节选自《赛棍》
收集一些资料、文件,分类取用
# SQL injection
https://github.com/r0oth3x49/ghauri
https://websec.readthedocs.io/zh/latest/vuln/sql/index.html
https://book.hacktricks.xyz/pentesting-web/sql-injection
mysql8.pdf
SQL%E6%B3%A8%E5%85%A5%E4%B8%80%E5%91%BD%E9%80%9A%E5%85%B3%21__fushuling%E3%81%AEblog.pdf
# SSTI
https://tttang.com/archive/1698/
https://github.com/Marven11/Fenjing/tree/main
https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
# NodeJS
https://xz.aliyun.com/t/11791
https://www.leavesongs.com/PENETRATION/javascript-prototype-pollution-attack.html
# RCE
https://www.leavesongs.com/PENETRATION/webshell-without-alphanum-advanced.html
https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html
%E5%88%A9%E7%94%A8shell%E8%84%9A%E6%9C%AC%E5%8F%98%E9%87%8F%E6%9E%84%E9%80%A0%E6%97%A0%E5%AD%97%E6%AF%8D%E6%95%B0%E5%AD%97%E5%91%BD%E4%BB%A4__fushuling%E3%81%AEblog.pdf
%E6%97%A0%E5%AD%97%E6%AF%8D%E6%95%B0%E5%AD%97%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E9%BB%91%E9%AD%94%E6%B3%95shell%E8%84%9A%E6%9C%AC%E5%8F%98%E9%87%8F__fushuling%E3%81%AEblog.pdf
%E6%9D%A5%E8%87%AA%E5%B0%8F%E5%AF%86%E5%9C%88%E9%87%8C%E7%9A%84%E9%82%A3%E4%BA%9B%E5%A5%87%E6%8A%80%E6%B7%AB%E5%B7%A7.pdf
# Include
https://www.gem-love.com/2022/06/26 / 文件包含的几种不常规利用姿势 /
CTF%E4%B8%AD%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E7%9A%84%E5%87%A0%E7%A7%8D%E4%B8%8D%E5%B8%B8%E8%A7%84%E5%88%A9%E7%94%A8%E5%A7%BF%E5%8A%BF%E6%80%BB%E7%BB%93___%E9%A2%96%E5%A5%87LAmore.pdf
https://xiaolong22333.top/archives/212/
https://www.freebuf.com/vuls/202819.html
%E5%88%A9%E7%94%A8session.upload_progress%E8%BF%9B%E8%A1%8C%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E5%92%8C%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%B8%97%E9%80%8F_-_FreeBuf%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E8%A1%8C%E4%B8%9A%E9%97%A8%E6%88%B7.pdf
data_media_attachment_b0e6b76e-dade-4096-976f-cabfad855bf2.pdf
data_media_attachment_16e6902c-a5b0-48a6-b5e5-38404c7d3dc0.pdf
UPLOAD
