{"version":1,"pages":[{"id":"GKlFXEOLGUBSYFSQsRX0","title":"首页","pathname":"/wsa","siteSpaceId":"sitesp_ejONZ","description":""},{"id":"jjcsts8PgTmEm3ciFHrJ","title":"译序","pathname":"/wsa/preface","siteSpaceId":"sitesp_ejONZ","description":""},{"id":"wIJpTQhIVWzwcT3FUvnX","title":"学习路线","pathname":"/wsa/learning-path","siteSpaceId":"sitesp_ejONZ","description":""},{"id":"yjxOrqQits0YShrXAEgZ","title":"Web应用程序安全测试","pathname":"/wsa/wast/application-security-testing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"前篇"}]},{"id":"TKPPZe4vfbi4feNEBkgJ","title":"动态应用程序安全测试（DAST）","pathname":"/wsa/wast/dast","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"前篇"}]},{"id":"4iIF73f1EOObNSWdturp","title":"带外应用程序安全测试（OAST）","pathname":"/wsa/wast/oast","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"前篇"}]},{"id":"cq4MHyFsAClEPdPIJJp0","title":"SQL注入","pathname":"/wsa/server-side/sql-injection","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"mchr332nhMzQ7WzCz8tN","title":"SQL注入","pathname":"/wsa/server-side/sql-injection/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"SQL注入"}]},{"id":"2n0xjgLK4l5XUQGXWoBe","title":"SQL注入UNION攻击","pathname":"/wsa/server-side/sql-injection/union-attacks","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"SQL注入"}]},{"id":"FsK5GRyRiSKM1EKdfjgm","title":"在SQL注入攻击中检索数据库","pathname":"/wsa/server-side/sql-injection/examining-the-database","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"SQL注入"}]},{"id":"XSzU67h31bygICaksPji","title":"SQL盲注","pathname":"/wsa/server-side/sql-injection/blind","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"SQL注入"}]},{"id":"QoFCgkwZj8DH4hAH4yXy","title":"SQL注入速查表","pathname":"/wsa/server-side/sql-injection/cheat-sheet","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"SQL注入"}]},{"id":"k1oL1fNod6wLzkyjmm3o","title":"认证","pathname":"/wsa/server-side/authentication","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"olrlUs4PjOjX936LDxi3","title":"认证漏洞","pathname":"/wsa/server-side/authentication/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"认证"}]},{"id":"zsIhGBmN8Z7T2NKwu629","title":"基于密码登录中的漏洞","pathname":"/wsa/server-side/authentication/password-based","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"认证"}]},{"id":"F8br49io7sX1C5h60hbI","title":"多因素认证中的漏洞","pathname":"/wsa/server-side/authentication/multi-factor","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"认证"}]},{"id":"4IP7FRpWgSHzqtZmyc52","title":"其他认证机制中的漏洞","pathname":"/wsa/server-side/authentication/other-mechanisms","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"认证"}]},{"id":"UuY66LrdeAeqnERPZyNg","title":"如何保护你的认证机制","pathname":"/wsa/server-side/authentication/securing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"认证"}]},{"id":"82HL5KckBejmcmXCQQcK","title":"目录遍历","pathname":"/wsa/server-side/file-path-traversal","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"3HeQY3l7Xc9X4XWbk8pb","title":"目录遍历","pathname":"/wsa/server-side/file-path-traversal/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"目录遍历"}]},{"id":"fSTn5pfP9ZfDP147JB1e","title":"命令注入","pathname":"/wsa/server-side/os-command-injection","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"WGCfxhXjx1gxkhMMp5eb","title":"OS命令注入","pathname":"/wsa/server-side/os-command-injection/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"命令注入"}]},{"id":"AV7FB2e3CwNdeaHdfNKX","title":"业务逻辑漏洞","pathname":"/wsa/server-side/logic-flaws","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"ZJ7JiYMnFKaG2N68pvxT","title":"业务逻辑漏洞","pathname":"/wsa/server-side/logic-flaws/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"业务逻辑漏洞"}]},{"id":"q5DPq2YX2XPcizmH4oxj","title":"业务逻辑漏洞示例","pathname":"/wsa/server-side/logic-flaws/examples","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"业务逻辑漏洞"}]},{"id":"VKhGGgA3LZToUwtbFdUY","title":"信息泄露","pathname":"/wsa/server-side/information-disclosure","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