upload-labs problem solving report- 01

Enterprise 2023-08-12 23:01:36 views: null

fix

Not using JavaScript as a validation tool

Vulnerability analysis

This question is about whitelist detection. It is necessary to analyze whether it is a front-end inspection or a back-end inspection.
As shown in the figure: It can be found that no data is sent during detection, and it can be judged that this is a front-end detection.
Then check the source code of the page
and you can see that it is based on js verification, so you can try to disable JavaScript.
Of course, you can also try to let him pass the verification first, and then modify it at the transport layer

problem solving ideas

Idea 1 - camouflage suffix

The data intercepted by burp is like this, indicating that it recognizes the file extension and does not detect the file content.
accomplish

Practical

Idea 2 Disable JavaScript

JavaScript is executed locally, not in the cloud. It is executed by the JavaScript engine of the local browser.

Guess you like

Origin blog.csdn.net/qq_40790680/article/details/128971511

upload-labs problem solving report- 01

upload-labs problem solving report- 05

upload-labs problem solving report - 06&07

upload-labs problem solving

upload-labs problem solving report- 05

upload-labs problem solving report- 05

[Network security] upload-labs Pass-17 problem solving detailed analysis

[Network security] upload-labs Pass-13 detailed analysis of problem solving

[Network Security] Upload-labs Pass-12 Detailed Analysis of Problem Solving

[Network Security] Upload-labs Pass-06 Detailed Analysis of Problem Solving

[Network Security] Upload-labs Pass-05 Detailed Analysis of Problem Solving

[Network Security] upload-labs Pass-04 Detailed Analysis of Problem Solving

[Network Security] Upload-labs Pass-03 Detailed Analysis of Problem Solving

[Network security] upload-labs Pass-15 detailed analysis of problem solving

[Network Security] Upload-labs Pass-14 Detailed Analysis of Problem Solving

[Network Security] Upload-labs Pass-21 Detailed Analysis of Problem Solving

[Network Security] Upload-labs Pass-20 Detailed Analysis of Problem Solving

Bone Collector HDU-2602 (01 backpack problem solving report)

Report problem-solving

Reconstruction "problem-solving Report"

Report problem solving - Find substring

Report problem solving - binary search

Programming packing problem solving report

Report problem solving - Number Encryption

Report problem solving - find substring

2020.3.24 Report problem-solving

Clan Guard Problem Solving Report

218. The Skyline Problem solving Report

[Problem-solving report] 11689 - Soda Surpler

BZOJ 4238 voltage problem-solving report

Recommended

Ranking

#2019110700005

What materials and procedures are required for patent transfer

What is the blockchain Ethereum triplet state root transaction root receipt root

Front-end study notes 04 --- About the insertion of html pictures and videos

Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries

2017 Qingdao-site tournament I The Squared Mosquito Coil

[BZOJ3165][HEOI2013]Segment (line segment tree without marking)

Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju

The latest tutorial on making framework for iOS

DAX Section 6: Statistical Functions

Daily

More

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)