to learn Linux, the common problem encountered is that the host machine cannot communicate normally and the virtual machine cannot access the Internet normally. Here is a detailed configuration for easy reference later. After installing the vmware software, you must have the NAT mode to use Virtual network card VMnet8, here we take win10 as an example to return to the virtual machine settings: To use NAT mode, the vmnet8 network card here must be connected and used. Both gray ticks must be checked. Here you only need to confirm whether NAT mode is enabled. Then the network configuration of Linux is as follows: [root@zabbix~]#cat/etc/sysconfig/network-scripts/ifcf

May 20, 2023 pm 03:22 PM

虚拟机nat

How to Conduct Authorized APK Penetration Testing

As a penetration testing novice, the purpose of this article is to provide some testing ideas for those novices like me. The content involved may be relatively basic, cousins, please forgive me. After unpacking the APK and getting the apk, use 7-Zip to unzip it directly to get several folders, an AndroidManifest.xml file, and a dex file. Use dex2jar https://sourceforge.net/projects/dex2jar/ to decompress this dex file to generate a jar file, and then use jd-gui to view the java source code. Of course, you can find loopholes in the code from the source code, but there is usually confusion, so we won’t discuss it in depth here.

May 20, 2023 pm 12:29 PM

apk

What are the classifications of IP addresses?

Introduction to IP addresses: Any device that can access the Internet must have an IP address; and each IP address is equivalent to everyone must have a name; common IP addresses look like, such as the default of TP-Link wireless routing Address: 192.168.1.1 Configure the IP address of your own network card: 192.168.1.2255.255.255.0 Note: The IP address must appear in pairs with the subnet mask, otherwise it is meaningless; check the IP address configuration of your own network card: 1. Graphically Interface (click through the mouse) - that is, win system 2. Through the command line #Open the run, enter cmd, call the "command line window"; #Enter the command: ipconfig//display network

May 20, 2023 am 11:34 AM

ip地址

Clear Windows computer traces

(1) Clear recently opened files in File Explorer, click the small arrow in the upper right corner, click the View menu, and select Clear under General (2) Disk wipe using the system's own tool cipher. How to use: Open cipher w/:C from the command line, where c For disk, it can be changed to D or E

May 20, 2023 am 10:40 AM

Windows

Example analysis of remote code execution vulnerability in vBulletin5.x version

1. Vulnerability introduction: There is a file inclusion issue in vBulletin, which allows malicious visitors to include files from the vBulletin server and execute arbitrary PHP code. An unverified malicious visitor can trigger the file inclusion vulnerability by issuing a GET request containing the routestring= parameter to index.php, eventually leading to a remote code execution vulnerability. 2. Vulnerability principle The index.php page sends a GET request to use the routestring parameter include When working with local files, functional functions are called layer by layer to filter the value of routestring. Let’s look at the main processing code. The code is located in /includes/vb5/frontend

May 19, 2023 pm 11:46 PM

vBulletin5

What is the webshell analysis of obfuscated deformation?

What is WebShell? In the beginning, Webshell was often used as the abbreviation of a type of script used by Web server administrators to remotely manage the server. Later, with the birth of some Webshell management tools, the process of obtaining Web permissions was greatly simplified, so it was gradually called a Web intrusion tool script. Webshell is different from vulnerabilities, but uses application vulnerabilities or server vulnerabilities (file upload vulnerabilities, file inclusion vulnerabilities, etc.) to upload script files to the server for subsequent exploitation. It belongs to the subsequent exploitation of penetration testing and the TA0002Execution (execution) stage of ATT&CK. Figure 1TA0002 reference source: https

May 19, 2023 pm 11:07 PM

webshell

How to analyze the EIGRP protocol

1. Brief description of EIGRP protocol EIGRP (Enhanced Inerior Gateway Routing Protocol) is a balanced hybrid routing protocol that combines the advantages of distance vector and link state routing protocols. It is also a CISCO proprietary protocol. EIGRP is an efficient routing protocol. Its characteristics are: establishing and maintaining neighbor relationships by sending and receiving Hello packets, and exchanging routing information; using multicast (224.0.0.10) or unicast for routing updates; EIGRP management Distances are 90 and 170; use triggered updates to reduce bandwidth usage; support variable length subnet mask (VLSM), automatically enabled by default

May 19, 2023 pm 09:57 PM

eigrp

How to write Android login interface

0x01Android Programming---The login interface explains that this must be learned when learning programming. This time we will not operate the database. There is no registration interface, just a simple login interface. The demo is still modified as before. Well, I know how to do it anyway, so I’m going to be lazy. 1. Change the layout first of all a user name frame. Then a login password box. Then there is a login button to preview our interface. We make a simple adjustment. The overall code is as follows: 2. Bind the control. Well, in order to resemble a login interface, I also changed the name. So rebind. 3. Logically write login.setOnClickListener(newView.OnClickLis

May 19, 2023 pm 09:52 PM

Android

How to implement empty array in Javascript

Empty Array If you want to clear an array, just set the length of the array to 0. Well, this is a bit simple. varplants=['Saturn','Earth','Uranus','Mercury','Venus','Earth','Mars','Jupiter'];plants

May 19, 2023 pm 08:12 PM

JavaScript

How to briefly discuss the security issues of APP

1 Background Analysis When the Internet era came, people once lamented that everything was being digitized. Today, everything is mobile. In the streets and alleys, people were busy swiping their screens with their heads down. According to statistics from foreign authoritative organizations, Chinese smartphones have accounted for 96% of total mobile phone sales. The ancient feature phones have basically withdrawn from the stage of history. According to a recent report by eMarketer, an American market research company, data from Gartner, an authoritative market research organization, shows that in China, smartphones account for 96% of mobile phone sales, while the United States also accounts for 96%. In other words, at the hardware level of mobile Internet, China and the United States are already on the same level. The popularity of smart phones has promoted the rapid development of mobile apps. Currently, mobile apps can involve

May 19, 2023 pm 07:52 PM

App