当前位置:网站首页>SRC mining ideas and methods
SRC mining ideas and methods
2022-07-06 13:48:00 【One call yyds】
Recently, I found that many small partners who have just come into contact with infiltration do not know the secret of actually digging holes , So I'm going to write some tips for digging holes by myself .
src It is recommended that novices dig holes in the preferred vulnerability box , Because the vulnerability box has a wide range , All domestic sites receive . Compared with other src platform , Mining is very suitable for novices .
Vulnerability mining , Information gathering is important .
Here we will explain with some actual combat .
First of all, let's talk about Google grammar !!!
The following can be done by fofa、 Zhong Kui's eyes 、shodan Wait for cyberspace search engines to search Google Mirror image .
# SQL Injection and hole digging are basically smooth
1. Look for loopholes , Through basic site:、inurl: Google Syntax .
2. Find a site , Various points , Find his injection point .
3. Injection point not found , information gathering .
4. Then there are some column operations .
open Google Mirror image , Enter our Google syntax site:.com company .
In this way, you will get the domain name with .com Is the suffix related company name , The meaning of adding a company after it is to specify the company name for screening .
Google Syntax , Search through Google browser :site:.com inurl:php?id=22 company
And here we add php?id=22, Because the core of our injection point is to transmit parameters , Therefore, it will be easier to find loopholes by searching for participants .
Now we find a website to test .
First we enter single quotation marks : ' , Look, the page has changed .
This means that the single quotation mark we entered is executed , There was a misreport . There is a great possibility that SQL Inject .
Further use ,and 1=1 && and 1=2, Verify whether the vulnerability exists .
there and 1=1, The page is normal , But in and 1=2 When , The page is echoed normally , Further verify .
We continue to use SQL Statement function , Come to the conclusion , We were blocked by the website firewall .
Did not bypass the website firewall , Try the inline annotation method casually here , Execution succeeded . It's too cumbersome to bypass the firewall , I'll do more , For starters , If you encounter a firewall, you can retreat directly .
Find a station below , Enter single quotes ', Page exception , We look for input and 1=1 | 1=2, Find out 1=2 abnormal .
It indicates that the function we input is executed by the database , There is SQL Inject .
The vulnerability has been tested , Next, let's see if we can verify the vulnerability . On SQL sentence , We use order by 11 | order by 12.
order by 11 The page is normal , and order by 12 Page exception ( That there is 11 A field ).
Then we use SQL sentence , It is found that there is a Boolean blind note , Boolean blind note query data is cumbersome , Just throw it here SQLmap ran .
sqlmap command :Python sqlmap.py -u The goal is URL --dbs( Specify the name of the target database ), Finally, the library name is successfully obtained .
Digging a hole is so easy ,SQL There are still a lot of injections , encounter waf, Those who have ideas can try to bypass .
XSS Loophole
Generally, check whether there is a message board through the searched site , Try blind typing XSS, Generally one XSS Medium risk , Build... Directly xss sentence :<script>alert(1)</script>, Just insert it directly in the box , Pop up and submit directly src The platform is ok .
XSS General message board !!!
Weak password vulnerability mining
Weak password Google syntax :inurl:admin/login.php company .
In this way, you can search the backstage of many companies .
Entering the background, you can use tools to blast weak passwords in batches , Such as admin/111111 etc. , You can also view js Code to check whether there is an account password .
You can use or build your own weak password blasting tool , There are many such tools , I won't elaborate more .
Some verification codes are arranged , There is also a verification code that will not change if you catch the package .
These are all excavations src Compare the recommended vulnerabilities , I wish you all to be on the list as soon as possible !!!
边栏推荐
- 5月27日杂谈
- Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
- 【九阳神功】2019复旦大学应用统计真题+解析
- C语言实现扫雷游戏(完整版)
- The latest tank battle 2022 full development notes-1
- 【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
- C language Getting Started Guide
- Programme de jeu de cartes - confrontation homme - machine
- [modern Chinese history] Chapter 9 test
- 4.分支语句和循环语句
猜你喜欢
随机推荐
4. Branch statements and loop statements
【九阳神功】2022复旦大学应用统计真题+解析
扑克牌游戏程序——人机对抗
[面试时]——我如何讲清楚TCP实现可靠传输的机制
SRC挖掘思路及方法
[the Nine Yang Manual] 2022 Fudan University Applied Statistics real problem + analysis
C language Getting Started Guide
[the Nine Yang Manual] 2016 Fudan University Applied Statistics real problem + analysis
[中国近代史] 第五章测验
(原创)制作一个采用 LCD1602 显示的电子钟,在 LCD 上显示当前的时间。显示格式为“时时:分分:秒秒”。设有 4 个功能键k1~k4,功能如下:(1)k1——进入时间修改。
仿牛客技术博客项目常见问题及解答(三)
【九阳神功】2019复旦大学应用统计真题+解析
2.C语言初阶练习题(2)
强化学习系列(一):基本原理和概念
Relationship between hashcode() and equals()
[modern Chinese history] Chapter V test
实验九 输入输出流(节选)
Inaki Ading
The latest tank battle 2022 - full development notes-3
Zatan 0516