- 博客(35)
- 资源 (2)
- 收藏
- 关注
RSS订阅转载 FCKeditor本地test.html
FCKeditor助手 by jacksfunction BuildBaseUrl( sUrl,command ){if(sUrl.indexOf("http://")return sUrl+document.getElementById('cmbConnector').value +'?Command=' + command +'&Type=' + documen
2012-04-26 10:58:45
1249
转载 Application Security Logging
How to Do Application Logging Right is the best guidance I have come across to date. Co-written byAnton Chuvakin and Gunnar Peterson for the IEEE Security & Privacy Journal, the paper describes the
2012-04-25 16:48:40
869
转载 影子发的渗透测试导图
http://hi.baidu.com/p3rlish/blog/item/51c448399f4c02d33a87cee0.html
2012-04-23 20:47:57
965
转载 XSS Shortening Cheatsheet
In the course of a recent assessment of a web application, I ran into an interesting problem. I found XSS on a page, but the field was limited (yes, on the server side) to 20 characters. Of course I c
2012-04-23 20:27:10
787
转载 PhpMyAdmin setup.php RFI Attacks Detected
SpiderLabs is the corporate sponsor of the WASC Distributed Web Honeypots Project which is an awesome research project to identify automated web attacks. I was looking in our centralModSecurity A
2012-04-23 20:19:34
1757
1
转载 NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account
http://www.darknet.org.uk/2012/04/nfspy-id-spoofing-nfs-client-tool-mount-nfs-shares-without-account/https://github.com/bonsaiviking/NfSpy
2012-04-23 20:15:56
901
转载 McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
http://packetstormsecurity.org/files/111842/McAfee-Web-Gateway-And-Squid-Proxy-3.1.19-Bypass.html# Exploit Title: Proxy URL Filtering Bypass# Date: 13/04/2012# Author: Gabriel Menezes Nunes#
2012-04-18 10:15:09
2711
原创 source conference archive(包括视频)
http://www.sourceconference.com/archive/http://www.irongeek.com/i.php?page=videos%2Fnotacon9%2Fmainlist&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+IrongeeksSecuritySite+%28Irongeek%2
2012-04-18 09:47:17
889
转载 dom xss scanner
http://code.google.com/p/ra2-dom-xss-scanner/downloads/detail?name=ra.two.xpi&can=2&q=
2012-04-18 09:43:53
911
原创 数据库攻防实践与SOX安全审计
http://security.ctocio.com.cn/39/12311539.shtmlhttp://tech.it168.com/a2012/0414/1337/000001337417.shtmlhttp://netsecurity.51cto.com/art/201204/331272.htm
2012-04-17 16:53:59
1026
转载 使用 Spring 2.5 注释驱动的 IoC 功能
http://www.ibm.com/developerworks/cn/java/j-lo-spring25-ioc/
2012-04-17 10:37:34
656
转载 Current O2 support for analyzing Spring MVC
During the past week I spent some time documenting O2's support for Spring MVC apps.There is still quite a lot to do before we can do a proper security analysis of the JPetStore and PetClini
2012-04-17 09:12:48
717
转载 Slide Show: 10 SQL Injection Tools For Database Pwnage
http://www.darkreading.com/galleries/security/news/232900180/slide-show-10-sql-injection-tools-for-database-pwnage.html
2012-04-17 09:06:59
1078
转载 iBatis解决自动防止sql注入
#xxx# 代表xxx是属性值,map里面的key或者是你的pojo对象里面的属性, ibatis会自动在它的外面加上引号,表现在sql语句是这样的where xxx = 'xxx' ;(1)ibatis xml配置:下面的写法只是简单的转义name like '%$name$%' (2) 这时会导致sql注入问题,比如参数name传进一个单引号“'”,生成的sql语句会是:name
2012-04-16 21:57:51
12245
3
转载 Spring+Ibatis集成开发实例
http://blog.csdn.net/daryl715/article/details/1760793 首先简历数据库demo(本文选mysql)数据库脚本: CREATE TABLE `ibatis` ( `id` varchar(20) NOT NULL, `name` varchar(20) default NULL, PRIMARY KEY
2012-04-16 11:16:04
1067
转载 ibatis学习(三)---ibatis与spring的整合
http://www.blogjava.net/freeman1984/archive/2007/12/07/166112.html http://www.cnblogs.com/kelin1314/archive/2009/01/05/1369864.html
2012-04-16 10:59:33
806
转载 在分层架构下寻找java web漏洞
