Code Vulnerability Scanning Common Vulnerabilities
1. Log Injection (Log Forging Vulnerability)
Vulnerability Description Writing unauthenticated user input to a log file can cause an attacker to forge log entries or inject malicious information into the log. A bug in log forgery occurs when:
Data enters the application from an untrusted ...
Posted on Sun, 05 Dec 2021 14:57:20 -0500 by AaZmaN
General type: the vulnerability corresponding to the third-party software, application and system. Each user using the software or application system has this vulnerability. If a vulnerability is found, it can block n more than one website
Event type: non general vulnerability, which mainly refers to the specific vulnerability of ...
Posted on Sun, 05 Dec 2021 04:21:11 -0500 by TangoGirl
backgroundRecently, the project has been launched, and Party A requires to pass the safety inspection before acceptance. Therefore, a series of safety reinforcement has been carried out for the system according to the scanning results. This paper introduces some common safety problems and protection strategies, and provides corresponding soluti ...
Posted on Sat, 04 Dec 2021 19:14:29 -0500 by tomdude48
Cryptography is a technical science that studies the compilation and deciphering of passwordsThe technical and scientific science of keeping information confidential is called cryptocodingCryptography is the science and technology for deciphering cryptography
Basic Model of Information Security
Basic cryptographic ...
Posted on Sat, 04 Dec 2021 14:11:13 -0500 by mhewall
DOS command, a computer term, refers to the command of DOS operating system, which is a disk oriented operation command.
1DOS command classification
DOS commands provided for users can be divided into three categories:
1.1 internal commands
It is a part of the resident memory in DOS command. It is loaded into memory by the ...
Posted on Tue, 30 Nov 2021 22:53:46 -0500 by tukon
What is CGI
CGI Full name"Universal Gateway Interface"(Common Gateway Interface)，be used for HTTP A tool by which a server communicates with program services on other machines, CGI The program must run on the network server.
tradition CGI The main disadvantage of the interface mode is poor performance because each time ...
Posted on Tue, 30 Nov 2021 09:02:40 -0500 by David-fethiye
Blind injection of sql injection
Blind injection principle
Boolean blind note
Time blind injection
sqlmap blind injection
1, Blind injection principle
1. Blind injection application scenario
Blind injection is often used where there is no detailed echo when interacting with the database; Boolean blind injection is inj ...
Posted on Sun, 28 Nov 2021 06:39:38 -0500 by MrRosary
Many injections have no echo, which may be caused by the problem of SQL query method. At this time, we need to use relevant error reporting or blind injection for subsequent operations.
sql statement addition, deletion, modification and query: For example, insert statement injection can be used to inject into the database during user reg ...
Posted on Tue, 09 Nov 2021 20:19:00 -0500 by MikeX
WAF bypass - SQL injection
Conduct operations on data, such as case, encryption and decryption, encoding and decoding, so as to make the interception invalid For example, take sqlilabs-less-2 as an example (assuming that the security dog has been set to prohibit querying the database): At this point, when you enter the following statement ...
Posted on Tue, 09 Nov 2021 18:16:00 -0500 by Bryan Ando
Reference link: spring security - Basic Introduction (I): https://blog.csdn.net/qq_22172133/article/details/86503223 Take you to Spring Security!: https://www.cnblogs.com/lenve/p/11242055.html
The core functions of spring security mainly include:
Certification (who are you)
Authorization (what can you do)
Attack protection (ag ...
Posted on Fri, 05 Nov 2021 01:21:58 -0400 by darga333