HW is around the corner. Can't you read the danger message?

 Zero basic hacker , Search official account ： White hat left 

Eight recent mainstream vulnerability attack packets are collected , From multiple threat aware platforms , Small white can see

Information disclosure

This is the most common case , It is also the most difficult to capture , Because it may be easily accessible without attacking data , Especially the error report or probe page , Improper configuration can reveal a lot of things

Although it does little harm , But often a humble information can become a breakthrough point

Command execution class

Such attacks are mostly echo、curl、wget、cd、ping、cat、ls Wait for the command to appear , It's still easy to identify

stay GET Execute the command in the parameter

stay POST Execute the command in the parameter

Execute the command in the request header

In addition to ordinary system commands , There are specially constructed command execution statements , For example, this kind of utilization thinkphp Vulnerability for command execution

Code execution class

URL There is encoded data in

This is what happens after decoding

Baidu knows this is a loophole cve-2012-1823 Attack code , Online exp

File read class

stay GET Parameter

sql Injection class

stay GET Parameter sql sentence

Inject... Into the request header sql sentence

File upload class

A test Trojan disguised as a compressed file

A sentence disguised as a picture

URL Jump class

use @ Bypass domain names or ip White list detection

xml External entity injection class

stay POST Attack command in request ,xxe The vulnerability can also read arbitrary files