- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 60字
- 2021-07-16 17:53:16
Payload
The XSS snippet we used to successfully execute JavaScript will go here. In the case of SQLi, a successful password attack, or any number of other payload-based attacks, that data would be required as well. If you trip on multiple payload types in one discovery, you should mention however many illustrate the general sanitation rules being misapplied:
<a onmouseover="alert(document.cookie)">xxs link</a>
推薦閱讀
- 計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)(第6版·慕課版)
- 安全實(shí)戰(zhàn)之滲透測(cè)試
- Kali Linux Wireless Penetration Testing Cookbook
- 模糊測(cè)試:強(qiáng)制發(fā)掘安全漏洞的利器
- Instant Java Password and Authentication Security
- VMware vCloud Security
- Mastering Malware Analysis
- 聯(lián)邦學(xué)習(xí)原理與算法
- Hands-On Bug Hunting for Penetration Testers
- INSTANT Microsoft Forefront UAG Mobile Configuration Starter
- 網(wǎng)絡(luò)對(duì)抗的前世今生
- 極限黑客攻防:CTF賽題揭秘
- AI+網(wǎng)絡(luò)安全:智網(wǎng)融合空間體系建設(shè)指南
- 計(jì)算機(jī)病毒揭秘與對(duì)抗
- Cisco Firepower威脅防御(FTD)設(shè)備的高級(jí)排錯(cuò)與配置