"PYFyFzfMR94aXQeigW2K","title":"信息泄露漏洞","pathname":"/wsa/server-side/information-disclosure/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"信息泄露"}]},{"id":"BcIyVTUQ5htZqEkS40OT","title":"如何发现并利用信息泄露漏洞","pathname":"/wsa/server-side/information-disclosure/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"信息泄露"}]},{"id":"lv0mnqMtd9a5XmLU20xU","title":"访问控制","pathname":"/wsa/server-side/access-control","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"JGYgBFuybitNzm0FdIYq","title":"访问控制漏洞与权限提升","pathname":"/wsa/server-side/access-control/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"访问控制"}]},{"id":"vAUmeERlN7710C3GjqAw","title":"不安全的直接对象引用（IDOR）","pathname":"/wsa/server-side/access-control/idor","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"访问控制"}]},{"id":"1FQMkxz4sJgMPnQfKL91","title":"访问控制安全模型","pathname":"/wsa/server-side/access-control/security-models","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"访问控制"}]},{"id":"66xBSDiE2DIzi5US5QsN","title":"文件上传漏洞","pathname":"/wsa/server-side/file-upload","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"WHwITKeN1vROfNI8UNY8","title":"文件上传漏洞","pathname":"/wsa/server-side/file-upload/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"文件上传漏洞"}]},{"id":"JOu33BmxlHKXlxnIh5BA","title":"条件竞争","pathname":"/wsa/server-side/race-conditions","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"2QeQ5zizIJQGrbzyrDDW","title":"条件竞争","pathname":"/wsa/server-side/race-conditions/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"条件竞争"}]},{"id":"EsHWuJd0rXLHhu3xTge5","title":"服务器端请求伪造（SSRF）","pathname":"/wsa/server-side/ssrf","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"qQDzWfrIshVWZ73NpDCK","title":"服务器端请求伪造（SSRF）","pathname":"/wsa/server-side/ssrf/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"服务器端请求伪造（SSRF）"}]},{"id":"sOQh2ie2Fv7qUlovmwgJ","title":"盲SSRF漏洞","pathname":"/wsa/server-side/ssrf/blind","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"服务器端请求伪造（SSRF）"}]},{"id":"kEYpOwmcZAZd4SZCzsSE","title":"XXE注入","pathname":"/wsa/server-side/xxe","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"}]},{"id":"4GyQASnQYypcc8nnAuVE","title":"XML外部实体（XXE）注入","pathname":"/wsa/server-side/xxe/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"XXE注入"}]},{"id":"ejow7rbmxrM0vendZx4D","title":"XML实体","pathname":"/wsa/server-side/xxe/xml-entities","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"XXE注入"}]},{"id":"cus6qQE6Gd0sw2xtAuTZ","title":"发现并利用盲XXE漏洞","pathname":"/wsa/server-side/xxe/blind","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"服务器端主题"},{"label":"XXE注入"}]},{"id":"p5gyJOX3ApCiaa8TzPmv","title":"跨站脚本（XSS）","pathname":"/wsa/client-side/cross-site-scripting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"or3cGdeC3ddguZyiDzQ1","title":"跨站脚本","pathname":"/wsa/client-side/cross-site-scripting/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"oeCh1d4xuiTBDShBz8FU","title":"反射型XSS","pathname":"/wsa/client-side/cross-site-scripting/reflected","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"cMRGBfTxUPzyfvN7KhSm","title":"存储型XSS","pathname":"/wsa/client-side/cross-site-scripting/stored","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"VgQTqgz1c9yA4N2vow9I","title":"基于DOM的XSS","pathname":"/wsa/client-side/cross-site-scripting/dom-based","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"Qb5VrnwVHdgzqqIg61IL","title":"XSS上下文","pathname":"/wsa/client-side/cross-site-scripting/contexts","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"iFW1FfUYLoucY6TclwF7","title":"跨站脚本上下文","pathname":"/wsa/client-side/cross-site-scripting/contexts/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"},{"label":"XSS上下文"}]},{"id":"gmLUI9SgDU2WtxmQWa6x","title":"客户端模版注入","pathname":"/wsa/client-side/cross-site-scripting/contexts/client-side-template-injection","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"},{"label":"XSS上下文"}]},{"id":"dJpiADuTgFte5S58UAte","title