Introduction
這篇文章是為了記錄一下 AIS3 期間的學習歷程,至於這篇由於偏筆記,而且沒什麼特別的成果,所以就用中文稍微紀錄一下而已😂。
此篇由來是今年七月底剛參加完了 AIS3,而今年的 AIS3 在結束的時候需要專題發表,而我的組別是網頁安全,所以就想來做個白箱安全的議題,嘗試在 GitHub 中開源且接受安全漏洞回報的 repo 上挖洞,雖然我個人覺得成果蠻差的 QQ,不過至少還是紀錄一下。
AIS3 Pre-Exam 2022 Web Write-Up
Introduction
This article is the write-up of 2022 AIS3 pre-exam. AIS3 is a security course held in Taiwan, and pre-exam is something like qualification test. This is my first time participate AIS3. Fortunately I passed the pre-exam, so maybe I will share some note or something after the course end(?).
And I could only solve web question, so that’s it :( Let’s start.
Port Swigger Web Security Academy Sql Injection 2 - UNION Attacks
Introduction
This article is the sequel of Port Swigger Web Security Academy, you can find previous article here.
And this time we will take a deep look about UNION attacks, let’s start.
When we could get responses of query, UNION can be used to retrieve more data from other tables. For example:
1 | SELECT a, b FROM table1 UNION SELECT c, d FROM table2 |
Laravel Zipstream Filename Sanitization
Introduction
When I develop one of my cases, there is a requirement to generate a zip file. So I find a package laravel-zipstream to do it.
Port Swigger Web Security Academy Sql Injection
Introduction
This article is the note of PortSwigger Web Security Academy’s SQL Injection. I will take note of it and write some my opinion.