版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_36869808/article/details/83029980
0x00 前言
如饥似渴的学习。
0x01 文章
1.代码审计思路
https://blog.csdn.net/qq_36869808/article/details/83027850
2.SQL审计概述
https://blog.csdn.net/qq_36869808/article/details/83029219
2.1 sql审计实战
2.1.1 DWVA
2.1.2 espcms
2.1.3 Bluecms
- 代码审计—Bluecms—sql—ad_js.php
- 代码审计—Bluecms—sql—ann.php(无)
- 代码审计—Bluecms—sql—comment.php(无)
- 代码审计—Bluecms—sql—index.php(无)
- 代码审计—Bluecms—sql—search.php(无)
- 代码审计—Bluecms—sql—user.php(无)
- 代码审计—Bluecms—sql—admin/article.php(无)
- 代码审计—Bluecms—sql—admin/ann.php(无)
- 代码审计—Bluecms—sql—admin/attachment.php(无)
- 代码审计—Bluecms—sql—admin/card.php(无)
- 代码审计—Bluecms—sql—admin/category.php(无)
- 代码审计—Bluecms—sql—admin/info.php(无)
- 代码审计—Bluecms—sql—admin/link.php(无)
- 代码审计—Bluecms—sql—admin/model.php(无)
- 代码审计—Bluecms—sql—include/ip.class.php(无,宽字节无法验证)
- 代码审计—Bluecms—sql—include/common.fun.php
- 代码审计—Bluecms—sql—api/uc.php(无)
2.2 sql审计实战+sql手注
3.XSS审计
3.1 概述
3.1.2 基础篇
主要是对需要审计的函数进行整合
https://blog.csdn.net/qq_36869808/article/details/82795188
3.1.3.xss-Ajax
https://blog.csdn.net/qq_36869808/article/details/82795720
3.1.4.xss-浏览器安全
https://blog.csdn.net/qq_36869808/article/details/82795724
3.1.5.xss-worm
https://blog.csdn.net/qq_36869808/article/details/82803855
3.1.6 概述
https://blog.csdn.net/qq_36869808/article/details/83181571
3.2审计实战
3.2.1 74CMS
3.2.1 BlueCMS
4.CSRF
4.1 概述
4.2 审计实战
4.2.1 DWVA
5.Brute Force
5.1 概述
5.2 审计实战
5.2.1 DWVA
6. 命令执行
6.1 概述
6.2 审计实战
-代码审计—DWVA—Command InjectionL—Low
- 代码审计—DWVA—Command InjectionL—Medium
- 代码审计—DWVA—Command InjectionL—High
代码审计—DWVA—Command InjectionL—impossible
7. 文件包含
7.1 概述
7.2 审计实战
- 代码审计—DWVA—File Inclusion—Low
- 代码审计—DWVA—File Inclusion—Medium
- 代码审计—DWVA—Command InjectionL—High
- 代码审计—DWVA—Command InjectionL—impossible
8. 文件上传
8.1概述
8.2 审计实战
- 代码审计—DWVA—File Upload—Low
- 代码审计—DWVA—File Upload—Medium
- 代码审计—DWVA—File Upload—high
- 代码审计—DWVA—File Upload—mpossible
0x02 资源
1.DVWA
https://www.lanzous.com/i236f2d
2.espcms 2012 版本
https://www.lanzous.com/i260led
3. 74cms 3.1
https://www.lanzous.com/i26kwch
4. 74cms 3.4
https://www.lanzous.com/i26paqj