City: Beijing
Interview Position: Penetration Testing Engineer
Interviewer questions:
1. Self-introduction
Answer: You must ask questions in your self-introduction interview, and introduce more prominent points in your project and your future development direction.
The difference and SSRF and how to fix it
Answer: Principle: CSRF is forged by the client's request, and it constructs malicious intentions through the attacker.PayloadTo trick administrators in the login state to click to trigger, the most common thing is XSS+CSRF to combine punches. SSRF is a server-side request forgery. The reason is that the server-side is not strict in filtering parameters, which causes the attacker to construct a malicious Payload to access resources that cannot be accessed by the external network. It is generally used to detect intranet services, open ports, or use pseudo-protocol to read local files.
Difference: The main difference between CSRF and SSRF is that the target of initiating the request is different, one is the client and the other is the server.
Server. Moreover, SSRF mainly uses intranet detection.
Fix method: CSRF: First, verify the referer value in the request (not recommended) or add random token verification to the key GET or POST; SSRF: Restricted requests can only behttpOr https, restricting the intranet IP, and restricting the backend printing and return information.
3. Talk about the typical loopholes you encountered in actual combat.
Answer: This kind of question can answer interesting loopholes you have found in the project or SRC or experience you think is very fulfilling.
4. Let’s talk about common methods of circumcision of WAF
Answer: Common methods for circumcision of WAF include keyword case bypass, URL encoding or secondary encoding, double write bypass, and annotation bypass.
or use of uncommonfunction, cookie injection. Then expand on the waf mechanism...
5. How to bypass SSRF
Answer: If the intranet IP address is encoded or abbreviated, for example, 10.0.0.1 address can be written as 10.1. If the URL is improperly parsed, you can use the @ character to splice the IP address to bypass, bypass by generating short links, and bypass by pseudo-protocol.
On the one hand, it is mainly technical, and the interview difficulty is very basic. I feel that the Party A is still willing to train some students who love to study and specialize in research. The second aspect is that people asked about the specific situation.
Interview results: Passed
Interview difficulty: Simple
Interview Position: Penetration Testing Engineer
Interviewer questions:
1. Self-introduction
Answer: You must ask questions in your self-introduction interview, and introduce more prominent points in your project and your future development direction.
The difference and SSRF and how to fix it
Answer: Principle: CSRF is forged by the client's request, and it constructs malicious intentions through the attacker.PayloadTo trick administrators in the login state to click to trigger, the most common thing is XSS+CSRF to combine punches. SSRF is a server-side request forgery. The reason is that the server-side is not strict in filtering parameters, which causes the attacker to construct a malicious Payload to access resources that cannot be accessed by the external network. It is generally used to detect intranet services, open ports, or use pseudo-protocol to read local files.
Difference: The main difference between CSRF and SSRF is that the target of initiating the request is different, one is the client and the other is the server.
Server. Moreover, SSRF mainly uses intranet detection.
Fix method: CSRF: First, verify the referer value in the request (not recommended) or add random token verification to the key GET or POST; SSRF: Restricted requests can only behttpOr https, restricting the intranet IP, and restricting the backend printing and return information.
3. Talk about the typical loopholes you encountered in actual combat.
Answer: This kind of question can answer interesting loopholes you have found in the project or SRC or experience you think is very fulfilling.
4. Let’s talk about common methods of circumcision of WAF
Answer: Common methods for circumcision of WAF include keyword case bypass, URL encoding or secondary encoding, double write bypass, and annotation bypass.
or use of uncommonfunction, cookie injection. Then expand on the waf mechanism...
5. How to bypass SSRF
Answer: If the intranet IP address is encoded or abbreviated, for example, 10.0.0.1 address can be written as 10.1. If the URL is improperly parsed, you can use the @ character to splice the IP address to bypass, bypass by generating short links, and bypass by pseudo-protocol.
On the one hand, it is mainly technical, and the interview difficulty is very basic. I feel that the Party A is still willing to train some students who love to study and specialize in research. The second aspect is that people asked about the specific situation.
Interview results: Passed
Interview difficulty: Simple