ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ä¿®ã€MIXI 23æ–°å’æŠ€è¡“ç ”ä¿®ã€‘
23æ–°å’æŠ€è¡“ç ”ä¿®ã§å®Ÿæ–½ã—ãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ä¿®ã®è¬›ç¾©è³‡æ–™ã§ã™ã€‚ 資料ã®åˆ©ç”¨ã«ã¤ã„㦠公開ã—ã¦ã„る資料ã¯å‹‰å¼·ä¼šã‚„ä¼æ¥ã®ç ”ä¿®ãªã©ã§è‡ªç”±ã«ã”åˆ©ç”¨é ‚ã„ã¦å¤§ä¸ˆå¤«ã§ã™ãŒã€ä»¥ä¸‹ã®å½¢ã§ã®åˆ©ç”¨ã ã‘ã”é æ…®ãã ã•ã„。 ・å—講者ã‹ã‚‰å‚åŠ è²»ã‚„æŽˆæ¥æ–™ãªã©ã‚’集ã‚ã‚‹å½¢ã§ã®åˆ©ç”¨ï¼ˆä¼šå ´è²»ã‚„飲食費ãªã©â€¦
ã€2020年】CTF Webå•é¡Œã®æ”»æ’ƒæ‰‹æ³•ã¾ã¨ã‚ - ã“ã‚“ã¨ã‚ーるã—ーã“ã‚“ã¨ã‚ーるã¶ã„
ã¯ã˜ã‚㫠対象イベント èªã¿æ–¹ã€ä½¿ã„æ–¹ Remote Code Execution(RCE) 親ディレクトリ指定ã«ã‚ˆã‚‹open_basedirã®ãƒã‚¤ãƒ‘ス PHP-FPMã®TCPソケット接続ã«ã‚ˆã‚‹open_basedirã¨disable_functionsã®ãƒã‚¤ãƒ‘ス Javaã®Runtime.execã§ã‚·ã‚§ãƒ«ã‚’実行 Cross-Site Scripting(XSS) nginx環境ã§HTTPステータスコードãŒæ“作ã§ãã‚‹å ´åˆã«CSPヘッダーを無効化 Googleã®ClosureLibraryサニタイザーã®XSS脆弱性 Webã®Proxy機能を介ã—ãŸService Workerã®ç™»éŒ² 括弧を使ã‚ãªã„XSS /記å·ã‚’使用ã›ãšã«é·ç§»å…ˆURLを指定 SOME(Same Origin Method Execution)を利用ã—ã¦document.writeã‚’é †æ¬¡å®Ÿè¡Œ SQL Injection MySQ
awesome-web-security/README-jp.md at master · qazbnm456/awesome-web-security
🶠Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc. To combat this, here is a curated list of Web Security materials and resources for learning
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - thecybertix/One-Liner-Collections: This Repositories contains list of One Liners with Descriptions and Installation requirements
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.
GitHub - ReAbout/web-sec: WEB安全手册(çº¢é˜Ÿå®‰å…¨æŠ€èƒ½æ ˆ),æ¼æ´žç†è§£ï¼Œæ¼æ´žåˆ©ç”¨ï¼Œä»£ç 审计和渗é€æµ‹è¯•æ€»ç»“。ã€æŒç»æ›´æ–°ã€‘
Pen-Testing Salesforce Apps: Part 2 (Fuzz & Exploit)
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
GitHub - wonda-tea-coffee/security-tips
BSCP攻略ãƒãƒ¼ãƒˆã‚·ãƒ¼ãƒˆ
GitHub - sobinge/shadow2: æ¸—é€ è¶…å…¨é¢çš„渗é€èµ„料💯 包å«ï¼š0day,xss,sql注入,ææƒâ€¦â€¦
GitHub - twseptian/oneliner-bugbounty: oneliner commands for bug bounties
GitHub - CorrieOnly/google-dorks
GitHub - Vanshal/Bug-Hunting: The aim of this Reposiotry is to Provide the Resoursces of Learning at one place For Bug Bounty Hunters.
The Bug Hunter's Methodology 2.0
How To Shot Web - Jason Haddix's talk from DEFCON23
GOOGLE HACKING / DORKING
GitHub - Y000o/sql_injection_basic
GitHub - vavkamil/awesome-bugbounty-tools: A curated list of various bug bounty tools
{{#tags}}- {{label}}
{{/tags}}