当前位置:网站首页>Brute force of DVWA low -- > High

Brute force of DVWA low -- > High

2022-04-23 14:46:00 @Diandian 123

DVWA Violent cracking of (Brute Force)Low–>high

low-level (low)

Scene construction

 Insert picture description here

Burpsuit Intercept analysis

 Insert picture description here
 Insert picture description here

 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here

intermediate (Medium)

Scene construction

 Insert picture description here

Burpsuite Intercept analysis

 Insert picture description here
 Insert picture description here
 Insert picture description here

 Insert picture description here
 Insert picture description here
 Insert picture description here

senior (High)

Scene construction

 Insert picture description here

Brupsuite Intercept analysis

 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here
 Insert picture description here

impossible (Impossible)

Scene construction

 Insert picture description here

The code analysis

 Insert picture description here
 Insert picture description here
You can see Impossible Level code adds a reliable explosion-proof breaking mechanism , When frequent login errors are detected , The system will lock the account , The blasting can't continue .
At the same time, a safer PDO(PHP Data Object) Mechanism defense sql Inject , This is because... Cannot be used PDO The extension itself performs any database operations , and sql The key to injection is through destruction sql The statement structure executes malicious sql command .

版权声明
本文为[@Diandian 123]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231425123626.html