","https://i-blog.csdnimg.cn/direct/3c08c500c4f84d27849cf220c5c99ade.png","1849919734368178178","Suckerbin","https://profile-avatar.csdnimg.cn/499b41b9371c41cebde76c5b9e49939b_zhongyuekang820.jpg",[109,112,113,114],{"id":110,"name":111},50,"笔记",{"id":22,"name":23},{"id":7,"name":8},{"id":115,"name":116},154,"网络安全",1760508355000,{"id":119,"title":120,"description":121,"imgUrl":90,"views":34,"ownerId":122,"ownerName":123,"ownerHeadUrl":53,"tagList":124,"time":136},"1978324116647247874","JWT 漏洞全解析:从原理到实战","作为护网红队,JWT(JSON Web Token)漏洞是渗透测试中极易被忽视却危害显著的漏洞类型 —— 它直接关联身份认证与权限控制,一旦存在漏洞,攻击者可伪造任意用户 Token(如管理员)、绕过登录验证、横向渗透内网系统。在 SRC(安全响应中心)中,JWT 漏洞常被评为中高危(甚至严重),且挖掘成本低、验证周期短;在护网行动中,JWT 漏洞更是 “快速拿下后台、获取核心权限” 的关键突破口。本文将从 JWT 的本质原理出发,拆解漏洞类型、挖掘方法、核心工具,结合 SRC 与护网实战案例,阐述红队如","1975143076248223745","white-persist",[125,128,129,130,131,132,133],{"id":126,"name":127},14,"前端",{"id":56,"name":57},{"id":59,"name":60},{"id":22,"name":23},{"id":7,"name":8},{"id":115,"name":116},{"id":134,"name":135},444,"系统安全",1760504199000,{"id":138,"title":139,"description":140,"imgUrl":141,"views":34,"ownerId":142,"ownerName":143,"ownerHeadUrl":144,"tagList":145,"time":154},"1978263319900389378","文章管理系统CMS的XSS注入渗透测试(白盒)","存储型XSS漏洞一般出现在博客留言、文章评论等地方,这里使用文章管理系统CMS的留言板功能尝试复现一下,最终提取到管理员cookie从而实现登录绕过。","https://i-blog.csdnimg.cn/direct/6b9ad1839abe4fa8bbf98e97a9a02fa5.png","1754936714314387458","lifejump","https://file.jishuzhan.net/user/1754936714314387458/head.webp",[146,147,148,151],{"id":126,"name":127},{"id":7,"name":8},{"id":149,"name":150},2331,"xss",{"id":152,"name":153},3986,"安全性测试",1760489704000,{"id":156,"title":157,"description":158,"imgUrl":90,"views":34,"ownerId":159,"ownerName":160,"ownerHeadUrl":161,"tagList":162,"time":165},"1978124257797406721","网络安全概念之网闸&防火墙AI版","防火墙:在连通的网络之间进行访问控制。网闸:在物理隔离的网络之间进行数据交换。防火墙:像你家的防盗门和猫眼。你可以通过猫眼(规则)判断谁可以进来,但门始终是存在的,如果小偷技术高超或你误判了,他依然能进来。","1816435729329295362","不像程序员的程序媛","https://profile-avatar.csdnimg.cn/329599dd9cb8496f856f94aced5259ff_hnzhoujunmei.jpg",[163,164],{"id":22,"name":23},{"id":7,"name":8},1760456549000,{"id":167,"title":168,"description":169,"imgUrl":90,"views":34,"ownerId":170,"ownerName":171,"ownerHeadUrl":172,"tagList":173,"time":175},"1977979084316672002","纵深防御——文件上传漏洞","前端检测:主要用于提升用户体验,快速给出反馈,减少无效请求对服务器的压力。绝对不可作为安全依赖,因为可以轻易被绕过。","1971017402252574721","Never_z&y","https://i-avatar.csdnimg.cn/a54cd79e2bc4427a98cf5d08be035b76_m0_67212501.jpg",[174],{"id":7,"name":8},1760421937000,{"id":177,"title":178,"description":179,"imgUrl":90,"views":34,"ownerId":180,"ownerName":181,"ownerHeadUrl":182,"tagList":183,"time":191},"1977951137820114946","HTTP与HTTPS:从明文到加密的Web安全革命","在我们每天打开浏览器、访问网站的过程中,有两个协议始终在幕后默默工作 ——HTTP 与 HTTPS。