优秀文章

SQL注入

文件包含

*[利用本地包含漏洞执行任意代码]([http://blog.csdn.net/xysoul/article/details/45031675](http://blog.csdn.net/xysoul/article/details/45031675%29)

*[Upgrade from LFI to RCE via PHP Sessions]([https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/](https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/%29)

* [PHP文件包含漏洞详解(包含截断方法)]([https://www.2cto.com/article/201304/204158.html](https://www.2cto.com/article/201304/204158.html%29)

* [谈一谈php://filter的妙用]([https://www.leavesongs.com/PENETRATION/php-filter-magic.html](https://www.leavesongs.com/PENETRATION/php-filter-magic.html%29)

* [LFI、RFI、PHP封装协议安全问题学习]([http://www.tuicool.com/articles/VvaAzy](http://www.tuicool.com/articles/VvaAzy%29)

XSS

* [xss如何加载远程js的一些tips]([http://www.freebuf.com/articles/web/24496.html](http://www.freebuf.com/articles/web/24496.html%29)

命令执行

WebShell

* [那些强悍的PHP一句话后门]([https://www.virzz.com/2016/10/19/那些强悍的PHP一句话后门.html](https://www.virzz.com/2016/10/19/那些强悍的PHP一句话后门.html%29)

* [php webshell下直接反弹shell(不借助任何其他语言)]([https://www.leavesongs.com/PHP/backshell-via-php.html](https://www.leavesongs.com/PHP/backshell-via-php.html%29)

* [隐藏webshell的几条建议]([http://3xp10it.cc/webshell/2016/07/28/隐藏webshell/](http://3xp10it.cc/webshell/2016/07/28/隐藏webshell/%29)

* [创造tips的秘籍——PHP回调后门]([https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html#0x03-php548assert](https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html#0x03-php548assert%29)

内网渗透

* [内网中间人玩法备忘录]([http://3xp10it.cc/web/2017/05/16/内网中间人玩法备忘录/](http://3xp10it.cc/web/2017/05/16/内网中间人玩法备忘录/%29)

* [乙方渗透测试之Fuzz爆破]([http://www.cnnetarmy.com/乙方渗透测试之Fuzz爆破/](http://www.cnnetarmy.com/乙方渗透测试之Fuzz爆破/%29)

* [乙方渗透测试之信息收集]([http://www.cnnetarmy.com/乙方渗透测试之信息收集/](http://www.cnnetarmy.com/乙方渗透测试之信息收集/%29)

* [内网渗透测试定位技术总结]([https://zhuanlan.zhihu.com/p/26171460](https://zhuanlan.zhihu.com/p/26171460%29)

* [内网渗透随想]([http://www.secbox.cn/skill/6872.html](http://www.secbox.cn/skill/6872.html%29)

沙箱逃逸

* [Python沙箱逃逸的n种姿势]([https://mp.weixin.qq.com/s/PLI-yjqmA3gwk5w3KHzOyA](https://mp.weixin.qq.com/s/PLI-yjqmA3gwk5w3KHzOyA%29)

WAF 绕过

社会工程

* [密码破解与常见社会心理学分析最新漏洞-Www.SitedirSEC.Com]([http://www.sitedirsec.com/exploit-1835.html](http://www.sitedirsec.com/exploit-1835.html%29)

代码审计

* [PHP漏洞挖掘——进阶篇]([http://blog.nsfocus.net/php-vulnerability-mining/](http://blog.nsfocus.net/php-vulnerability-mining/%29)

CTF

* [论如何在CTF比赛中搅“shi”]([http://www.freebuf.com/articles/web/118149.html](http://www.freebuf.com/articles/web/118149.html%29)

上一页常用工具下一页代码审计

最后更新于