PHP deserialization & Construction of POP chain -- CTF pklovecloud in the fifth space of 2021

0x00 Preface There are many articles on online and PHP deserialization & pop chain construction. The author briefly explains its related knowledge here. Learning, expanding and reviewing relevant knowledge from a problem will get twice the result with half the effort. 0x01 serialization and deserialization To facilitate the storage and t ...

Posted on Mon, 20 Sep 2021 23:50:56 -0400 by jonners

Common global filtering methods in Java security code audit

summary There are three common global filtering methods in Spring: Filter, Conterceptor and Aspect. The execution order of the three is: Filter > conterceptor > aspect.Filter is executed before the request reaches the specific Controller, so it cannot obtain the data related to the Controller, and can only process the request and respon ...

Posted on Thu, 16 Sep 2021 17:22:25 -0400 by anthony522

Sensitive information collection

Sensitive information collection Sensitive information related documents robots.txt index.php~ .index.php.swp index.php.swp index.php.bak .index.php~ index.php.bak_Edietplus index.php.~ index.php.~1~ index.php index.php~ index.php.rar index.php.zip index.php.7z index.php.tar.gz www.zip www.rar www.zip www.7z www.tar.gz www.tar web.zip web.rar ...

Posted on Fri, 10 Sep 2021 04:31:54 -0400 by pozer69