Basic SQL Grammar for Successful SQL Injection Attacks
crehacktive
The basic steps to learn SQL injection attacks, the flower of web hacking! This is a lecture on basic SQL grammar!
Basic
SQL, Penetration Testing, MySQL
File Upload Vulnerability Advanced Attack Techniques PART 2 [Integrated Edition]
The ultimate boss of web hacking! File upload vulnerability attack techniques! Following Part 1, this Part 2 'Chapter 1' training covers more in-depth and advanced techniques.
(4.9) 11 reviews
126 learners
Level Intermediate
Course period Unlimited
Penetration Testing
Penetration Testing
Java
Java
Web Shell
Web Shell
Offensive Security
Offensive Security
Penetration Testing
Penetration Testing
Java
Java
Web Shell
Web Shell
Offensive Security
Offensive Security
What you will gain after the course
Understanding Java File Upload Libraries
Potential security threats to Java file upload libraries
Understanding Web Application Firewalls (WAF)
WAF Bypass Techniques
Understanding diverse environments
Webshell upload attack methods in various environments
I have included content in this lecture
that cannot be heard anywhere else!
Today, there are various ways to learn web hacking. Online lecture platforms like Inflearn, academies where you can take offline classes, and search engines—most of these common paths tend to focus on general content. However, this course is different. I proudly say it contains 'content you won't find anywhere else'!
File Upload Vulnerability Attack Part 2-1
Check out the learning content!
Is the upload validation logic known to be safe really secure?
The source code below is known to be safe from file upload vulnerabilities. But is it really secure?
...
String path = request.getRealPath("/upload");
MultipartRequest multi = new MultipartRequest(request, path, 1024*10*10, "UTF-8");
Enumeration formNames = multi.getFileNames();
while(formNames.hasMoreElements()) {
String param = (String)formNames.nextElement();
String uploadFile = multi.getFilesystemName(param);
int extOffset = uploadFile.lastIndexOf(".");
String fileExt = uploadFile.substring(extOffset+1).toLowerCase();
if (!fileExt.equals("jpg") && !fileExt.equals("png") && !fileExt.equals("gif")) {
File fp = new File(path, uploadFile);
fp.delete();
out.println(“<script>alert(‘Invalid extension’);history.back(-1);</script>");
return;
}
}
...No. This source code is 'vulnerable source code'.
The reason why this code is vulnerable and the attack methods against it are covered in detail in the Part 2-1 lecture.
Shall we learn more? 📚
Understanding Cases by File Upload Library
We analyze each file upload library and cover potential security threats that may arise, as well as various cases.
File Upload Vulnerability Attack Part 2-2
Check out the learning content!
Web Application Firewall (WAF) Bypass Technique Case Study
We will explore various web firewall bypass techniques and conduct hands-on practice for those attack methods.
File Upload Vulnerability Attack Part 2-3
Check out the learning content!
We will cover directory parsing vulnerabilities found in JEUS and WebSphere in detail, examining the attack methodology of why these vulnerabilities are threatening today and how they can be exploited. (IBM WebSphere CVE-2020-4163)
We will take a detailed look at various other environments and cases.
Recommended for
these people
Who is this course right for?
Practitioners currently performing penetration testing or vulnerability assessment in the field
Job seeker
Need to know before starting?
Web Technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
Hello
This is crehacktive
27,477
Learners
1,535
Reviews
509
Answers
4.9
Rating
18
Courses
Hello, this is CreeHacktive.
Based on my years of experience diagnosing and researching various web services, I have been sharing practical, job-ready knowledge through the Inflearn platform.
I also authored Crehacktive's All-in-One Web Hacking Bible, which systematically covers the basics of web hacking. For those who lack foundational knowledge, I recommend starting your studies with this book.
Email : crehacktive3@naver.com
Curriculum
All
72 lectures ∙ (6hr 10min)
Course Materials:
Lecture resources
Published:
Last updated:
Reviews
All
11 reviews
4.9
11 reviews
hopefordreamReviews 17
∙
Average Rating 4.8
- hskim0001
Reviews 5
∙
Average Rating 5.0
- sonasup3719
Reviews 8
∙
Average Rating 4.4
- tierra819110
Reviews 4
∙
Average Rating 5.0
- kangk
Reviews 4
∙
Average Rating 5.0
crehacktive's other courses
Check out other courses by the instructor!
Similar courses
Explore other courses in the same field!
![[Easy for Non-Majors] Information Security Incidents: From Cause Analysis by Type to SolutionsCourse Thumbnail](https://cdn.inflearn.com/public/files/courses/342007/cover/ai/2/785d01a5-f55f-4807-b882-6dcbfe3d7f91.png?w=420)
![[OT Security-Common] Understanding the AI Era through Manufacturing Security Field CasesCourse Thumbnail](https://cdn.inflearn.com/public/files/courses/341942/cover/ai/0/a992253a-0431-4396-9212-69d5390e6c2d.png?w=420)
