当前位置:网站首页>Vulnerability discovery - vulnerability probe type utilization and repair of web applications
Vulnerability discovery - vulnerability probe type utilization and repair of web applications
2022-07-06 04:28:00 【Dark white earphone】
Site judgment
It is known that CMS
As is common dedecms.discuz,wordpress And so on , This is generally developed using non framework classes , But there are also a few
Is framework class development , Security detection for such source programs , We're going to test with open holes , If not, use
White box code audit self mining .
Development framework
As is common thinkphp,spring,flask And so on , This kind of source code procedure normal security test mentality : Get right first
The development framework information should be ( name , edition ), Test through the exposed framework class security issues , If it does not exist, white box code review can be used
Plan to dig by yourself .
Unknown CMS
Such as the common enterprise or individual internal program source code , It can also be some CMS Secondary development of the source structure , For this kind of source code program testing
Try ideas : If you can identify the secondary development, just press the known CMS Train of thought , If the secondary development cannot be determined, the conventional comprehensive class scanning can be adopted
Tools or scripts to probe , You can also use artificial probes ( The function point , Parameters , Blind guess ), Similarly, when there is source code, you can
Conduct code audit and mine by yourself .
The demo case
Development framework class source code penetration test report - information -thinkphp,spring
It is known that CMS Non framework penetration test report - Tool scripts -wordpress
It is known that CMS Non framework penetration test report - Code audit -qqyewu_php
Unknown CMS Non framework penetration test report - artificial - You and I love wg Oh ~
CVE-2018-1273 Demonstrate the execution of commands ( Known framework :spring frame )
vulhub Up lookup
Capture the registration page , modify payload Corresponding poc Submit Successfully in the other server directory tmp Created in succes Folder
It is known that CMS by wordpress
( Because it is known as wordpress, Tools are used here wpscan To test )
It can be identified by various methods cms
Direct start kali Of wpscan Scan the target
The new version of the wpscan You need to apply for an account on the official website , And get the account api-token, Only when copied into the tool can it be used normally
https://wpscan.com/register
Add parameters again api-token To test
The red exclamation point is the corresponding vulnerability scanned , Can be used ( adopt sqlmap Wait for tools to test )
It is known that CMS Non framework class — Code audit —qqyewu_php
1. Identify website cms
2. Look for a match cms Loophole , see cms Upgrade time
3. Looking for backstage , Weak password test
4. Scan ports to collect information
5. Looking for website backup files
边栏推荐
- 10個 Istio 流量管理 最常用的例子,你知道幾個?
- cdc 能全量拉去oracle 表嘛
- Global and Chinese market of plasma separator 2022-2028: Research Report on technology, participants, trends, market size and share
- View 工作流程
- 我想问一下 按照现在mysql-cdc的设计,全量阶段,如果某一个chunk的binlog回填阶段,
- How do programmers teach their bosses to do things in one sentence? "I'm off duty first. You have to work harder."
- Brief tutorial for soft exam system architecture designer | general catalog
- What is the difference between gateway address and IP address in tcp/ip protocol?
- Basic explanation of turtle module - draw curve
- flink sql 能同时读多个topic吗。with里怎么写
猜你喜欢
During pycharm debugging, the view is read only and pause the process to use the command line appear on the console input
Recommendation system (IX) PNN model (product based neural networks)
VNCTF2022 WriteUp
Database - MySQL storage engine (deadlock)
How does computer nail adjust sound
Implementation of knowledge consolidation source code 1: epoll implementation of TCP server
10 exemples les plus courants de gestion du trafic istio, que savez - vous?
canal同步mysql数据变化到kafka(centos部署)
电脑钉钉怎么调整声音
Etcd database source code analysis -- etcdserver bootstrap initialization storage
随机推荐
Global and Chinese markets for otolaryngology devices 2022-2028: Research Report on technology, participants, trends, market size and share
Case of Jiecode empowerment: professional training, technical support, and multiple measures to promote graduates to build smart campus completion system
HotSpot VM
牛顿插值法
Hashlimit rate control
When debugging after pycharm remote server is connected, trying to add breakpoint to file that does not exist: /data appears_ sda/d:/segmentation
[HBZ sharing] how to locate slow queries in cloud database
[Zhao Yuqiang] deploy kubernetes cluster with binary package
Execution order of scripts bound to game objects
【HBZ分享】ArrayList的增删慢查询快的原因
P2022 有趣的数(二分&数位dp)
Understanding of processes, threads, coroutines, synchronization, asynchrony, blocking, non blocking, concurrency, parallelism, and serialization
Slow SQL fetching and analysis of MySQL database
After learning classes and objects, I wrote a date class
During pycharm debugging, the view is read only and pause the process to use the command line appear on the console input
2/11 matrix fast power +dp+ bisection
Can Flink SQL read multiple topics at the same time. How to write in with
PTA tiantisai l1-078 teacher Ji's return (15 points) detailed explanation
[tomato assistant installation]
Brief tutorial for soft exam system architecture designer | general catalog