Google Drive
Gist
Clipboard
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeWeb Security
SQLab 2023
Author: Sean 韋詠祥
Slide: https://hackmd.io/@Sean64/sec-sqlab2023
Note:
日期:2023-06-07(三)
課程時間:10:30 - 12:00
10:30 開場
10:35 filter
10:40 Lab: My Blog
10:50 x-fwd
10:55 Lab: Cloud Drive
11:05 off-by-slash
11:10 Lab: Dynamic Pricing
11:20 Lab Demo
11:25 XXE
11:30 Lab: Import Blog Post
11:35 SSTI
11:45 Lab: WIP
11:55 PP
12:00 Lunch
About Me
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →Note:
Outline
php://filterphp://filterNote:
Week 1 p108
https://github.com/splitline/How-to-Hack-Websites/blob/master/slides/week/week1.pdf
What is
php://wrapperphp://stdin,php://stdout,php://stderrphp://input,php://outputphp://filterphp://memory,php://temp,php://fdNote:
https://www.php.net/manual/en/wrappers.php.php
Parameters of
php://filter/resource=index.php/read=string.rot13/read=convert.base64-encode/write=zlib.deflateExample
php://filter/read=string.rot13/resource=https://sean.cat/Lab: My Blog
Note:
https://ctf.sean.cat/filter/
X-Forwarded-For
How to get user's IP address?
Note:
https://devco.re/blog/2014/06/19/client-ip-detection/
StackOverflow?
And ChatGPT
What are those variables
Lab: Cloud Drive
Note:
https://ctf.sean.cat/ip-addr
CF-Connecting-IP
NginX
off-by-slash
Note:
Week 1 p101
Recap: Path Traversal
NginX Config
Off-by-slash
Note:
Breaking Parser Logic, Orange @ Black Hat
https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
Lab: Dynamic Pricing
Note:
https://ctf.sean.cat/slash.php
XXE
XML External Entity Injection
XML Syntax
XML Custom Entity
Note:
https://portswigger.net/web-security/xxe/xml-entities
XML External Entity
It could be external links
And could be local files
Lab: Import Blog Post
Note:
https://ctf.sean.cat/xxe/
Template Injection
Note:
Week 3 p190
https://github.com/splitline/How-to-Hack-Websites/blob/master/slides/week/week3.pdf
Slide
Refer to https://img.sean.taipei/2023/06/web-sec.pdf
Full Version: https://github.com/splitline/How-to-Hack-Websites/blob/master/slides/week/week3.pdf
Lab: WIP
Prototype Pollution
Note:
Week 3 p172
Reference
Q&A
投影片連結:https://hackmd.io/@Sean64/sec-sqlab2023
這份投影片以 創用 CC - 姓名標示 授權公眾使用,原始碼及講稿請見 此連結。