":"利用跨站脚本漏洞","pathname":"/wsa/client-side/cross-site-scripting/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"JDguE8b1QtUQLRHgXzV5","title":"内容安全策略","pathname":"/wsa/client-side/cross-site-scripting/content-security-policy","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"xqc7TKTgKSFEZx3HuFHy","title":"悬空标记注入","pathname":"/wsa/client-side/cross-site-scripting/dangling-markup","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"uZnrndc9hF4FgYSJ5vas","title":"如何防范XSS漏洞","pathname":"/wsa/client-side/cross-site-scripting/preventing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"WXnU6HM9xovHMWpAsqf4","title":"跨站脚本（XSS）速查表","pathname":"/wsa/client-side/cross-site-scripting/cheat-sheet","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站脚本（XSS）"}]},{"id":"wciGnobN1WY8dZQcMprZ","title":"跨站请求伪造（CSRF）","pathname":"/wsa/client-side/csrf","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"bRUFgfXATPLkx2tHad2O","title":"跨站请求伪造（CSRF）","pathname":"/wsa/client-side/csrf/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"MJfbS0yJRMr37SESj3Si","title":"XSS与CSRF","pathname":"/wsa/client-side/csrf/xss-vs-csrf","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"UkZKnJmPtRsglXAbf6EQ","title":"绕过CSRF令牌验证","pathname":"/wsa/client-side/csrf/rao-guo-csrf-ling-pai-yan-zheng","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"kZhMmrYdTsNq5nAe7hPT","title":"绕过SameSite Cookie限制","pathname":"/wsa/client-side/csrf/rao-guo-samesite-cookie-xian-zhi","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"z0f2q6MKr868paPfrfkJ","title":"绕过基于Referer的CSRF防御","pathname":"/wsa/client-side/csrf/rao-guo-ji-yu-referer-de-csrf-fang-yu","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"1eYe623Dv4glnbnzrFNf","title":"如何防范CSRF漏洞","pathname":"/wsa/client-side/csrf/ru-he-fang-fan-csrf-lou-dong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"跨站请求伪造（CSRF）"}]},{"id":"GbAdFW96S8zHGR93DaT4","title":"跨域资源共享（CORS）","pathname":"/wsa/client-side/cors","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"c5nVNobnuC1h7cQZ3yfP","title":"跨域资源共享（CORS）","pathname":"/wsa/client-side/cors/kua-yu-zi-yuan-gong-xiang-cors","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"跨域资源共享（CORS）"}]},{"id":"PtntXzPefmbXYd0zmZuQ","title":"同源策略（SOP）","pathname":"/wsa/client-side/cors/same-origin-policy","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨域资源共享（CORS）"}]},{"id":"QfHktIq4DdlFMiUJrO4x","title":"CORS和Access-Control-Allow-Origin响应标头","pathname":"/wsa/client-side/cors/access-control-allow-origin","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"跨域资源共享（CORS）"}]},{"id":"POHLnU1jH8R3VuzlYKuM","title":"点击劫持","pathname":"/wsa/client-side/clickjacking","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"KYAjZnJLDlng3bDFo6Jv","title":"点击劫持（UI伪装）","pathname":"/wsa/client-side/clickjacking/dian-ji-jie-chi-ui-wei-zhuang","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"点击劫持"}]},{"id":"Oc3HlFXHFiGb6628nqOS","title":"基于DOM的漏洞","pathname":"/wsa/client-side/dom-based","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"wxWDLv5dfaKy9iFrp0FF","title":"基于DOM的漏洞","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-lou-dong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"QFLIzovaNEssuRo4c76z","title":"控制Web消息源","pathname":"/wsa/client-side/dom-based/dom-clobbering","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"EglGrMUQ2SHUPpqDbcNd","title":"基于DOM的开放重定向","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-kai-fang-zhong-ding-xiang","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"QWo587JriBJ3b3wrtq8G","title":"基于DOM的Cookie操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-cookie-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"MwEymDDNTFVrOKfElVpc","title":"基于DOM的JavaScript注入","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-javascript-zhu-ru","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"FWbSXlHOvIsPkSKxCUOl","title":"基于DOM的document-domain操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-documentdomain-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"mJg77J90fhmrmCghPBdb","title":"基于DOM的WebSocket