Title: Pest Test Practical Practice--Spinach Cutting Point

Foreword

This article is for communication and learning only. Any direct or indirect consequences and losses caused by the dissemination and utilization of the information provided by this article shall be the responsibility of the user himself, and the author of the article shall not bear any responsibility for this.

Penetration testing can be divided into three stages: information collection. Collect all relevant asset information as much as possible. Determine the scope of the test. Vulnerability discovery. Further vulnerability detection and exploitation of the collected assets. Further exploitation and degree of exploitation of the discovered vulnerabilities. 1. API interface in js

2. Multi-port site 3. Customer service system phishing guidance, etc.4. Points system targets fragile side stations 5. Recharge interface 6. Find source code analysis for a demo site leaked source code white box analysis

7. The bc backend is rooted in js resource url, subdomain, etc. and other methods to find general small sites, mostly add the first domain, ad ag admin 123admin ht, etc. Reprinted in the original link: https://mp.weixin.qq.com/s/ZGNKIkfOidLPpjT856LHxw