Beijing NSFOCUS Technology Security Services Intern Interview

---

Preface

I remember an experience in the technical aspects of Green League campus recruitment. It was my first interview in my life. I was very nervous whether I should say it or not. The following are some technical questions. You are welcome to add and correct them in the comment area.

---

1. What is an XSS vulnerability? What types are there? What is the essential difference?

(1) XSS vulnerabilities are cross-site scripting vulnerabilities
(2) There are mainly reflection type, storage type, and DOM type
(3) The main difference is that the storage type XSS vulnerability passes through the server side, while the reflection type and DOM type do not Server side, will only be executed on the browser side

2. What can we do to prevent file upload vulnerabilities?

3. When you get a login interface, what loopholes might there be?

(1) Information leakage. When entering the login interface, the account number and password that can be logged in have been entered in the input box. Check the source code of the login page to see if there is any sensitive information leakage. This is because the developer did not conduct data during setup. Protection
(2) Account and password traversal bypass, use burp for brute force cracking (the error may prompt: the user name does not exist or the password is wrong to judge) (3)
Verification code bypass, there are many types of verification code bypass, some Verification can be bypassed by disabling JS, and some can directly delete judgment statements through burp packet capture, use verification code identification tools to bypass (explode), etc. (4)
Weak password bypass
(5) SMS bombing

4. In the Linux system, where are the logs related to user login?

Here are some concluding responses:

Location	describe
/var/log/cron	Recorded logs related to system scheduled tasks
/var/log/auth.log	Logging information about authentication and authorization (commonly used in Linux distributions like Debian and Ubuntu)
/var/log/secure	Same as above (widely used in Red Hat series of Linux systems (such as CentOS, Fedora, etc.))
/var/log/btmp	Login failure records can be viewed using the lastb command.
/var/log/wtmp	Login failure records can be viewed using the last command.
/var/log/loadlog	Use the lastlog command to view the last login
/var/run/utmp	Use w, who, users commands to view

/var/log/auth.log and /var/log/secure record authentication and authorization information. All programs involving accounts and passwords will be recorded, such as SSH login, su switching users, sudo authorization, and even adding users and modifying users. Passwords will be recorded in this log file

The above logs are usually used with find, grep, egrep, awk, sed and other commands for log auditing. These commands will be summarized and studied later.

5. If there may be a SQL injection vulnerability in a place, how can you use SqlMap to detect it?

使用burp进行抓包，选择注入点，结合sqlmap进行playload的测试，对于不同的对象，使用不同的命令进行测试........

6. Let’s talk about how to use the commands and parameters of SqlMap for POST submission method?

（1）可以使用-r 命令 ，对于HTTP请求文件，在Burp中复制粘贴到txt文件中，使用-r 命令进行扫描
（2）可以使用--data参数，可以指定扫描的参数 例如“user=1&pass=2” 

7. Tell us about some of the logical loopholes you dug.

Me: Abba Abba Abba Abba Abba…

8. Causes of business logic vulnerabilities

9. If a vulnerability is found in a customer's product during testing, how will you communicate with the customer and arrange the follow-up process:

Me: Abba Abba Abba Abba Abba…

10. Seeing that you have some experience in CTF competitions, can you tell me about the questions that impressed you the most?

Me: In the XXXCTF competition, there are two questions...Aba Aba Aba Aba Aba

Summarize:

For interview questions, we should go down and expand our learning in depth. The questions asked by the interviewer can just test our own learning of a certain module, so as to better summarize and learn.