Explore the security vulnerability of an electric arcade app's WeChat one-click login feature. Discover how to exploit it by accessing shared preferences and ex

本文详细记录了一次攻防演练中的关键步骤，包括搭建VPN和利用Redis未授权漏洞获取服务器root权限。了解边界设备配置及安全策略，掌握实战技术。

Explore common login logic vulnerabilities such as weak passwords, brute force attacks, and CAPTCHA bypass. Discover practical solutions to enhance web applicat

了解实战中各种SQL注入绕过方法，包括%00绕过、Base64绕WAF、Emoji绕过等技术。

Explore the unusual 403 bypass technique used in a recent penetration test on redacted.com. Learn how changing case sensitivity led to gaining access to the adm

This article discusses the audit of vulnerabilities in a mini Taobao platform built with Spring Boot. It focuses on identifying issues related to Fastjson comma

This article discusses a vulnerability test conducted on a school’s award submission platform. It covers issues such as privilege escalation, file upload and do

本文详细记录了一次利用XSS读取源码和NoSQL注入进行渗透测试的过程，包括XSS漏洞发现、XMLRequest发起ajax请求以及NoSQL注入的应用。了解如何通过这些技术突破安全防线，提高网络安全防护能力。

本文详细记录了一次对某菠菜网站的简单测试，包括弱口令、SQL注入和MSSQL提权等安全测试过程。通过实战案例解析如何进行有效的渗透测试，并分享相关技巧与工具。

Explore four real-life vulnerability discovery cases including storage process SQL injection and SSRF. Learn practical techniques for identifying and exploiting

本文分享了一次成功的渗透测试案例，详细解析了如何绕过前端验证和后端缺陷。通过实际操作，展示了在未授权情况下获取用户信息的方法和技术细节。

了解EHole和BBScan的实战应用，学习如何通过资产测绘和敏感信息挖掘提升网络安全防护。掌握外网打点与高价值资产挖掘技巧，为红队攻防提供有力支持。