• Bookmarks
  • WebSites
    • WAF
      • waf-bypass-techniques-using-http-standard-and-web-servers-behaviour
      • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
      • Cloudflare's handling of a bug in interpreting IPv4-mapped IPv6 addresses
      • exploiting-http-parsers-inconsistencies
      • UTF-8 Overlong Encoding
    • OAuth
      • hidden-oauth-attack-vectors
    • Race Conditions
      • Smashing the state machine: the true potential of web race conditions
    • Cache Attack
      • Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
    • SQL Inject
      • apache-pinot-sqli-rce
    • WSGI
      • A New Vector For “Dirty” Arbitrary File Write to RCE
    • gRPC
      • gRPC Basic
    • JAVA
      • jetty-features-for-hacking-web-apps
      • design-patterns-java
      • Java即时编译器原理解析及实践
      • Java线程池实现原理
      • Java 动态调试技术原理及实践
      • 字节码增强技术探索
      • Java动态追踪技术探究
      • Java魔法类：Unsafe应用解析
      • MyBatis缓存机制
      • Bypassing OGNL sandboxes for fun and charities
      • look-mama-no-templatesimpl
      • 一次实战不出网fastjson1.2.31
      • 美团RASP大规模研发部署实践总结
      • Mybatis OGNL表达式注入
      • 当Nashorn失去括号：非典型Java命令执行绕过
    • XXE
      • exploiting-xxe-with-local-dtd-files
      • xxe+jar协议缓存实现命令执行
    • SSRF
      • SSRF vulnerabilities caused by SNI proxy misconfigurations
      • SSRF Cross Protocol Redirect Bypass
      • PDF Export SSRF
      • finding-ssrf-via-html-injection-inside-a-pdf-file
      • SSRF on a Headless Browser Becomes Critical!
      • Digging for SSRF in NextJS apps
    • XSS
      • 如何防止XSS攻击？
      • 浅谈React框架的XSS及后利用
    • CSRF
      • CSRF 漏洞的末日？关于 Cookie SameSite 那些你不得不知道的事
    • ESI Injection
      • Beyond XSS: Edge Side Include Injection
      • esi-injection-part-2-abusing-specific-implementations
      • Exploring the World of ESI Injection
    • PHP
      • PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT
      • persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html
    • CORS
      • Think Outside the Scope: Advanced CORS Exploitation Techniques
    • DNS
      • Melting the DNS Iceberg: Taking over your infrastructuredds Kaminsky style
      • guide-to-dns-takeovers
    • JavaScript
      • Prototype pollution – and bypassing client-side HTML sanitizers
    • BugBounty
      • $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty
  • PDF
    • 对基于Git的版本控制服务的通用攻击面的探索
    • 自动化API漏洞Fuzz实战【KCon2022】
    • Hacking JSON
    • Magic in RASP-attack and defense【KCon2022】
    • tabby java code review like a pro【KCon2022】
    • A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages
    • us-17-Munoz-Friday-The-13th-JSON-Attacks-wp
    • us-17-Gil-Web-Cache-Deception-Attack-wp
    • Bug Bounty on Steroids
    • What is SSRF and how to Detect them on Web Application
    • BCS2022-探索JNDI攻击
    • AS-23-Yuanzhen-A-new-attack-interface-in-Java
    • 浅谈saas产品攻防
    • D1T2 - Make JDBC Attacks Brilliant Again - Xu Yuanzhen & Chen Hongkun
    • derbyRCE利用
    • openrasp php 浅谈
    • tomcat下的文件上传RCE姿势
    • JavaScript_prototype_pollution_attack_in_NodeJS
    • Java表达式攻防下的黑魔法
    • Magic In Java Api
    • Hacking Spring
    • HTTP Request Splitting

Bookmarks

一些随手存的文章和pdf

WebSites

WAF

waf-bypass-techniques-using-http-standard-and-web-servers-behaviour

Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

Cloudflare's handling of a bug in interpreting IPv4-mapped IPv6 addresses

exploiting-http-parsers-inconsistencies

UTF-8 Overlong Encoding

OAuth

hidden-oauth-attack-vectors

Race Conditions

Smashing the state machine: the true potential of web race conditions

Cache Attack

Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)

SQL Inject

apache-pinot-sqli-rce

WSGI

A New Vector For “Dirty” Arbitrary File Write to RCE

gRPC

gRPC Basic

JAVA

jetty-features-for-hacking-web-apps

design-patterns-java

Java即时编译器原理解析及实践

Java线程池实现原理

Java 动态调试技术原理及实践

字节码增强技术探索

Java动态追踪技术探究

Java魔法类：Unsafe应用解析

MyBatis缓存机制

Bypassing OGNL sandboxes for fun and charities

look-mama-no-templatesimpl

一次实战不出网fastjson1.2.31

美团RASP大规模研发部署实践总结

Mybatis OGNL表达式注入

当Nashorn失去括号：非典型Java命令执行绕过

XXE

exploiting-xxe-with-local-dtd-files

xxe+jar协议缓存实现命令执行

SSRF

SSRF vulnerabilities caused by SNI proxy misconfigurations

SSRF Cross Protocol Redirect Bypass

PDF Export SSRF

finding-ssrf-via-html-injection-inside-a-pdf-file

SSRF on a Headless Browser Becomes Critical!

Digging for SSRF in NextJS apps

XSS

如何防止XSS攻击？

浅谈React框架的XSS及后利用

CSRF

CSRF 漏洞的末日？关于 Cookie SameSite 那些你不得不知道的事

ESI Injection

Beyond XSS: Edge Side Include Injection

esi-injection-part-2-abusing-specific-implementations

Exploring the World of ESI Injection

PHP

PHP FILTERS CHAIN: WHAT IS IT AND HOW TO USE IT

persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html

CORS

Think Outside the Scope: Advanced CORS Exploitation Techniques

DNS

Melting the DNS Iceberg: Taking over your infrastructuredds Kaminsky style

guide-to-dns-takeovers

JavaScript

Prototype pollution – and bypassing client-side HTML sanitizers

BugBounty

$6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty

PDF

对基于Git的版本控制服务的通用攻击面的探索

自动化API漏洞Fuzz实战【KCon2022】

Hacking JSON

Magic in RASP-attack and defense【KCon2022】

tabby java code review like a pro【KCon2022】

A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages

us-17-Munoz-Friday-The-13th-JSON-Attacks-wp

us-17-Gil-Web-Cache-Deception-Attack-wp

Bug Bounty on Steroids

What is SSRF and how to Detect them on Web Application

BCS2022-探索JNDI攻击

AS-23-Yuanzhen-A-new-attack-interface-in-Java

浅谈saas产品攻防

D1T2 - Make JDBC Attacks Brilliant Again - Xu Yuanzhen & Chen Hongkun

derbyRCE利用

openrasp php 浅谈

tomcat下的文件上传RCE姿势

JavaScript_prototype_pollution_attack_in_NodeJS

Java表达式攻防下的黑魔法

Magic In Java Api

Hacking Spring

HTTP Request Splitting