- 博客(97)
- 资源 (2)
- 收藏
- 关注
RSS订阅转载 Apache Tomcat unexpected file deletion and/or alteration
http://www.securityfocus.com/archive/1/archive/1/509148/100/0/threaded Severity: LowVendor:The Apache Software FoundationVersions Affected:Tomcat 5.5.0 to 5.5.28Tomcat 6.0.0 to 6.0.20The unsupport
2010-02-27 13:56:00
701
转载 Citrix Hacking
**This post is late, i realize the "buzz" about the topic is way past but...Over on the gnucitizen blog (if you dont read that blog you should, its got tons of web app sec info) awhile back there was
2010-02-27 02:31:00
741
转载 Oracle TNSLSNR Full Client
Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database usi
2010-02-27 02:03:00
1280
转载 DNS/HTTP Enumeration in oracle
默认ORACLE密码Default Oracle Passwordshttp://www.vulnerabilityassessment.co.uk/default_oracle_passwords.htmOracle has a couple of stored procedures that can be manipulated to enumerate sensitive app
2010-02-27 02:00:00
663
转载 Input Validation Cheat Sheet
Related articles: SQL Injection Cheat Sheet We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings
2010-02-27 00:58:00
1055
转载 Reverse Shell with Bash
http://www.google.cn/search?hl=zh-CN&source=hp&q=http%3A%2F%2Flabs.neohapsis.com%2F2008%2F04%2F17%2Fconnect-back-shell-literally%2F&btnG=Google+%E6%90%9C%E7%B4%A2&aq=f&oq=I am stuck at the Dubai Int
2010-02-27 00:55:00
870
转载 Reducing Information Disclosure in WCF Data Services
Previously, I wrote an article titled "Reducing Information Disclosure in ASP.NET Web Services". The article identified steps developers can take to eliminate detailed error messages, stack traces, w
2010-02-26 23:57:00
668
转载 A XSS Vulnerability in Almost Every PHP Form I’ve Ever Written
Ive spent a lot of time over the past few months writing an enterprise application in PHP. Despite what some people may say, I believe that PHP is as secure or insecure as the developer who is writi
2010-02-26 23:55:00
1163
原创 Nagios plug-in development guidelines
Nagios plug-in development guidelineshttp://nagiosplug.sourceforge.net/developer-guidelines.html plug-in APIhttp://nagios.sourceforge.net/docs/3_0/pluginapi.html check_by_sshhttp://nagio
2010-02-26 21:02:00
857
原创 Analyzing Enterprise PKI Deployments
http://www.sans.org/reading_room/whitepapers/auditing/rss/analyzing_enterprise_pki_deployments_33284f
2010-02-26 13:27:00
643
原创 学习资料
http://www.astalavista.com/topic/19571-how-to-test-your-security-against-ddos-noob-friendly/http://tools.ietf.org/id/draft-ietf-tcpm-tcp-security-01.txthttp://www.cpni.gov.uk/Docs/tn-03-09-securit
2010-02-26 13:25:00
849
原创 Mysql替代解决方案Cassandra
http://incubator.apache.org/cassandra/http://zh.wikipedia.org/wiki/CassandraApache Cassandra是一套开源分布式数据库管理系统。它最初由Facebook开发,用于储存特别大的数据。主要特性:分布式 基于column的结构化 高伸展性 Cassandra的主要特点就是它不是一个
2010-02-26 11:05:00
1799
转载 Defense in Depth using OSSEC and other free tools
Russ McRee wrote an excellent article about OSSEC for the October 2009 issue of ISSA Journal. (Disclaimer: I contributed to the article.) He then went into some further detail on his blog.In a r
2010-02-25 10:30:00
1027
转载 Nsploit - Popping boxes with Nmap
http://www.securitytube.net/Nsploit-%28Popping-boxes-with-Nmap%29-SecTor-2009-video.aspxNsploit it allows to pass through nmap to Metasploit and then execute some exploit.Nsploit consists of 3 p
2010-02-24 09:48:00
564
转载 Running a command on every machine in your domain from the command line
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html After listening to Larrys excellent technical segment on dumping the event logs from a large list of computers, I decided to tr
2010-02-24 09:34:00
766
转载 Links between forensics and pen tests
http://pauldotcom.com/2010/02/last-year-on-the-show.htmlLast year on the show, Marcus J. Carey presented a tech segment about using memory analysis in penetration tests. Memory acquisition came in
2010-02-24 09:32:00
736
转载 Cara menanam shell lewat LFI (Local file disclosure) dengan metode proc/self/environ
Cara menanam shell lewat LFI (Local file disclosure) dengan metode proc/self/environPenulis : gunslinger_dengan tutorial ini saya akan menjelaskan bagaimana membuat shell pada target server lewa
2010-02-24 08:57:00
1435
转载 hotmailbf.py (hotmail account bruteforcer)
#!/usr/bin/python# -*- coding: utf-8 -*-# Hotmail brute forcer# programmer : gunslinger_# Inspired by mywisdom# This program is only for educational purposes only.import sys, poplib, time__Author_
2010-02-24 08:54:00
1112
转载 LOD 0X04
If you’ll analyze web-logs of National Software Reference Library supported by National Institute of Standards and Technology (NIST), US especially at “Technical Information–>Missing Files , there yo
2010-02-24 08:48:00
576
转载 @RSnake ’s RFI List in Burp Suite
First of all, get Robert @RSnake Hansen’s RFI list here:http://ha.ckers.org/blog/20100129/large-list-of-rfis-1000/it’s a great list, but as soon as I saw it, I was like.. hmm.. how can I use that?
