web testing
> cypress
转载
2020-02-26 22:36:00
73阅读
2评论
VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input
转载
2020-02-08 12:37:00
53阅读
2评论
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o
转载
2020-02-07 22:08:00
150阅读
2评论
LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k
转载
2020-02-07 21:33:00
63阅读
2评论
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin
转载
2020-02-07 20:57:00
50阅读
2评论
SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameter
转载
2020-02-09 21:11:00
63阅读
2评论
SQL INJECTIONWHAT IS SQL?Most websites use a database to store data.Most data stored in it(usernames, passwords ..etc.)Web application reads, updates and inserts data in the database.Interaction with ...
转载
2020-02-09 16:36:00
62阅读
2评论
INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di
转载
2020-02-07 16:57:00
156阅读
2评论
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This
转载
2020-02-10 21:15:00
49阅读
2评论
XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The co
转载
2020-02-10 20:38:00
58阅读
2评论
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Fo
转载
2020-02-09 20:55:00
199阅读
2评论
SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful er
转载
2020-02-09 17:41:00
138阅读
2评论
EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex
转载
2020-02-07 20:28:00
48阅读
2评论
How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side
转载
2020-02-07 14:45:00
72阅读
2评论
CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to k
转载
2019-10-19 22:03:00
38阅读
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that
转载
2019-10-20 08:44:00
206阅读
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover
转载
2019-10-19 21:36:00
130阅读
Penetration Testing、Security Testing、Automation Testing
原创
2022-12-20 19:27:54
3272阅读
Introduction
In this article, I will talk about two test tools for the enterprise web services tuning and testing. These tools can be used to test performance, simulate heavy loads, test functional b
转载
2011-04-18 15:25:49
737阅读
Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php Execute the Python Script.
转载
2019-10-20 10:18:00
255阅读
