current location:Home > Technical Articles > Operation and Maintenance > Safety
- Direction:
- All web3.0 Backend Development Web Front-end Database Operation and Maintenance Development Tools PHP Framework Daily Programming WeChat Applet Common Problem Other Tech CMS Tutorial Java System Tutorial Computer Tutorials Hardware Tutorial Mobile Tutorial Software Tutorial Mobile Game Tutorial
- Classify:
-
- How Codeql analyzes the problem of cookie not enabling httponly
- Preface Today we use codeql to analyze security issues such as "cookie is not enabled httponly", thereby deepening our use of codeql. If the response is good, you can consider exploring other vulnerabilities in Vulnerability-goapp. When analyzing go programs, you must additionally download the codeql-go description audit object Vulnerability-goapp: VulnerablegolangWebapplicationforeducation. Modification: Because all cookies in this project are not set to http-only, there is no comparison, so we need to modify it first. in some cookies
- Safety 1230 2023-05-17 17:25:59
-
- DeRPnStiNK target machine penetration case analysis
- DeRPnStiNK target machine penetration We found the DeRPnStiNK target machine from the Internet as an experimental environment. For beginners, we used this target machine to conduct penetration experiments. After downloading the target machine online, open it directly through the virtual machine. Just use the default bridge mode for the network card configuration. Note here that your kali attack machine must also be in bridge mode to ensure normal communication with the attacked server. First, if we are not sure about the address of the attacked server, we need to perform host discovery and check our own IP address: 192.168.50.76, as shown in the figure: Use nmap or netdiscover to perform network discovery. The command is as follows: nmap–sP192.168.50 .0/24(
- Safety 1539 2023-05-17 16:56:36
-
- How to upgrade NetScaler version
- 1. NetScaler version upgrade instructions requirements: Upgrade NetScaler through shell mode [Topology] 2. Preparation before upgrading Prepare the version files required for version upgrade Use a browser to open https://www.citrix.com/downloads/netscaler-adc/ to log in Then select the required upgrade package for DownLoad, select the tgz upgrade package, and prepare the necessary tools required for version upgrade. 3. During the upgrade process, use the SSH tool to log in to NetScaler to view the current version information. Use the SFTP tool to upload the upgrade package to NetScaler's /var/nsinstall/build- 11.1-54.14 Directory
- Safety 1554 2023-05-17 16:52:23
-
- How to analyze Apache Dubbo deserialization vulnerability
- Introduction Dubbo is a high-performance and excellent service framework open sourced by Alibaba, which enables applications to realize service output and input functions through high-performance RPC, and can be seamlessly integrated with the Spring framework. It provides three core capabilities: interface-oriented remote method invocation, intelligent fault tolerance and load balancing, and automatic service registration and discovery. Overview On June 23, 2020, ApacheDubbo officially released a risk notice about ApacheDubbo remote code execution. The vulnerability number is CVE-2020-1948, and the vulnerability level is: high risk. ApacheDubbo is a high-performance, lightweight open source JavaRPC framework. It provides three core capabilities: interface-oriented remote
- Safety 1015 2023-05-17 16:01:22
-
- What is wide byte injection in SQL injection?
- Wide byte injection: It is a way to bypass SQL injection. 1. Wide byte concept: 1. Single-byte character set: all characters are represented by one byte, such as ASCII encoding (0-127) 2 . Multi-byte character set: In a multi-byte character set, some bytes are represented by multiple bytes, and another part (possibly none) is represented by a single byte. 3. UTF-8 encoding: It is an encoding method (multi-byte encoding). It can use 1 to 4 bytes to represent a symbol, and the byte length changes according to different symbols. 4. Common wide bytes: GB2312, GBK, GB18030, BIG5, Shift_JISGB2312 does not have wide byte injection, and it can be collected that there is wide byte injection
- Safety 1557 2023-05-17 15:37:14
-
- What are the optical module configurations and switch levels that need to be paid attention to?
- Today I will explain to you what configurations of fiber optic port modules you need to pay attention to when purchasing a fiber optic switch? Yitianguang Communications first tells everyone that it will be clear as long as you remember the following points, which means aligning according to the port of the switch. From large to small, the first is 10G port SFP+, 10GBase-SR 10G optical module, wavelength 850nm, multi-mode 300mSFP+, 10GBase-LR 10G optical module, wavelength 1310nm or 1550nm, single mode 10/20/40/60/80km Then there are the Gigabit port dual fiber 50/125 micron multimode, wavelength 850nm, 550m; dual fiber 62.5/125 micron multimode, wavelength 850nm, 275m; dual fiber single mode
- Safety 1649 2023-05-17 15:19:11
-
- How to match specific quantity in javascript
- Note 1. The number of curly bracket specifiers can be used to specify the upper and lower limits of the matching pattern. But sometimes only a specific number of matches is needed. 2. To specify a certain number of matching patterns, just place a number between the curly brackets. The example requires modifying the regular expression timRegex to match the word Timber with only four letters m. lettimStr="Timmmmber";lettimRegex=/change/;//Modify this line letresult=timRegex.test(timStr);Reference lettimStr="Timmmmber";lettimRegex
- Safety 1208 2023-05-17 15:19:06
-
- Example analysis of Apache Commons Collections deserialization vulnerability
- 1. Introduction Although there are many articles on the Internet that analyze the deserialization vulnerability of this component, I still record it here. After all, this is significant for the development of Java deserialization vulnerabilities. Apache Commons Collections is a very commonly used tool library in Java application development. It adds many powerful data structures, simplifies the development of Java applications, and has become a recognized standard for Java to process collection data. Many common applications such as Weblogic, WebSphere, Jboss, Jenkins, etc. all use the Apache Commons Collections tool library. When a deserialization vulnerability occurs in the tool library, this
- Safety 1790 2023-05-17 15:10:34
-
- How to perform Cisco ASA5505 password recovery
- 官方文档说明:Torecoverfromthelossofpasswords,performthefollowingsteps:Step1ConnecttothesecurityapplianceconsoleportbysuperterminalStep2Poweroffthesecurityappliance,andthenpoweriton.Step3Duringthestartupmessages,presstheEscapekeywhenpromptedtoenterROMMON.St
