Explore the common attack methods on GraphQL APIs and learn about securing your system with best practices. Discover how to protect against vulnerabilities in t

This article details an interesting experience of discovering a file upload vulnerability during an OA system penetration test. It covers the process from initi

本文详细记录了一次对X道CMS v20.1.1版本的源码审计过程，包括上传文档功能中的SQL注入漏洞利用方法。通过Burpsuite抓包和表单数据处理等技术手段进行分析，旨在帮助读者理解代码审计流程及常见...

本文详细探讨了关于API接口利用的关键点，包括微信公众号AppID+AppSecert、小程序Appid+AppSecert和高德地图ApiKey的利用方法与风险。

Discover how to retrieve a Telegram user's IP address using the STUN protocol. Learn about voice call-based IP extraction techniques and follow step-by-step ins

了解Electron框架中的投毒技术及其原理，通过Typeora案例展示如何在ASAR文件中植入恶意代码。适用于网络安全、技术研究领域专业人士学习参考。

本文详细介绍了通过任意文件读取漏洞结合条件竞争技术获取shell的过程。作者Notadmin分享了具体的技术细节和实操步骤，适合安全研究人员学习参考。

This article details a red and blue cybersecurity drill experience, focusing on information gathering techniques, exploiting vulnerabilities such as FastAdmin R

本文详细探讨了使用Vista 2022进行蓝队简易反钓鱼的策略，包括通过IP查找、特殊文件名和启动项检查等方法筛选可疑进程。同时提供了获取所有进程IP连接的技术实现方式。

Learn how to use PyExecJS library to automate the process of decrypting frontend encrypted content during penetration testing. This guide covers the steps from

Learn how to identify weak points in school websites using tools like Tengine and extract valuable sensitive information. This article details the process of as