Discover the critical vulnerabilities of supply chains and explore advanced techniques such as heapdump leaks and unauthorized access in WeChat Mini Programs. L

Learn how to exploit JavaScript for intranet horizontal privilege escalation during a cybersecurity exercise. This guide covers techniques such as SQL injection

本文详细介绍了在公益SRC平台上进行CMS漏洞检测和利用的实战经验，涵盖准备工作、POC测试单个站点以及批量检测的方法。

本文详细讲述了如何利用Log4j漏洞进入企业内网并进行横向渗透的过程，同时展示了与管理员斗智斗勇的实际操作。

This article discusses a vulnerability test conducted on a school’s award submission platform. It covers issues such as privilege escalation, file upload and do

本文将带领您了解如何使用MT管理器和BlackDex进行APK逆向分析，探索某斗地主APP的支付机制与记牌器功能。通过具体实例解析，帮助网络安全和技术爱好者掌握关键技巧。

This article details an internal network penetration test using Spring Cloud and YSOSerial for exploiting vulnerabilities. It covers FTP anonymous login, servic

Discover how a researcher exploited Tesla's dual IDP system to perform an account takeover. Learn about the implications of using former employees' emails for u

本文总结了在安卓7及以上版本进行APP和小程序渗透测试时，如何解决证书信任问题及抓取HTTPS流量包的方法。通过使用OpenSSL工具、设置代理等步骤实现目标。

This article documents a simple penetration test on the www.target.net platform. It covers the process of information collection, discovering vulnerabilities su

本文详细解析了jsherpcms系统中的SQL注入和存储型XSS漏洞，通过具体案例展示了如何进行代码审计。

This article describes the process of discovering vulnerabilities through a sensitive information leak. Key steps include using JSFinder to identify accounts an