Introduction
簡單記錄一下之前在開發某個產品時踩到的雷,不過因為之後打算修正這個問題再發 PR,所以這邊就先用中文筆記一下問題,之前弄好的話再用英文寫一篇詳細的。
而這個雷就如同標題所述,是個 HTTP 這個 Facade 中的 mock function 的問題,會導致 mock 失效,害我當初卡超久 (;´д `)ゞ
AIS3 課程中所發現的 Zeroday RCE 問題
AIS3 Pre-Exam 2022 Web Write Up
Introduction
This article is the write up of 2022 AIS3 pre-exam. AIS3 is a security course held in Taiwan, and pre-exam is something like qualification test. This is my first time participate AIS3. Fortunately I passed the pre-exam, so maybe I will share some note or something after the course end(?).
And I could only solve web question, so that’s it :( Let’s start.
Port Swigger Web Security Academy Sql Injection 2 - UNION Attacks
Introduction
This article is the sequel of Port Swigger Web Security Academy, you can find previous article here.
And this time we will take a deep look about UNION attacks, let’s start.
When we could get responses of query, UNION can be used to retrieve more data from other tables. For example:
1 | SELECT a, b FROM table1 UNION SELECT c, d FROM table2 |
Laravel Zipstream Filename Sanitization
Introduction
When I develop one of my cases, there is a requirement to generate a zip file. So I find a package laravel-zipstream to do it.
Port Swigger Web Security Academy Sql Injection
Introduction
This article is the note of PortSwigger Web Security Academy’s SQL Injection. I will take note of it and write some my opinion.
EOS Jungle2.0 Testnet With Scatter Desktop
此篇旨在紀錄筆者透過 Scatter 桌面版使用 Jungle2.0 Testnet 的過程及教學
