常见漏洞总结归纳自学路线图
SQL注入漏洞
https://portswigger.net/web-security/sql-injectionhttps://portswigger.net/web-security/all-labs#sql-injectionhttps://github.com/Audi-1/sqli-labshttps://github.com/sqlmapproject/sqlmaphttps://www.acunetix.com/websitesecurity/sql-injection/
目录遍历漏洞
https://portswigger.net/web-security/file-path-traversalhttps://portswigger.net/web-security/all-labs#path-traversal
命令执行漏洞
https://portswigger.net/web-security/os-command-injectionhttps://portswigger.net/web-security/all-labs#os-command-injection
暴力猜解漏洞
https://portswigger.net/web-security/logic-flawshttps://portswigger.net/web-security/all-labs#business-logic-vulnerabilities
信息泄露漏洞
https://portswigger.net/web-security/information-disclosurehttps://portswigger.net/web-security/all-labs#information-disclosure
越权漏洞
https://portswigger.net/web-security/access-controlhttps://portswigger.net/web-security/access-control/security-models
文件上传漏洞
https://portswigger.net/web-security/file-uploadhttps://portswigger.net/web-security/all-labs#file-upload-vulnerabilitieshttps://github.com/c0ny1/upload-labs
竞争条件漏洞
https://portswigger.net/web-security/race-conditionshttps://portswigger.net/web-security/all-labs#race-conditions
SSRF服务器端请求伪造漏洞
https://portswigger.net/web-security/ssrfhttps://portswigger.net/web-security/all-labs#server-side-request-forgery-ssrf
XXE(XML实体注入)漏洞
https://portswigger.net/web-security/xxehttps://github.com/c0ny1/xxe-lab
XSS跨站脚本攻击漏洞
https://portswigger.net/web-security/cross-site-scriptinghttps://portswigger.net/web-security/all-labs#cross-site-scriptinghttps://www.acunetix.com/websitesecurity/cross-site-scripting/
CSRF跨站请求伪造漏洞
https://portswigger.net/web-security/csrfhttps://portswigger.net/web-security/all-labs#cross-site-request-forgery-csrf
CORS跨域资源读取漏洞
https://portswigger.net/web-security/corshttps://portswigger.net/web-security/all-labs#cross-origin-resource-sharing-cors
点击劫持
https://portswigger.net/web-security/clickjackinghttps://portswigger.net/web-security/all-labs#clickjacking
Web LLM attacks大模型攻击
https://portswigger.net/web-security/llm-attackshttps://portswigger.net/web-security/all-labs#web-llm-attackshttps://mp.weixin.qq.com/mp/appmsgalbum?__biz=Mzg2NzY0MzM3Ng==&action=getalbum&album_id=3312413957536366597&scene=173&subscene=227&sessionid=1713083860&enterid=1713083865&from_msgid=2247483997&from_itemidx=1&count=3&nolastread=1#wechat_redirect
Host Header Attack host头攻击漏洞
https://portswigger.net/web-security/host-headerhttps://portswigger.net/web-security/all-labs#http-host-header-attacks
原文始发于微信公众号(利刃信安):【漏洞总结】常见漏洞总结归纳自学路线图
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论