2010-02-24 08:42:00
774
转载 Directory traversal as a reconnaissance tool
Like most of you, I find malicious or fraudulent online advertisers annoying to say the least. My typical response, upon receipt of rogue AV pop-ups, or redirects to clearly fraudulent sites, is to "c
2010-02-24 08:31:00
757
原创 AOLServer和openacs
http://openacs.org/xowiki/aolserver-installhttp://sourceforge.net/projects/aolserver/files/
2010-02-23 23:05:00
733
原创 Metasploit使用技巧
Among the coolest features in metasploit is the ability to pivot through a meterpreter session to the network on the other side. The route command in msfconsole sets this up but requires a bit of typi
2010-02-23 09:42:00
2133
转载 gitWeb v1.5.2 Remote Command Execution
# Exploit Title: gitWeb remote command execution # Date: 2009.06.19 # Author: S2 Crew [Hungary] # Software Link: - # Ver
2010-02-23 07:03:00
637
原创 tomcat 6.0.24 源代码分析笔记(2010年2月23日更新)
转载请注明:来自http://blog.csdn.net/cnbird2008 tomcat是支持jsp的一套中间件,为了更好的学习java编程思想所以以tomcat源代码来分析和学习,请大家多多指点 1.tomcat的一些目录结构就不多说了,首先程序的启动bin目录下的bootstrap.jar里面包含了org.apache.catalina和org.apache.naming
2010-02-22 20:53:00
1076
转载 ViewState in .net Client Control xss
There is a long but good discussion on webappsec about the XSSvulnerability in ViewState of the .NET framework . This is a startingpoint only … follow recent comments online. This shall help you tound
2010-02-22 15:43:00
544
转载 Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities
( , ) (, . `. ) (. , ). , (. ( ) ( (_,) .`), ) _ _, / _____/ / _ / ____ ____ _____ /____ /==/ /_/ / _/ ___// _ / / / / // | // /__( ) Y Y //
2010-02-22 13:07:00
1194
转载 架设git服务器
http://www.heiher.info/1398.html架设通过SSH 和HTTP 协议的Git 服务器http://blog.prosight.me/index.php/2009/11/485小组级git服务器搭建http://www.svn8.com/svnsy/20090605/6173.htmlgit是一个不错的版本管理的工具。现在自己在搞一个简单的应用
2010-02-22 11:27:00
2892
转载 File(),Fgets(),Fgetc() Local File Disclosure (LFD) Paper
http://www.exploit-db.com/exploits/11497 /*!----------------------------------------------------------*//*! File(),Fgets(),Fgetc() Local File Disclosure (LFD) Paper */ /
2010-02-21 20:56:00
1229
转载 用systemtap研究内核以及相关漏洞
转载时请注明出处和作者联系方式:http://blog.csdn.net/absurd作者联系方式:李先静 更新时间:2007-6-6 前几天写了一篇关于kprobes的BLOG,kprobes是个好东西,不过要编写C代码,要编译内核模块,稍嫌有些麻烦。今天我们介绍一个基于kprobes实现的工具systemtap,systemtap是一个内核trace工具,用它来研究内核,跟踪内
2010-02-19 20:40:00
689
转载 smb-psexec.nse: owning Windows, fast
http://www.skullsecurity.org/blog/?p=379 What does smb-psexec do? Sample configurations ("sample.lua") Default configuration ("default.lua") Advanced configuration ("pwdump.lua" and "backd
2010-02-18 10:46:00
820
转载 httpdx 'MKD' Command Directory Traversal Vulnerability
http://www.securityfocus.com/data/vulnerabilities/exploits/38242.py
2010-02-17 15:38:00
527
转载 Microsoft IIS self decoding behavior leads to WAF Bypass/information disclosure
Author: Itzhak AvrahamBlog : http://imthezuk.blogspot.comarticle source: http://imthezuk.blogspot.com/2010/02/microsoft-iis-5051-possibly-60.htmlAffects :IIS 5.0, IIS5.1, Maybe 6.0 as-well.
2010-02-16 17:02:00
657
转载 RealNetworks Helix Server URI Traversal Arbitrary File Access
RealNetworks Helix Server URI Traversal Arbitrary File AccessVendor: RealNetworks (http://www.realnetworks.com/)Product: Helix Server (http://www.realnetworks.com/products/media_delivery.html)
2010-02-14 17:07:00
855
原创 Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century
http://www.informit.com/store/product.aspx?isbn=0321591801
2010-02-13 12:44:00
611
转载 Durzosploit javascript exploits
http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
2010-02-13 12:22:00
446
转载 whois.com was hacked
The popular website WHOIS.com used to check the availability of domain names and the current owner of a domain name has been hacked by NetDevilz Same guys that have hacked iana.com and xssed.com And n
2010-02-13 11:45:00
733
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人