MySQL Injection Quick Reference

Jan 31,2015 in Web,安全研究 read (8080)

目标http://localhost/?id=2http://localhost/?id=2' 有回显错误Error-based injection猜解列数，因为在GET请求中，所以要用%23代替#http://localhost/sqli/Less-1/?id=2' UN...

继续阅读

Python dict pop method

Jan 30,2015 in Python,Code Review read (7514)

一直以为Python里面字典的pop只能有一个参数，今天写Flask的时候发现写注销操作的时候竟然有session.pop('logged_in', None)，这样的方式，如下。@app.route('/logout')def logout(): session.p...

继续阅读

Jan 29,2015 in Web,安全研究 read (9241)

原文地址：https://rateip.com/blog/sql-injections-in-mysql-limit-clause/Countless number of articles was written on the exploitation of SQL Inj...

继续阅读

Jan 08,2015 in Web,安全研究 read (4971)

原文地址：http://www.thespanner.co.uk/2015/01/07/bypassing-the-ie-xss-filter/POC：http://challenge.hackvertor.co.uk/xss2.php?x=<input type=h...

继续阅读