Introduction

前端

後端

瀏覽器

伺服器

一些奇奇怪怪的洩漏

F12 :D

Githack ?

HTTP

packet ?

GET

POST

題目  :D

Repeater !!

Proxy?

CA 卡(X

Cookie ?

題目  :D

Injection

sql injection?

• SQL
• 資料庫百掰
• 管理員百掰

SQL injection

SELECT * FROM users WHERE username = 'administrator' AND password = 'ckeisc'

SELECT * FROM users WHERE username = 'administrator'-- ' AND password = 'ckeisc'

SQL injection

--

/*   */

#

Blind SQL injection

TrackingId=xyz' AND (SELECT SUBSTRING(password,1,1) FROM users WHERE username='administrator')='a

暴力破解(O)

Blind SQL injection

Delay

alert

error

Intruder !!

XSS

XSS?

• HTML、JS
• 跨站攻擊
• cookie

來玩個遊戲 :D

Resources