URL投毒","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-websocket-url-tou-du","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"rFrndICFd3we3Jh7IOtV","title":"基于DOM的链接操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-lian-jie-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"l9CUom4ihAzsu88xfqAS","title":"Web消息操纵","pathname":"/wsa/client-side/dom-based/web-xiao-xi-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"T7mDUe5BOFTgFqzgr6gw","title":"基于DOM的Ajax请求标头操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ajax-qing-qiu-biao-tou-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"TUsgplr6tX93n0h3Ai8T","title":"基于DOM的本地文件路径操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ben-di-wen-jian-lu-jing-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"GkgAgMJZbygwjVNLw92x","title":"基于DOM的客户端SQL注入","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-sql-zhu-ru","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"BjKdUOqlrgroSy3oFKZp","title":"基于DOM的HTML5 Storage操纵","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-html5-storage-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"0tSjojpp80p534Yhzv3Y","title":"基于DOM的客户端XPath注入","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-xpath-zhu-ru","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"alWzr7RLMZwIc4JrEQ7z","title":"基于DOM的客户端JSON注入","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-json-zhu-ru","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"F7SfBbMk0aytbwHJyxVA","title":"DOM-data操纵","pathname":"/wsa/client-side/dom-based/domdata-cao-zong","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"3477D93ZRM1bFviASqNG","title":"基于DOM的拒绝服务","pathname":"/wsa/client-side/dom-based/ji-yu-dom-de-ju-jue-fu-wu","siteSpaceId":"sitesp_ejONZ","breadcrumbs":[{"label":"客户端主题"},{"label":"基于DOM的漏洞"}]},{"id":"at6B5BjjnwfhS9c1RiMQ","title":"WebSocket","pathname":"/wsa/client-side/websockets","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"}]},{"id":"omWUyWDrnJCV0vnsp8u0","title":"测试WebSocket安全漏洞","pathname":"/wsa/client-side/websockets/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"WebSocket"}]},{"id":"hHFT9UvLB7CpwLzAlxGW","title":"什么是WebSocket？","pathname":"/wsa/client-side/websockets/what-are-websockets","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"WebSocket"}]},{"id":"47GBRjZeEGlDT8WJiwNA","title":"跨站WebSocket劫持","pathname":"/wsa/client-side/websockets/cross-site-websocket-hijacking","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"客户端主题"},{"label":"WebSocket"}]},{"id":"xOPrbrGURPVVNNP9fK0g","title":"不安全的反序列化","pathname":"/wsa/advanced/deserialization","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"6lyPALvxxd1B8yj5FRUE","title":"不安全的反序列化","pathname":"/wsa/advanced/deserialization/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"不安全的反序列化"}]},{"id":"Dz4CDn8FewezD8GIUtUW","title":"利用不安全的反序列化漏洞","pathname":"/wsa/advanced/deserialization/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"不安全的反序列化"}]},{"id":"W35heQVOaia0FLVSOg7K","title":"测试GraphQL API","pathname":"/wsa/advanced/ce-shi-graphql-api","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"Zsk4S3PhAPwgooj02PE8","title":"测试GraphQL API","pathname":"/wsa/advanced/ce-shi-graphql-api/ce-shi-graphql-api","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"测试GraphQL API"}]},{"id":"xIJIkBxIwSPFWOvo4diP","title":"什么是GraphQL？","pathname":"/wsa/advanced/ce-shi-graphql-api/shen-me-shi-graphql","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"测试GraphQL