常见漏洞资料导航

节选自《赛棍》

收集一些资料、文件，分类取用

# SQL injection

https://github.com/r0oth3x49/ghauri

https://websec.readthedocs.io/zh/latest/vuln/sql/index.html

https://book.hacktricks.xyz/pentesting-web/sql-injection

image

image

# SSTI

https://tttang.com/archive/1698/

https://github.com/Marven11/Fenjing/tree/main

https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection

# NodeJS

https://xz.aliyun.com/t/11791

https://www.leavesongs.com/PENETRATION/javascript-prototype-pollution-attack.html

# RCE

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum-advanced.html

https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html

image

image

image

# Include

https://www.gem-love.com/2022/06/26 / 文件包含的几种不常规利用姿势 /

image

https://xiaolong22333.top/archives/212/

https://www.freebuf.com/vuls/202819.html

image

image

image

UPLOAD