Further penetration testing of the strong intelligence system (result: failed) - Code World

Further penetration testing of the strong intelligence system (result: failed)

Others 2020-09-21 17:29:12 views: null

Because I have always wanted to infiltrate this site, and then go to edusrc to submit to obtain the certificate.
Insert picture description here
After the last analysis of the blasting vulnerability, I found that the decryption failed, but the method to solve the verification code was solved.
Then as I learnt, I discovered many new methods, such as ultra vires, xss
regarding ultra vires, the test here has failed, and if both horizontally and vertically failed
xss, I
tested it and found that it does exist, but it is only reflective xss (Because the message board inside seems to exist, but in fact it will not be recorded. It is not visible on other people's pages. I don't know the use of this tasteless function.) Insert picture description here
And there is a problem That is
, when I read the cookie, I find that httponly

is here for the time being and I can’t think of any way to bypass httponly

Temporarily over, wait for more learning later to continue testing, penetration

Guess you like

Origin blog.csdn.net/qq_33942040/article/details/107450609

Further penetration testing of the strong intelligence system (result: failed)

Ten Penetration Testing Security Testing and Training System

Penetration Testing artifact -pentestbox the windows system

Remote system command execution for penetration testing

Penetration Testing

Penetration testing

【Penetration Testing】Penetration Testing Summary

[Network Security Knowledge System] Extranet Penetration Testing | 14 Small Experiments

2024 Cybersecurity Competition--System Penetration Testing (Super Detailed)

WEB testing, penetration testing

Analysis Ideas of the Java Simulated Log-in and Strong Intelligence Educational Administration System

Penetration Testing Intranet Penetration (2): Intranet Penetration

【Penetration Testing】—10 Websites for Learning Penetration Testing

A failed colored APP penetration

A failed domain penetration in the intranet

Strong social interaction can further strengthen user intimacy

Contemplation of nature and penetration testing

The basic tool of penetration testing

Penetration Testing Type

Penetration testing standard PTES

Penetration Testing the vulnerability scanning

Penetration testing foundation

Penetration Testing Engineer

python penetration testing tools

Eric drone penetration testing

Penetration Testing: HTB of OpenAdmin

Penetration Testing main flow

Penetration Testing Summary

A complete penetration testing laboratory

kubernetes cluster Penetration Testing

Recommended

Ranking

ElasticSearch-- data modeling best practices

Permission Maintenance - Shadow User Backdoor

Refactor the code using MVP mode

Quantitative investment-fundamental model-PVC multi-factor model

Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators

Blazor page components (2)

Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze

About Qi high in JAVA study notes SORM summary detailed personal explanation

Will you calculate the accuracy of the rope displacement sensor in the measurement?

OPENJTAG debugging learning (3): debugging using the gdb command line

Daily

More

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)