【IT168 专稿】 web开发应用程序(网站),是目前应用最广泛的程序。但是开发者的水平参差不齐,导致了各种各样web漏洞的出现。本文站在分层架构的角度,分析一下如何在java web程序中找到可能出现的种种漏洞。 本文讨论的只是web程序上的漏洞,和其它漏洞,是相对独立的。这句话看似废话,实际上却说明了时常被忽略的因素,即:“很多人认为只要我开发web程序没有漏洞,web服务器就
2012-04-16 10:35:03
1022
转载 超强JSP防SQL注入攻击
第一种采用预编译语句集,它内置了处理SQL注入的能力,只要使用它的setString方法传值即可:String sql= "select * from users where username=? and password=?;PreparedStatement preState = conn.prepareStatement(sql);preState.setString(1, us
2012-04-16 10:32:28
5630
2
转载 Oracle数据安全解决方案系列-----Database Vault安装篇
http://space.itpub.net/3704/viewspace-559855http://www.red-database-security.com/wp/installing_oracle_datavault.pdf现在在安全方面谈及比较热的话题是啥,大家搜索下就会发现, SOX, Basel II, HIPAA, J-SOX, GLB, Privacy laws
2012-04-14 14:24:49
3812
转载 sql 2008注入经验
select top 1 oid,name from(select top 1 oid,name from [active].[order] order by oid) t order by oid desc for xml raw select%20top%201%20name%20from(select%20top%201%20name%20from%20[order]%20order
2012-04-12 23:44:24
1385
转载 SQL2005/2008手工注入之批量爆数据for xml path
http://www.cqsec.com/read/SQL2005_2008_Injection_By_Hand_For_XML_Path
2012-04-12 18:25:55
1020
转载 Drupal FCKEditor/CKEditor PHP Execution
http://packetstormsecurity.org/files/111157/Drupal-FCKEditor-CKEditor-PHP-Execution.html
2012-04-10 13:50:26
845
转载 Liferay Java code execution
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_Liferayhttp://www.exploit-db.com/exploits/18715/http://prezi.com/eq54nnaodlzm/berlinsides-0x02-xml-related-hacks/
2012-04-10 11:57:00
844
转载 Snort 2 DCE/RPC preprocessor Buffer Overflow
http://www.exploit-db.com/exploits/18723/
2012-04-10 10:03:53
897
转载 Fusker - A NodeJS Security Framework
http://www.slideshare.net/wearefractal/fusker-a-nodejs-security-framework-8850586http://bishankochher.blogspot.com/2011/12/nodejs-security-good-bad-and-ugly.html
2012-04-09 15:50:06
1809
转载 SQL Injection through HTTP Headers
http://resources.infosecinstitute.com/sql-injection-http-headers/
2012-04-09 09:43:24
584
转载 oracle attack module
https://github.com/carnal0wnage/carnal0wnage-code/tree/master/oraclemodules_public
2012-04-06 14:10:37
650
转载 Http-Only is not secure [testing]
Its been a while since i posted. I've been bogged down with code reviews and training but even when you deliver training you learn something new. This is particularly true when training developers k
2012-04-06 13:40:59
998
原创 automation sdlc
1. construction CWE,CAPEC,CCR2.verification CWE,CWRAF,CWSS,CAPES,CCR3.deployment SCAP,CVE,OVALhttp://measurablesecurity.mitre.org/
2012-04-04 21:58:26
620
转载 expression language injection
http://www.wisec.it/sectou.php?id=4e6e1cae16dc7 https://www.aspectsecurity.com/uploads/downloads/2011/09/ExpressionLanguageInjection.pdf
2012-04-04 16:35:24
2661
原创 simeon和Frank写的书支持一下
Web渗透技术及实战案例解析http://www.phei.com.cn/module/goods/wssd_content.jsp?bookid=31659
2012-04-04 14:22:48
1029
转载 HTML5 Top 10 Threats Stealth Attacks and Silent Exploits
HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and able to execute Rich Internet Applications in the context of modern browser architecture. Int
2012-04-01 14:57:28
971
1
原创 sqlmap gui
This is a awesome sqlmap python gui made by xcedz.To make it work get and install python 2.7 and download the last version of sqlMap-devsvn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sq
2012-04-01 14:56:53
2122
原创 sql injection
http://code.google.com/p/sqlifuzzer/downloads/detail?name=sqlifuzzer-0.5h.tgz&can=2&q=
2012-04-01 13:53:44
643
转载 OWASP Top 10 Tools and Tactics
http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/http://www.techweb.com.cn/news/2011-03-31/1010553.shtml
2012-04-01 13:49:27
800
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人