D Blog

Just do it!

Attacking Access Controls

1.Common Vulnerabilities Access controls can be divided into three broad categories:vertical,horizontal, and context-dependent. Vertical privilege escalation Horizontal privilege escalation ...

Posted by D on June 8, 2020

Attacking Session Management

1.The Need for State In most cases, applications use HTTP cookies as the transmission mechanism for passing these session tokens between server and client. The server’s first response to new clie...

Posted by D on June 5, 2020

Attacking Authentication

1.Authentication Technologies HTML forms-based authentication Mutifactor mechanisms, such as those combining passwords and physical tokens Client SSL certificates and / or smartcards HTTP ...

Posted by D on May 16, 2020

Upload files to FastDFS with Bash

uri.sh be call by json.sh. uri.sh #!/bin/bash /usr/bin/fdfs_test /etc/fdfs/client.conf upload $1 | grep 'remote_filename'|head -n 1 | awk '{print $2}' | awk -F '[=]' '{print $2}' json.sh #!/bin...

Posted by D on May 13, 2020

Bypassing Client-Side Controls

1. Transmitting Data Via the Client 1.1 Hidden Form Fields hidden <input type="hidden" name="price" value="449"> 1.2 HTTP Cookies The customer has logged in to the applica...

Posted by D on May 12, 2020

Mapping the Application

1 Enumerating content and functionality Manual browsing Walk through the application starting from the main initial page, following every link, and navigating through all multistage functions.(su...

Posted by D on May 8, 2020

厨具中的重金属

砂锅 砂锅 表面的釉质 裂 开之后,砂锅的中金属就会溶解. 怕裂: 冷锅装冷水,热锅装热水(比如,用热锅突然装冷水,砂锅就很容易裂) 怕酸 砂锅挑选 看, 选自然色的砂锅,不要选过于鲜艳的砂锅,颜色越鲜艳参入的重金属越多 听, 声音清脆,就比较好 摸, 表明光滑的砂锅比较好 不沾锅 不沾锅表面涂层物质:PFOA...

Posted by D on May 7, 2020

保肝排毒六大英雄食物

1.资讯 孕妇在怀孕18周-22周,如果能够每天补充足够的,每天400毫克直到分娩 DHA (即Omega-3的脂肪酸), 可以降低婴儿出生后发生感冒的风险和减轻感冒的症状. 人体无法自行合成,必须从外来物中获取比如, 药物或者食物, 比如 藻类, 鲑鱼, 鲔鱼(金枪鱼), 秋刀鱼, 等这些小鱼, 核桃, 亚麻籽. 而且对婴儿的 智商 和 社交 能力都有好的帮助. 2.肝脏解毒机制 毒素...

Posted by D on May 6, 2020

Bug Bounties Recon With Bash

Some Core Utils grep - search for patterns in files or stdin sed - edit the input stream awk - general purpose text-processing language cat - concatenate files find - list files recursi...

Posted by D on April 26, 2020

Install VitualBox on FreeBSD

reference:How to Install Oracle VirtualBox in FreeBSD

Posted by D on April 26, 2020

FEATURED TAGS
shadowsocks v2ray Broken Access Control XSS Recon linux_basic SecTools git Freedom psychology health web hacking food FastDFS nginx MySQL FreeBSD NTP authentication freebsd acme.sh let's encrypt
ABOUT ME

Just do it!