它们是 Web 世界的 “交通规则”,决定了浏览器与服务器之间如何传递数据。但你是否好奇:为什么有些网址开头是 “http://”,有些却是 “https://”?后者的小绿锁图标意味着什么?本文将从协议本质、工作原理、安全差异到实际应用,带你全面理解 HTTP 与 HTTPS。","1972897038682619905","K_i134","https://i-avatar.csdnimg.cn/99547e64791a4622859a2ccd3c0858b2.jpg",[184,185,188],{"id":7,"name":8},{"id":186,"name":187},127,"http",{"id":189,"name":190},246,"https",1760415274000,{"id":193,"title":194,"description":195,"imgUrl":90,"views":196,"ownerId":197,"ownerName":198,"ownerHeadUrl":53,"tagList":199,"time":202},"1977909559709728769","网络安全等级测评师能力评估样卷及答案","A. 6 B.5 C. 4 D. 3 26. 依据《信息安全技术 网络安全等级保护基本要求》(GB/T 22239-2019),第二级网络安全管理制度包括 ( )个控制点。 A. 6 B.5 C. 4 D. 3 27. 对于与互联网物理隔离的内网环境,下列哪种攻击方式最为有效? A. 端口扫描 B. 目录遍历 C. 拒绝服务 D. 摆渡木马 28. 关于远程代码执行(RCE)漏洞,以下错误的是( )。 A. 远程代码执行漏洞允许攻击者在目标系统上执行任意命令或代码 B. 反序列化漏洞是导致远程代码执行的常",9,"1874406516870615041","huluang",[200,201],{"id":22,"name":23},{"id":7,"name":8},1760405361000,{"id":204,"title":205,"description":48,"imgUrl":49,"views":50,"ownerId":51,"ownerName":52,"ownerHeadUrl":53,"tagList":206,"time":214},"1977895245057687554","2025年渗透测试面试题总结-105(题目+回答)",[207,208,209,210,211,212,213],{"id":56,"name":57},{"id":59,"name":60},{"id":22,"name":23},{"id":7,"name":8},{"id":64,"name":65},{"id":67,"name":68},{"id":70,"name":71},1760401948000,{"id":216,"title":217,"description":218,"imgUrl":90,"views":219,"ownerId":220,"ownerName":221,"ownerHeadUrl":222,"tagList":223,"time":229},"1977735173346230273","SQLMap常用命令指南(参数及其用法)","SQLMap 是一款开源的自动化 SQL 注入工具,广泛应用于检测和利用 Web 应用程序的 SQL 注入漏洞。它支持多种数据库类型(如 MySQL、PostgreSQL、MSSQL、Oracle 等),并提供了丰富的参数以应对各种注入场景。",11,"1927944221672198145","lubiii_","https://profile-avatar.csdnimg.cn/d75290b59be74bb49dfbdbca3b20dded_lubiii_.jpg",[224,227,228],{"id":225,"name":226},59,"sql",{"id":7,"name":8},{"id":115,"name":116},1760363784000,{"id":231,"title":232,"description":233,"imgUrl":234,"views":34,"ownerId":235,"ownerName":236,"ownerHeadUrl":237,"tagList":238,"time":247},"1977396995141730306","CTF攻防世界WEB精选基础入门:command_execution","如果 ping 命令不正确地处理其输入参数,就可能存在被攻击者利用来运行危险的命令的风险。 例如,如果在 ping 命令中使用了一个长度超过其预期的输入参数,则可能会导致该命令出现缓冲区溢出漏洞。","https://img-blog.csdnimg.cn/1a0c531ff83b42c6af11084adebbcfec.png","1970856164830789634","风语者日志","https://i-avatar.csdnimg.cn/a4d3725bf3cf4d5d8f0afc59252df909_weixin_46417756.jpg",[239,240,241,244],{"id":7,"name":8},{"id":115,"name":116},{"id":242,"name":243},2041,"ctf",{"id":245,"name":246},103889,"小白入门",1760283156000,{"id":249,"title":250,"description":251,"imgUrl":90,"views":50,"ownerId":252,"ownerName":253,"ownerHeadUrl":53,"tagList":254,"time":256},"1977367781843730434","网安面试题收集(2)","考察点: Web漏洞原理、输入验证、安全编码 参考答案:原理: 攻击者通过在输入字段中插入恶意 SQL 语句,使应用程序在数据库中执行未预期的查询或命令。 