Tritium

常见漏洞资料导航

Feb 28, 2024#CTF!74

AI-generated summary

This is a collection of common vulnerability resources, including SQL injection, SSTI, NodeJS, RCE, and file inclusion. It provides links to various articles and documents related to these vulnerabilities for reference and learning purposes.

节选自《赛棍》

收集一些资料、文件，分类取用

SQL injection#

https://websec.readthedocs.io/zh/latest/vuln/sql/index.html

https://book.hacktricks.xyz/pentesting-web/sql-injection

SQL%E6%B3%A8%E5%85%A5%E4%B8%80%E5%91%BD%E9%80%9A%E5%85%B3%21__fushuling%E3%81%AEblog.pdf

SSTI#

https://tttang.com/archive/1698/

https://github.com/Marven11/Fenjing/tree/main

https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection

NodeJS#

https://xz.aliyun.com/t/11791

https://www.leavesongs.com/PENETRATION/javascript-prototype-pollution-attack.html

RCE#

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum-advanced.html

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html

%E5%88%A9%E7%94%A8shell%E8%84%9A%E6%9C%AC%E5%8F%98%E9%87%8F%E6%9E%84%E9%80%A0%E6%97%A0%E5%AD%97%E6%AF%8D%E6%95%B0%E5%AD%97%E5%91%BD%E4%BB%A4__fushuling%E3%81%AEblog.pdf

%E6%97%A0%E5%AD%97%E6%AF%8D%E6%95%B0%E5%AD%97%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E9%BB%91%E9%AD%94%E6%B3%95shell%E8%84%9A%E6%9C%AC%E5%8F%98%E9%87%8F__fushuling%E3%81%AEblog.pdf

%E6%9D%A5%E8%87%AA%E5%B0%8F%E5%AF%86%E5%9C%88%E9%87%8C%E7%9A%84%E9%82%A3%E4%BA%9B%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7.pdf

Include#

https://www.gem-love.com/2022/06/26 / 文件包含的几种不常规利用姿势 /

CTF%E4%B8%AD%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E7%9A%84%E5%87%A0%E7%A7%8D%E4%B8%8D%E5%B8%B8%E8%A7%84%E5%88%A9%E7%94%A8%E5%A7%BF%E5%8A%BF%E6%80%BB%E7%BB%93___%E9%A2%96%E5%A5%87LAmore.pdf

https://xiaolong22333.top/archives/212/

https://www.freebuf.com/vuls/202819.html

%E5%88%A9%E7%94%A8session.upload_progress%E8%BF%9B%E8%A1%8C%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E5%92%8C%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%B8%97%E9%80%8F_-_FreeBuf%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E8%A1%8C%E4%B8%9A%E9%97%A8%E6%88%B7.pdf

data_media_attachment_b0e6b76e-dade-4096-976f-cabfad855bf2.pdf

data_media_attachment_16e6902c-a5b0-48a6-b5e5-38404c7d3dc0.pdf

UPLOAD

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#59007-28
Owner
0x2be3d884ccf35560ee71f28238059f4497c5fd48
Transaction Hash
Creation 0x1d4bf651...f0d08ae011 Last Update 0x1d4bf651...f0d08ae011
IPFS Address
ipfs://QmV7LeTNmnJDuBqbrx7uGdBQL3g2PZtBDUMLhz25ZyPh5K