(黄敏)安全编码实战经验
2020-02-27 160浏览
- 1.PHP 2016/5/11
- 2.if you can't explain it simply, You don't understand it. know it then hack it !
- 3.
- 4.
- 5.1.1 C Linux 64 Linux 64
- 6.1.2 Linux 64
- 7.1.3 Linux 64
- 8.1.4 Linux 64 gcc -g overflow.c -z execstack -fno-stack-protector -o overflow.o && ./
- 9.
- 10.func()
- 11.func() RIP
- 12.
- 13.Linux 64 randomize_va_space
- 14.Linux 64 PHP PHP shellcode
- 15.Linux 64 shellcode
- 16.Linux 64 shellcode
- 17.64 • 32 • 64 Linux Linux JMP ESP, JMP EBP printf() system() .text shellcode • • • • 64 0day 0day
- 18.1.5 • • • root
- 19.1.6
- 20.-
- 21.1.7 CDN IP - CDN NS IP IP
- 22.IP - CDN
- 23.IP - CDN
- 24.IP - CDN • SMTP • • • • IP TCP CDN CDN IP
- 25.
- 26.2.1
- 27.2.2 Nginx+PHP+MySQL CC
- 28.2.3 CC IP (Qps) IO IO CPU IO fsocketopen() fopen() mysql_connect() memcached_connect(), curl() ... IO error_log(), fileexists() is_file() is_dir() file_put_contents() ... CPU GD GD iconv() MySQL SLEEP
- 29.2.4 SQL
- 30.SQL
- 31.2.5 SQL GBK GBK %e5%5c -> %e5%5c%5c SELECT * FROM `user` WHERE username=' \'
- 32.2.6 username='lisi\'' WHERE usname='lisi''
- 33.2.7 substr() SELECT * FROM `user` WHERE username='0123456789012345678901234567 891\
- 34.SQL • • UTF-8 mb_xxx()
- 35.shell web eval,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec, proc_open,proc_get_status,ini_alter,ini_alter,ini_restore, dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru, stream_socket_server
- 36.• extract() register_global • eval() • preg_reaplce() e PHP7 preg_replace_callback() dz
- 37.2.8 $filename GAME OVER 123.php%00.jpg 123.asa IIS ../../static/common.js
- 38.2.9 php version < 5.3.4 include $var;
- 39.2.10 xxx.php IO discuz
- 40.2.11 GPC GPC S S $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; mysql_query(“INSERT TABLE `user` SET regip='$ip'”); $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; $arr = array_filter(explode(',', $ip)); $ip = end($arr); $ip = long2ip(ip2long($ip));
- 41.2.12 PHP
- 42.2.13 C PHP JS C 'a' == 0 0x61 >0 PHP intval()
- 43.XSS
- 44.2.14 wooyun felixk3y
- 45.ICChttps://**.**.**.**/5107/upload/uploadFlash.phphttp://'>http://
