本文详细记录了一次利用XSS读取源码和NoSQL注入进行渗透测试的过程，包括XSS漏洞发现、XMLRequest发起ajax请求以及NoSQL注入的应用。了解如何通过这些技术突破安全防线，提高网络安全防护能力。

This article discusses a vulnerability test conducted on a school’s award submission platform. It covers issues such as privilege escalation, file upload and do

This article discusses the audit of vulnerabilities in a mini Taobao platform built with Spring Boot. It focuses on identifying issues related to Fastjson comma

Explore the unusual 403 bypass technique used in a recent penetration test on redacted.com. Learn how changing case sensitivity led to gaining access to the adm

了解实战中各种SQL注入绕过方法，包括%00绕过、Base64绕WAF、Emoji绕过等技术。

Explore common login logic vulnerabilities such as weak passwords, brute force attacks, and CAPTCHA bypass. Discover practical solutions to enhance web applicat

本文详细记录了一次攻防演练中的关键步骤，包括搭建VPN和利用Redis未授权漏洞获取服务器root权限。了解边界设备配置及安全策略，掌握实战技术。

Explore the security vulnerability of an electric arcade app's WeChat one-click login feature. Discover how to exploit it by accessing shared preferences and ex

Explore the basic concepts and processes of Java code auditing to ensure your applications are secure. Learn about different types of risks and how to identify,

本文详细记录了一次针对招Piao应用的漏洞挖掘过程，从发现系统漏洞到实现远程代码执行（RCE），并提供了详细的步骤和技术细节。

本文详细介绍了登录参数加密逆向分析的过程，包括使用Python脚本进行AES ECB模式加密解密、提取前端JS代码进行逆向分析，并可用于爆破攻击。适用于网络安全和测试技术人员学习参考。

本文详细介绍了从弱口令爆破到SQL注入，最终实现WebShell部署的过程。涵盖漏洞利用、权限提升和绕过安全防护的技术细节。