API"}]},{"id":"TvrOeTjegiXlw6Q9yJfQ","title":"服务器端模板注入","pathname":"/wsa/advanced/server-side-template-injection","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"AhO5d39ARQVdTmyFTvg3","title":"服务器端模板注入","pathname":"/wsa/advanced/server-side-template-injection/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"服务器端模板注入"}]},{"id":"IQvtJxsMoDqywWQdO3Yc","title":"利用服务器端模板注入漏洞","pathname":"/wsa/advanced/server-side-template-injection/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"服务器端模板注入"}]},{"id":"UkpvxOwAaUGJjPQCRqKU","title":"Web缓存投毒","pathname":"/wsa/advanced/web-cache-poisoning","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"k3Smi7XRD42aMi4JC3vH","title":"Web缓存投毒","pathname":"/wsa/advanced/web-cache-poisoning/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"Web缓存投毒"}]},{"id":"AJOqqZ5frojdH3sUPVOk","title":"缓存设计缺陷的利用","pathname":"/wsa/advanced/web-cache-poisoning/exploiting-design-flaws","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"Web缓存投毒"}]},{"id":"Sfk6sLkLgCKDeebOlGn5","title":"缓存实现缺陷的利用","pathname":"/wsa/advanced/web-cache-poisoning/exploiting-implementation-flaws","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"Web缓存投毒"}]},{"id":"svj3ciAJp8ysT9aFPaBY","title":"HTTP Host标头攻击","pathname":"/wsa/advanced/host-header","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"03vZ99f4cpfhqEdIYwCW","title":"HTTP Host标头攻击","pathname":"/wsa/advanced/host-header/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP Host标头攻击"}]},{"id":"TByQ3wjwNeMrG3mpcRpg","title":"如何识别和利用HTTP Host头的漏洞","pathname":"/wsa/advanced/host-header/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP Host标头攻击"}]},{"id":"ioUwQTifuXoaZOqqZouQ","title":"密码重置投毒","pathname":"/wsa/advanced/host-header/password-reset-poisoning","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP Host标头攻击"}]},{"id":"n23UlGvARiMBQ3UUDKzq","title":"HTTP请求走私","pathname":"/wsa/advanced/request-smuggling","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"6x3z6clq2Pxq3I2AR7Kt","title":"HTTP请求走私","pathname":"/wsa/advanced/request-smuggling/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"}]},{"id":"zCcKic4LJ4MdQd4zfyeZ","title":"查找HTTP请求走私漏洞","pathname":"/wsa/advanced/request-smuggling/finding","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"}]},{"id":"hJoCGhjDrn6mprLiqkE8","title":"利用HTTP请求走私漏洞","pathname":"/wsa/advanced/request-smuggling/exploiting","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"}]},{"id":"sh0A9sC9qi5fMCcIR2nW","title":"高级请求走私","pathname":"/wsa/advanced/request-smuggling/advanced","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"}]},{"id":"tBIe5qM9y2vlDFS6ZMrm","title":"高级请求走私","pathname":"/wsa/advanced/request-smuggling/advanced/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"高级请求走私"}]},{"id":"GBVgXmnOD3zzhMPjG5AL","title":"HTTP/2降级","pathname":"/wsa/advanced/request-smuggling/advanced/http2-downgrading","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"高级请求走私"}]},{"id":"4Nrnklp6yvTQzUpcw6tA","title":"响应队列投毒","pathname":"/wsa/advanced/request-smuggling/advanced/response-queue-poisoning","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"高级请求走私"}]},{"id":"LpDobVJ9rkGrckqE1p3q","title":"HTTP/2专属载体","pathname":"/wsa/advanced/request-smuggling/advanced/http2-exclusive-vectors","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"高级请求走私"}]},{"id":"YhITpsNVaiB2mLZWg9uD","title":"HTTP请求隧道","pathname":"/wsa/advanced/request-smuggling/advanced/request-tunnelling","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"高级请求走私"}]},{"id":"ycIhR3xd9c5A6ESp3lHJ","title":"浏览器驱动的请求伪造","pathname":"/wsa/advanced/request-smuggling/browser","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"}]},{"id":"73EcceOwaabJCJwXCmRF","title":"浏览器驱动的请求伪造","pathname":"/wsa/advanced/request-smuggling/browser/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"浏览器驱动的请求伪造"}]},{"id":"RALwYZtQHRuDBIvZnlM0","title":"CL.0请求走私","pathname":"/wsa/advanced/request-smuggling/browser/cl-0","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"浏览器驱动的请求伪造"}]},{"id":"okh7xxdGruKvnAjs5iJ7","title":"客户端异步攻击","pathname":"/wsa/advanced/request-smuggling/browser/client-side-desync","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"浏览器驱动的请求伪造"}]},{"id":"uGR8H9f0n5uMxO1URVIs","title":"基于暂停的异步攻击","pathname":"/wsa/advanced/request-smuggling/browser/pause-based-desync","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"HTTP请求走私"},{"label":"浏览器驱动的请求伪造"}]},{"id":"4ftRsl3VqhfUHtZ2TJ8o","title":"OAuth认证","pathname":"/wsa/advanced/oauth","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"iUUyvYAH5KazuCbsoZ0C","title":"OAuth 