优秀文章
SQL注入
文件包含
*[利用本地包含漏洞执行任意代码]([http://blog.csdn.net/xysoul/article/details/45031675](http://blog.csdn.net/xysoul/article/details/45031675%29)
*[Upgrade from LFI to RCE via PHP Sessions]([https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/](https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/%29)
* [PHP文件包含漏洞详解(包含截断方法)]([https://www.2cto.com/article/201304/204158.html](https://www.2cto.com/article/201304/204158.html%29)
* [谈一谈php://filter的妙用]([https://www.leavesongs.com/PENETRATION/php-filter-magic.html](https://www.leavesongs.com/PENETRATION/php-filter-magic.html%29)
* [LFI、RFI、PHP封装协议安全问题学习]([http://www.tuicool.com/articles/VvaAzy](http://www.tuicool.com/articles/VvaAzy%29)
XSS
* [xss如何加载远程js的一些tips]([http://www.freebuf.com/articles/web/24496.html](http://www.freebuf.com/articles/web/24496.html%29)
命令执行
WebShell
* [那些强悍的PHP一句话后门]([https://www.virzz.com/2016/10/19/那些强悍的PHP一句话后门.html](https://www.virzz.com/2016/10/19/那些强悍的PHP一句话后门.html%29)
* [php webshell下直接反弹shell(不借助任何其他语言)]([https://www.leavesongs.com/PHP/backshell-via-php.html](https://www.leavesongs.com/PHP/backshell-via-php.html%29)
* [隐藏webshell的几条建议]([http://3xp10it.cc/webshell/2016/07/28/隐藏webshell/](http://3xp10it.cc/webshell/2016/07/28/隐藏webshell/%29)
* [创造tips的秘籍——PHP回调后门]([https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html#0x03-php548assert](https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html#0x03-php548assert%29)
内网渗透
* [内网中间人玩法备忘录]([http://3xp10it.cc/web/2017/05/16/内网中间人玩法备忘录/](http://3xp10it.cc/web/2017/05/16/内网中间人玩法备忘录/%29)
* [乙方渗透测试之Fuzz爆破]([http://www.cnnetarmy.com/乙方渗透测试之Fuzz爆破/](http://www.cnnetarmy.com/乙方渗透测试之Fuzz爆破/%29)
* [乙方渗透测试之信息收集]([http://www.cnnetarmy.com/乙方渗透测试之信息收集/](http://www.cnnetarmy.com/乙方渗透测试之信息收集/%29)
* [内网渗透测试定位技术总结]([https://zhuanlan.zhihu.com/p/26171460](https://zhuanlan.zhihu.com/p/26171460%29)
* [内网渗透随想]([http://www.secbox.cn/skill/6872.html](http://www.secbox.cn/skill/6872.html%29)
沙箱逃逸
* [Python沙箱逃逸的n种姿势]([https://mp.weixin.qq.com/s/PLI-yjqmA3gwk5w3KHzOyA](https://mp.weixin.qq.com/s/PLI-yjqmA3gwk5w3KHzOyA%29)
WAF 绕过
社会工程
* [密码破解与常见社会心理学分析最新漏洞-Www.SitedirSEC.Com]([http://www.sitedirsec.com/exploit-1835.html](http://www.sitedirsec.com/exploit-1835.html%29)
代码审计
* [PHP漏洞挖掘——进阶篇]([http://blog.nsfocus.net/php-vulnerability-mining/](http://blog.nsfocus.net/php-vulnerability-mining/%29)
CTF
* [论如何在CTF比赛中搅“shi”]([http://www.freebuf.com/articles/web/118149.html](http://www.freebuf.com/articles/web/118149.html%29)
最后更新于