XXE与Portswigger Web Sec ​ 相关链接: ​ 博客园 ​ 安全脉搏 ​ FreeBuf 简介XML XML,可扩展标记语言,标准通用标记语言的子集.XML的简单易于在任何应用程序中读/写数据,这使XML很快成为数据交换的唯一公共语言. XML被设计为传输和存储数据,XML文档结构包括XML声明.DTD文档类型定义(可选).文档元素,其焦点是数据的内容,其把数据从HTML分离,是独立于软件和硬件的信息传输工具.XXE漏洞全称XML External Entity Inject

Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Manipulating WebSocket messages to exploit vulnerabilities Lab: Manipulating the WebSocket handshake to exploit vulnerabilities Lab: Cross-site WebSocket

Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Clickjacking (UI redressing) 1 - Basic clickjacking with CSRF token protection 2 - Clickjacking with form input data prefilled from a URL parameter 3 -

Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security academy:Cross-origin resource sharing (CORS) 1 - CORS vulnerability with basic origin reflection 2 - CORS vulnerability with trusted null origin 3 - COR

Portswigger web security academy:XML external entity (XXE) injection 目录 Portswigger web security academy:XML external entity (XXE) injection 1 - Exploiting XXE using external entities to retrieve files 2 - Exploiting XXE to perform SSRF attacks 3 - B

Portswigger web security academy:Cross-site request forgery (CSRF) 目录 Portswigger web security academy:Cross-site request forgery (CSRF) 1 - CSRF vulnerability with no defenses 2 -CSRF where token validation depends on request method 3 - CSRF where t

Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy:OAth authentication vulnerable Authentication bypass via OAuth implicit flow Forced OAuth profile linking OAuth account hijacking via redirect_uri Ste

Portswigger web security academy:Server-side request forgery (SSRF) 目录 Portswigger web security academy:Server-side request forgery (SSRF) Basic SSRF against the local server Basic SSRF against another back-end system SSRF with blacklist-based input

Portswigger web security academy:OS command injection 目录 Portswigger web security academy:OS command injection OS command injection, simple case Blind OS command injection with time delays Blind OS command injection with out put redirection Blind OS

Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL injection vulnerability in WHERE clause allowing retrieval of hidden data SQL injection vulnerability allowing login bypass SQL injection UNION attac

Portswigger web security academy:Server-side template injection(SSTI) 目录 Portswigger web security academy:Server-side template injection(SSTI) Basic server-side template injection Basic server-side template injection (code context) Server-side templa

Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XSS into HTML context with nothing encoded Stored XSS into anchor href attribute with double quotes HTML-encoded Stored DOM XSS Stored XSS into onclick

Portswigger web security academy:Reflected XSS 目录 Portswigger web security academy:Reflected XSS Reflected XSS into HTML context with nothing encoded Reflected XSS into HTML context with most tags and attributes blocked Reflected XSS into HTML contex

Portswigger web security academy:DOM Based XSS 目录 Portswigger web security academy:DOM Based XSS DOM XSS in document.write sink using source location.search DOM XSS in document.write sink using source location.search inside a select element DOM XSS i

HTTP request smuggling 目录 HTTP request smuggling HTTP request smuggling, basic CL.TE vulnerability HTTP request smuggling, basic TE.CL vulnerability HTTP request smuggling, obfuscating the TE header HTTP request smuggling, confirming a CL.TE vulnerab

Insecure deserialization [toc] Modifying serialized objects 题目描述 此lab使用了 基于序列化的session机制 可以借此进行权限提升 要求 获取管理员权限 删除carlos的账号 解题过程 登录后抓包发现session使用的base64编码(本身进行了两次url编码) GET /my-account HTTP/1.1 Host: aca21f331f8595648000177b00a00042.web-security-acade

DOM-based vulnerabilities 目录 DOM-based vulnerabilities 1 - DOM XSS using web messages 2 - DOM XSS using web messages and a JavaScript URL 3 - DOM XSS using web messages and JSON.parse 4 - DOM-based open redirection 5 - DOM-based cookie manipulation 6

1. Web测试中关于登录的测试 2. 搜索功能测试用例设计 3. 翻页功能测试用例 4. 输入框的测试 5. Web测试的常用的检查点 6. 用户及权限管理功能常规测试方法 7. Web测试之兼容性测试 8. Web测试-sql注入 9. Web测试中书写用例时要考虑的检查点 10. 手机电子邮件测试用例 11. 记事本与日历的测试用例 12. Web测试总结 13. 让web站点崩溃最常见的七大原因 14. Web应用程序是否存在跨站点脚本漏洞 15. Web测试总结(全) 16. 理解we

以Chrome为例,配置HTTPS抓包方法 1.获取破解版的burp,将BurpLoader.jar和burpsuite_pro_v1.5.18.jar放到一个路径下 2.在cmd里进入上述两个jar包所在目录,运行java -jar BurpLoader.jar,启动burp 3.访问http://localhost:8080/ 如下: **burp占用默认端口号为8080** 4.点击CA Certificate下载证书到本地 **证书内包含机器本身信息,故不可机器间通用** 5.进入Chr

1.所需条件 · 手机已经获取root权限 · 手机已经成功安装xposed框架 · 电脑一台 2.详细步骤 2.1 在手机上面安装xposed JustTrustMe JustTrustMe是一个去掉https证书校验的xposed hook插件,去掉之后就可以抓取做了证书校验的app的数据包.JustTrustMe在github的地址位: https://github.com/Fuzion24/JustTrustMe 安装好模块之后勾选JustTrustMe模块,然后重启手机 2.2 配置b