先来介绍一下bwapp
bwapp是一款非常好用的漏洞演示平台,包含有100多个漏洞
SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP,
PHP Code, Host Header and SMTP injections
Authentication, authorization and session management issues
Malicious, unrestricted file uploads and backdoor files
Arbitrary file access and directory traversals
Heartbleed and Shellshock vulnerability
Local and remote file inclusions (LFI/RFI)
Server Side Request Forgery (SSRF)
Configuration issues: Man-in-the-Middle, Cross-Domain policy file,
FTP, SNMP, WebDAV, information disclosures,...
HTTP parameter pollution and HTTP response splitting
XML External Entity attacks (XXE)
HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS)
and web storage issues
Drupal, phpMyAdmin and SQLite issues
Unvalidated redirects and forwards
Denial-of-Service (DoS) attacks
Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and
Cross-Site Request Forgery (CSRF)
AJAX and Web Services issues (JSON/XML/SOAP)
Parameter tampering and cookie
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
