First, scan for vulnerabilities in the target. Scanned a lot of XSS
Find a test, pop up the window, you can use
We use code transcoding to avoid filtering by browser security policies.
Copy the transcoded code and combine it with the vulnerability address to generate a URL.
The access URL automatically jumps to the attack page on my server. Www.2cto.com
Open the Server Directory and find cook
Web Security Test XSS
XSS Full Name (Cross site scripting) Cross-site scripting attacks are the most common vulnerabilities in web programs. When an attacker embeds a client script (such as JavaScript) in a Web page, the script executes on the user's browser when the user browses to the Web page, thus achieving the attacker's purpose. For example, get the user's
What is cross-site scripting attack?
==============================
Attackers create a website. When a victim accesses the website, the browser client receives a malicious script.Code. The script code will be run after the victim's browser. because the browser downloads a script from a trusted site, it is impossible for the browser to identify whether the code is legal and Microsoft IE security zone cannot provide protection. this
There have been articles on cross-site scripting attacks and defense on the Internet, but with the advancement of attack technology, the previous views and theories on cross-site scripting attacks cannot meet the current attack and defense needs, and due to this confusion in understanding cross-site scripting, as a result, many programs, including the current dynamic network, have the problem of loose filte
When we access a webpage, we add parameters after the URL. The server constructs different HTML responses based on the request parameter values. For example, http: // localhost: 8080/prjWebSec/xss/reflectedXSS. jsp? Param = value... in the preceding example, the value may appear in the returned HTML (which may be the content or attribute of a JS or HTML element).
Baidu consortium code defects cause dom xss to exist for websites promoted by Baidu (in Tianya, 58 cities, and Ganji as an example)
The http://cpro.baidustatic.com/cpro/ui/c.js file is called with the following code:
Y Y("union/common/logic", [], function() { return {ze: function(e) { (e = e || "") (e = e.replace(/%u[\d|\w]{4}/g, function(e) { return encodeURICompo
absolutely safe. For the X-Treasure password control, as long as an inline hook can be completely broken.Principle: Go to the browser's process memory space, Inline Hook live user32! setwindowshookexw/a function, analyze the parameters of the function, judge if the incoming module belongs to the target module and the hook type is a low-level keyboard hook, then call the original function, wait for the original function to return successfully, then call the original function set a low-level keyb
1. Tear Drop attack:
The modified IP packet is sent to the destination host, the length of the IP header is negative, the packet length is treated as unsigned integer, and the system attempts to replicate the extremely long packet, which may crash or restart
Detailed
For some large IP packets, it is often necessary to split the transmission, this is to meet the link layer of the MTU (maximum transmission unit) requirements. For
This article describes the PHP cross-station attack principle and prevention techniques. Share to everyone for your reference. The specific methods are analyzed as follows:
When a cross-site attack is made using some details or bugs in the program, how can we prevent a cross station attack? Here is an example to preve
PHP Prevent injection attack case analysis, PHP injection Example analysis
In this paper, the method of preventing injection attack by PHP is analyzed in detail. Share to everyone for your reference. The specific analysis is as follows:
PHP addslashes () function --single apostrophe plus slash escape
PHP String function
Definition and usage
The Addslashes () fun
0.
Here is an attack code written using this principle:
This code took nearly 88 seconds on my VPS (single cpu,512m memory), and CPU resources were almost exhausted during this time:
A common hash table of the same size is inserted for only 0.036 seconds:
It can be shown that the second code inserts n elements at an O (n) level, while the first attack code takes O (n^2)
CC Attack Reason
The principle of the CC attack is that the attacker controls some hosts to keep sending a large number of packets to the other server, causing the server to run out of resources until downtime crashes. CC is primarily used to attack pages, everyone has this experience: when a Web page visits a very large number of times, open the page is slow, C
Next we will take the release version as an example to illustrate the anatomy.
The key code for the EXE disassembly is as follows:
Function showcomputername:00401030: 8B 4C 24 04 mov ECx, dword ptr [esp + 4]
00401034: 83 EC 0C sub ESP, 0ch
00401037: 8d 44 24 00 Lea eax, [esp]
0040103b: 50 push eax
0040103c: 51 push ECx
0040103d: E8 be FF call 00401000
00401042: 83 C4 14 add ESP, 14 h
00401045: C3 RET
Main function:00401080: 68 30 50 40 00 push 405030
Transferred from: http://www.lijiejie.com/openssl-heartbleed-attack/ The openness and prevalence of the OpenSSL Heartbleed vulnerability has excited a lot of people and made others panic. From the point of view of attack, I already know that the online scanning tools are: 1. Nmap Script SSL-HEARTBLEED.NSE:HTTP://NMAP.ORG/NSEDOC/SCRIPTS/SSL-HEARTBLEED.HTMLNMAP-SV--script=ssl-heartbleed OpenSSL Heartbleed
Shen is a very practical tactic, ancient and modern, many military strategists, politicians, entrepreneurs are talking about this tactic, in the network attack and defense is no exception, system administrators will use such tactics. Because each network system has a security vulnerability, if it is of high value, these vulnerabilities can be exploited by intruders. Usually, people will take the initiative to make up for these vulnerabilities or flaws
This article mainly introduces the example of ARP attack code written in python. For more information, see Note: to use this script, you need to install the scapy package.
It is best to use it on the linux platform, because the scapy package always has various problems when installed on windows.
The code is as follows:
# Coding: UTF-8# Example: sudo python arp
STACK1 calls the stack structure of the F function as shown in:Copy the data to the BUF, and the results are as follows:When 0xffffd710 covers the position of the original EIP, the F function will bounce the 0xffffd710 out to the EIP when it returns, and the program is looking for the following program according to the EIP address.SummaryThis section describes the principle of buffer overflow vulnerability attacks, mainly modifying the value of EIP in the stack.Reference:http://blog.csdn.net/li
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.