web测试


  • brief introduction
  • Table of contents
  • Latest documents

    常规漏洞测试与危害

    六十个 RCE 案例: 链接: https://pan.baidu.com/s/1Mwr-HuIP7kfdZvHicr4adQ?pwd=rk93 提取码: rk93 原文地址: https://docs.google.com/presentation/d/1bkrkAJLuDjfZfsf-9A62rygWe6zR_uiOq_Yd_8X_NGY/edit#slide=id.g126a4fdb………

    myh0st - Aug. 15, 2022, 5:40 p.m.


    小技巧积累

    Bypass final Payload Cloudflare ``` CLICK HERE ``` 文件下载使用 `.%00.` 绕过 ![](/media/202203/2022-03-21_095102_548451.png) The filter was removing `<` character , `` and all. ``` Bypass: <\nimg src=………

    myh0st - April 20, 2022, 8:56 p.m.


    网站测试 Checklist

    Recon phase Small scope [ ] Identify web server, technologies and database (whatweb, webanalyze) [ ] Try to locate /robots.txt /crossdomain.xml /clientaccesspolicy.xml /sitemap.xml and /.well-known/………

    myh0st - April 19, 2022, 9:44 a.m.


    web应用渗透测试检查列表

    信息收集 [ ] 识别 web server, 语言、数据库等 [ ] 第三方合作公司与子公司收集 [ ] 域名反解析 [ ] 识别 IP 和 ASN 号,扩展目标范围 [ ] Google hack [ ] Github 收集 [ ] 目录枚举 [ ] IP 范围枚举 [ ] JS 文件分析 [ ] 子域名枚举和暴力破解 [ ] Subdomain 接管 [ ] ………

    myh0st - April 19, 2022, 9:35 a.m.


    xss waf bypass payload

    &lt;img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"&gt;&lt;/img&gt; or "&gt;&lt;sc&lt;&gt;ript&gt;&lt;onxXxxXXxXXXxx=()%20autofoco%20onmouseover=alert("HEJAP ZAIRY AL-SHARIF")&g………

    myh0st - March 25, 2022, 5:05 p.m.



    myh0st , luo936196427 , includeSteven , h1d0ng9e