例如:","1958425167406870529","witkey_ak9896",[255],{"id":7,"name":8},1760276191000,{"id":258,"title":259,"description":260,"imgUrl":90,"views":261,"ownerId":122,"ownerName":123,"ownerHeadUrl":53,"tagList":262,"time":274},"1977330238460854273","XXE 注入漏洞全解析:从原理到实战","XXE(XML External Entity Injection,XML 外部实体注入)是一种常被低估却极具杀伤力的漏洞 —— 它通过滥用 XML 解析器对外部实体的处理机制,可实现读取本地文件、探测内网、攻击后端系统等深度渗透效果。本文将从 XXE 的核心原理出发,系统梳理其分类、payload 构造、SRC 挖掘策略,重点解析在实战与护网中如何利用 XXE 突破边界,并结合真实案例阐述攻击链路,帮助读者建立从 “漏洞发现” 到 “实战利用” 的完整认知。",30,[263,266,267,268,269,270,271],{"id":264,"name":265},13,"开发语言",{"id":126,"name":127},{"id":56,"name":57},{"id":22,"name":23},{"id":7,"name":8},{"id":115,"name":116},{"id":272,"name":273},200,"信息可视化",1760267240000,{"id":276,"title":277,"description":278,"imgUrl":279,"views":34,"ownerId":280,"ownerName":281,"ownerHeadUrl":282,"tagList":283,"time":288},"1977321958632128514","1.2、网络安全攻防实验室搭建指南:VMware + Kali Linux + Win10 全流程","本文手把手教你如何基于 VMware Workstation 搭建一个隔离、安全的网络攻防实验环境,适合网络安全初学者、渗透测试学习者及实验环境搭建者。","https://i-blog.csdnimg.cn/direct/bf2edd663be94d35a3d39a51138ec51c.png","1960351451636609026","骥龙","https://i-avatar.csdnimg.cn/08a79cf6b51240dfa0e8fe54bbc6cb96_gavinxiong.jpg",[284,286,287],{"id":196,"name":285},"linux",{"id":22,"name":23},{"id":7,"name":8},1760265266000,{"id":290,"title":291,"description":292,"imgUrl":293,"views":34,"ownerId":294,"ownerName":295,"ownerHeadUrl":296,"tagList":297,"time":300},"1976994559524667394","Raven2","nmap:扫描主机存活nmap -sn 192.168.203.0/24可以看到靶机地址为192.168.203.131","https://i-blog.csdnimg.cn/img_convert/81d51e427a2a1bef19b0a7bc4e36750d.png","1911827196794175490","谈不譚网安","https://i-avatar.csdnimg.cn/20b0eca000344bb7b1203bda546a53c2_2401_88816569.jpg",[298,299],{"id":7,"name":8},{"id":115,"name":116},1760187208000,{"id":302,"title":303,"description":304,"imgUrl":305,"views":306,"ownerId":307,"ownerName":308,"ownerHeadUrl":309,"tagList":310,"time":317},"1976922229167423489","网络攻防技术:网络安全攻击概述","在数字化浪潮席卷全球的今天,网络攻击已从理论威胁演变为悬在每个人头顶的达摩克利斯之剑。1988年,互联网世界发生了首起有关安全的事件——蠕虫事件,几千台装有Unix操作系统的主机受到入侵。经过分析得知,蠕虫利用BsdUnix电子邮件程序中的一个调试后门和一个关于串处理函数的错误侵入系统。","https://i-blog.csdnimg.cn/direct/3a8a82408c7c4cd0b8e6d740f7b34ecc.png",4,"1921410870056439809","网安INF","https://i-avatar.csdnimg.cn/bd3393c02f874118860a3786884063de_2303_80022567.jpg",[311,312,313,314],{"id":22,"name":23},{"id":7,"name":8},{"id":115,"name":116},{"id":315,"name":316},34353,"网络攻防",1760169963000,"2365302",true,["Reactive",321],{"$sisPC2":322},false,["Set"],["ShallowReactive",325],{"KoELoR-VMpikMPJp97vzmVENLp6AUOjhjsw17FtXlJs":-1,"geWXP8ZXZbtMkqvmm28VofiQVBn0SBiVf_zOXBek6jY":-1,"CtCsSW6FE0jKGUZtpkwO8k9WtnWWnQ6Shu-p_0HtB4w":-1},"/tag/113"]