2.0认证漏洞","pathname":"/wsa/advanced/oauth/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"OAuth认证"}]},{"id":"qqLaWAD99ZTI7cBnN5Vv","title":"OAuth授权类型","pathname":"/wsa/advanced/oauth/grant-types","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"OAuth认证"}]},{"id":"NN7iLpIlKL2SsuOVCZDs","title":"OpenID Connect","pathname":"/wsa/advanced/oauth/openid","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"OAuth认证"}]},{"id":"65BCB85K9r9FpoFtnmMR","title":"如何防范OAuth认证漏洞","pathname":"/wsa/advanced/oauth/preventing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"OAuth认证"}]},{"id":"N5FEEpQ7wPZ4lU6T1TX9","title":"JWT攻击","pathname":"/wsa/advanced/jwt","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"HjLbigC4ihapvgsPWZ7o","title":"JWT攻击","pathname":"/wsa/advanced/jwt/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"JWT攻击"}]},{"id":"YnTgTl0Lg08P5vv20aDP","title":"在Burp Suite中使用JWT","pathname":"/wsa/advanced/jwt/working-with-jwts-in-burp-suite","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"JWT攻击"}]},{"id":"K7dXJ2ha2wbHaVHhKMCe","title":"算法混淆攻击","pathname":"/wsa/advanced/jwt/algorithm-confusion","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"JWT攻击"}]},{"id":"C1vz6ciif3d7X7vnmYaE","title":"原型污染","pathname":"/wsa/advanced/prototype-pollution","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"UUmqKn0bM6OtT7KusTe6","title":"什么是原型污染？","pathname":"/wsa/advanced/prototype-pollution/shen-me-shi-yuan-xing-wu-ran","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"}]},{"id":"oDDjejXftcxNu8sPhjSM","title":"JavaScript原型和继承","pathname":"/wsa/advanced/prototype-pollution/javascript-prototypes-and-inheritance","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"}]},{"id":"MKTDXZCuOS2ajdL0GCMI","title":"客户端","pathname":"/wsa/advanced/prototype-pollution/client-side","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"}]},{"id":"OtUdFEUkneAc39byZ49z","title":"客户端原型污染漏洞","pathname":"/wsa/advanced/prototype-pollution/client-side/ke-hu-duan-yuan-xing-wu-ran-lou-dong","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"},{"label":"客户端"}]},{"id":"mUHK3oBwnKhocgSxAeaq","title":"通过浏览器API进行原型污染","pathname":"/wsa/advanced/prototype-pollution/client-side/browser-apis","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"},{"label":"客户端"}]},{"id":"NSoeHxDng6OY4lCHiNH9","title":"服务器端","pathname":"/wsa/advanced/prototype-pollution/server-side","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"}]},{"id":"0Nol5hOWSv75yMV5qAsD","title":"服务器端原型污染","pathname":"/wsa/advanced/prototype-pollution/server-side/fu-wu-qi-duan-yuan-xing-wu-ran","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"},{"label":"服务器端"}]},{"id":"j7dJOkRDF2s2NmoI1jKn","title":"预防原型污染漏洞","pathname":"/wsa/advanced/prototype-pollution/preventing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"原型污染"}]},{"id":"uDri1LIhaq3Zq3nHvghn","title":"基本技能","pathname":"/wsa/advanced/essential-skills","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"}]},{"id":"0fwdL9jN9Rsh0YiWcvfF","title":"基本技能","pathname":"/wsa/advanced/essential-skills/index","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"基本技能"}]},{"id":"pYkz91vueBHZj0nlo5NC","title":"使用编码混淆攻击","pathname":"/wsa/advanced/essential-skills/obfuscating-attacks-using-encodings","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"基本技能"}]},{"id":"yjWMUT5xvq2jSbtpgEnE","title":"在手动测试中使用Burp Scanner","pathname":"/wsa/advanced/essential-skills/using-burp-scanner-during-manual-testing","siteSpaceId":"sitesp_ejONZ","description":"","breadcrumbs":[{"label":"进阶主题"},{"label":"基本技能"}]}]}