- Safety 1665 2023-05-17 14:52:21
-
- How to encrypt files in Linux system
- Choosing to use EFS when installing a Linux system will first introduce a very simple method to use the EFS file system. Taking Fedora's installation steps as an example, you can easily use it by selecting the relevant options for installation. Users can create new partitions in free space, select a partition for editing, and delete certain partitions. In Figure 1, you need to select the [Encrypt File System] option, and enter the password required to access EFS according to the system requirements, as shown in Figure 2. Next, follow the Linux installation steps step by step and follow the system prompts to install the system. Then, after successfully installing the system, the user will have a secure encrypted file system, and every time he logs in to the system, the system
- Safety 1443 2023-05-17 14:34:40
-
- Example analysis of Google Chrome 85 fixing WebGL code execution vulnerability
- Google has fixed a use-after-free vulnerability in the WebGL (WebGraphicsLibrary) component of the Google Chrome web browser. By successfully exploiting this vulnerability, an attacker can execute arbitrary code in the context of the browser's process. WebGL is a JavaScript API that compliant browsers use to render interactive 2D and 3D graphics without the use of plug-ins. GoogleChrome85.0.4149.0 has fixed this code execution vulnerability. High-risk code execution vulnerability The code execution vulnerability discovered by CiscoTalos senior research engineer Marcin Towalski is numbered CVE-2020-649
- Safety 1140 2023-05-17 14:07:14
-
- NAT configuration in USG firewall
- USG firewall NAT configuration learning purpose Master the method of configuring NATServer on the USG firewall Master the method of configuring NATEasyIP on the USG firewall Topology diagram scenario: You are the network administrator of the company. The company is segregated into three zones using network firewalls. Now we need to publish the telnet service provided by a server (IP address: 10.0.3.3) in the DMZ area. The public addresses are 10.0.10.20 and 24. And users in the internal network Trust area access through Easy-IP. outside area. Access from other directions is prohibited. Define the G0/0/1 and G0/0/21 interfaces to vlan11 on the switch, and assign G0/0/
- Safety 1373 2023-05-17 13:25:47
-
- Example analysis of using nmap-converter to convert nmap scan result XML into XLS
- Use nmap-converter to convert nmap scan result XML to XLS. Practical 1. Introduction As a network security practitioner, sometimes you need to use the port scanning tool nmap to perform large-volume port scanning, but the output results of Nmap are .nmap, .xml and .gnmap The three formats are mixed with a lot of unnecessary information, which is very inconvenient to process. The output results are converted into Excel tables to process the later output. Therefore, a technical expert shared a Python script to convert nmap reports to XLS. 2. nmap-converter1) Project address: https://github.com/mrschyte/nmap-
- Safety 1727 2023-05-17 13:04:19
-
- Example analysis of Nmap operations
- Background With the development of the security industry, the country attaches great importance to it. Various industries suffer from various threats. Some companies of Party A do not have relevant security departments or have relatively weak security capabilities, so they will hire Party B's security personnel to provide operational services. Then Party B's security engineers need to help customers deal with some security events that occur during business operations. For example, after a vulnerability occurs, our security engineers need to detect whether other business systems have the vulnerability and whether it needs to be repaired in time. We also need to output some results to facilitate customer reporting, as well as how to improve work efficiency, etc. Review of common parameter options for efficient scanning Fast live scanning nmap-T4-n-V–sn-iLip.txt-oNlive_host.
- Safety 988 2023-05-17 12:22:18
-
- What are the steps you need to pay attention to in H3C wireless configuration?
- The first step is to pay attention to the wireless control version. If the version is very old, it may not have the current wireless AP model and needs to be upgraded to the officially recommended version. The second step is to apply for wireless controller license and register on the H3C official website. The device file needs to be in Check the location of the file through displaylicescedevice-id on the wireless controller, then download the file through FTP or TFTP, and upload it to the location that needs to be registered. The third step is to register the three-layer wireless ap. You need to configure the option 43 option.
- Safety 1451 2023-05-17 10:40:06
Tool Recommendations
jQuery enterprise message form contact code
jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29
HTML5 MP3 music box playback effects
HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.
Player special effects
2024-02-29
HTML5 cool particle animation navigation menu special effects
HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29
jQuery visual form drag and drop editing code
jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29
Organic fruit and vegetable supplier web template Bootstrap5
An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03
Bootstrap3 multifunctional data information background management responsive web page template-Novus
Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02
Real estate resource service platform web page template Bootstrap5
Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02
Simple resume information web template Bootstrap4
Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02
Cute summer elements vector material (EPS PNG)
This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09
Four red 2023 graduation badges vector material (AI EPS PNG)
This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29
Singing bird and cart filled with flowers design spring banner vector material (AI EPS)
This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29
Golden graduation cap vector material (EPS PNG)
This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27
Home Decor Cleaning and Repair Service Company Website Template
Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09
Fresh color personal resume guide page template
Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29
Designer Creative Job Resume Web Template
Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28
Modern engineering construction company website template
The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28
