","https://i-blog.csdnimg.cn/direct/3c08c500c4f84d27849cf220c5c99ade.png","1849919734368178178","Suckerbin","https://profile-avatar.csdnimg.cn/499b41b9371c41cebde76c5b9e49939b_zhongyuekang820.jpg",[306,309,310,311],{"id":307,"name":308},50,"笔记",{"id":65,"name":66},{"id":68,"name":69},{"id":5,"name":6},1760508355000,{"id":314,"title":315,"description":316,"imgUrl":251,"views":16,"ownerId":317,"ownerName":318,"ownerHeadUrl":319,"tagList":320,"time":330},"1978324116647247874","JWT 漏洞全解析:从原理到实战","作为护网红队,JWT(JSON Web Token)漏洞是渗透测试中极易被忽视却危害显著的漏洞类型 —— 它直接关联身份认证与权限控制,一旦存在漏洞,攻击者可伪造任意用户 Token(如管理员)、绕过登录验证、横向渗透内网系统。在 SRC(安全响应中心)中,JWT 漏洞常被评为中高危(甚至严重),且挖掘成本低、验证周期短;在护网行动中,JWT 漏洞更是 “快速拿下后台、获取核心权限” 的关键突破口。本文将从 JWT 的本质原理出发,拆解漏洞类型、挖掘方法、核心工具,结合 SRC 与护网实战案例,阐述红队如","1975143076248223745","white-persist","https://profile-avatar.csdnimg.cn/default.jpg",[321,324,325,326,327,328,329],{"id":322,"name":323},14,"前端",{"id":48,"name":49},{"id":225,"name":226},{"id":65,"name":66},{"id":68,"name":69},{"id":5,"name":6},{"id":231,"name":232},1760504199000,{"id":332,"title":333,"description":334,"imgUrl":335,"views":191,"ownerId":336,"ownerName":337,"ownerHeadUrl":338,"tagList":339,"time":347},"1978283066763313154","攻防世界-Web-unseping","1.php反序列化2.命令执行绕过打开网站,是php代码,审计。综上,post接受ctf数据,将method为ping,参数为要执行的命令,并绕过waf。","https://i-blog.csdnimg.cn/direct/d039c9247d2743788704876e9f1ab1af.png","1941319725748891650","unable code","https://i-avatar.csdnimg.cn/c6e170eeacc64dc590825394cabdfc39_2301_80797059.jpg",[340,341,344],{"id":5,"name":6},{"id":342,"name":343},1220,"web",{"id":345,"name":346},2041,"ctf",1760494412000,{"id":349,"title":350,"description":351,"imgUrl":352,"views":16,"ownerId":353,"ownerName":354,"ownerHeadUrl":355,"tagList":356,"time":358},"1978254406924697601","大米CMS支付漏洞复现报告","PHPstudy(小皮面板)Burp Suite(抓包工具)大米CMS5.4版本user:admin666","https://i-blog.csdnimg.cn/direct/d1cce0d1819e41b787421e176d883ebb.png","1930114094442524674","Cyyyy_g","https://i-avatar.csdnimg.cn/f4004348de8546e7abf35f1e39ce8c67_Cyyyy_g.jpg",[357],{"id":5,"name":6},1760487579000,{"id":360,"title":361,"description":362,"imgUrl":363,"views":16,"ownerId":364,"ownerName":365,"ownerHeadUrl":366,"tagList":367,"time":374},"1978100191296290818","Apache2","一:概念通常称为Apache,是世界上最流行的开源web服务器软件,负责接收用户的http请求,并且返回对于内容","https://i-blog.csdnimg.cn/direct/d54c69c0c2cc49ccaab0585644ca8540.png","1918619072787501057","Le_ee","https://i-avatar.csdnimg.cn/6007b84c54e14256a95cfcf5699c0622_2403_88102829.jpg",[368,369,370,373],{"id":45,"name":46},{"id":5,"name":6},{"id":371,"name":372},553,"apache",{"id":342,"name":343},1760450811000,{"id":376,"title":377,"description":378,"imgUrl":379,"views":380,"ownerId":381,"ownerName":382,"ownerHeadUrl":383,"tagList":384,"time":390},"1978055559455768577","2025年“羊城杯”网络安全大赛 线上初赛 (WriteUp)","给的php源码:Exp:弱口令guest/guest登录Exp:核心是利用JWT 密钥泄露伪造令牌、路径穿越上传恶意文件、服务器端模板注入(SSTI)","https://i-blog.csdnimg.cn/direct/ac723d587bdb4ed1b5d8a9986eef7441.png",63,"1957716271142842370","小张的博客之旅","https://i-avatar.csdnimg.cn/e49d6ce60bcc4365b894a9bbb8e4cbdf_2401_87471430.jpg",[385,386,389],{"id":225,"name":226},{"id":387,"name":388},84,"学习",{"id":5,"name":6},1760440170000,"2373831",true,["Reactive",394],{"$sisPC2":395},false,["Set"],["ShallowReactive",398],{"KoELoR-VMpikMPJp97vzmVENLp6AUOjhjsw17FtXlJs":-1,"Yqw3r1h8JY1sLbax3kmGsx-jqdBigo0WI5pzZNxls-o":-1,"i-atldP1vQn6trzmwAlEy_7v7CEjp_jG1K0UPqbo85o":-1},"/tag/154"]