koobface worm

139 email worm compiling example Author: [sh0wrun], [woyigui] Date: 2009-09-09 Disclaimer: the vulnerability has been reported and repaired. Do not use it for illegal purposes. Principle Analysis: We often use mail.139.com, which is prone to xss vulnerabilities due to lax filtering of mail bodies. Although they implement Filtering for style = "xss: expression", they can bypass it by adding/**/, for example :. After adding/**/, the script can be execut

1. Since it is a CSRF worm, it must have been a problem on Weibo! Here: POST http://t.163.com/share/retweet HTTP/1.1 Host: t.163.comProxy-Connection: keep-aliveContent-Length: 439 Origin: http://t.163.comUser-Agent : Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.20.1.97 Safari/537.11Content-Type: application/x-www-form-urlencodedAccept: */* Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN, zh; q = 0.8Accept-

QQ Sticky worm Generator-asp backstage Collection No kill version650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/86/5D/wKioL1e9K6LiSjKAAABkNg6S9kY527.png-wh_500x0-wm_3 -wmp_4-s_1967406017.png "style=" Float:none; "title=" QQ sticky worm generator-asp background receiver. png "alt=" Wkiol1e9k6lisjkaaabkng6s9ky527.png-wh_50 "/>650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/86/5D/wKiom1e

According to akonix, security experts warned that a new type of worm has recently emerged.ProgramRelease.The name of the virus is kelvir. Hi, which uses the language of the Computer Host to automatically adjust the language type of the information to find new victims. Akonix claims that when the worm is infected with a system, it sends a message that is sent to everyone through the contact list of the victi

National Computer virus Emergency treatment center through the monitoring of the internet found "Eni" complex virus. The virus is capable of transmitting itself through vulnerabilities in Microsoft Windows system ANI (dynamic cursor) file handling, infection with normal executables and local Web page files, sending e-mail, and infecting USB drives and Removable storage media. and infected with the virus, will automatically download the Trojan horse program, causing greater harm. The

SQL worms have always been a headache for corporate network administrators, many times if the Etherpeek for ports 1433, 1434 grab packets will find that many users do not have SQL Server installed on the computer, but can still monitor the worm through 1433 ports to the outside a large number of contracts. In general, Microsoft's desktop database MSDE may also infect the worm. Look at the Sqlsnake worms, a

The typical action of XSS Worm is to simulate the submission process of normal forms. I think it is necessary for me to revise my previous articles (put them on hold for now ). The most common form submission process is the XHR object. Generally, the POST type is used for submission (GET type is very simple and you don't need to mention it here ). That is, I want to use the following function: Function _ 3or7 (_ m, _ s, _ ){_ X. open (_ m, _ s, false

http://acm.hdu.edu.cn/showproblem.php?pid=2151WormTime limit:1000/1000 MS (java/others) Memory limit:32768/32768 K (java/others)Total submission (s): 3403 Accepted Submission (s): 2194Problem description Since seeing the price of Christmas Eve Apple, Lele in his house horizontally planted a row of apple trees, a total of n trees.Suddenly Lele found a caterpillar on the left P tree (counting starting from 1). In order to see the caterpillar become a butterfly process, Lele at the apple tree to ob

1715: [Usaco2006 dec]wormholes Wormhole time limit:5 Sec Memory limit:64 MBsubmit:501 solved:278[Submit] [Status] [Discuss] DescriptionJohn found a lot of wormholes as he wandered around his farm. A wormhole can be seen as a very peculiar, forward-edged, and can return you to a moment in the past (before you enter the wormhole). Each of John's farms has a M-path (no edge) connected to n (from 1. N) block, and have a W worm hole. Which 1Input*

Last week, the company found the downadup. B Worm (also called Conficker ). After analyzing the computer with viruses, the computer room summarizes the following verifiable features: · Create a registry key:HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ applets \ "DL" = "0"HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ applets \ "DL" = "0"HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersi

://PAN.BAIDU.COM/S/1JGIOPQM, can detect memory leaks, handle leaks. The above-written demo use, it really reflects the incident leak point, feel good. Then put the problem module into use. Inject a mistake, said the debugging process has been loaded Dbghelp.dll. That is the point mentioned above, no fruit.Want to go, and then simply on a 64bit WinDbg, in debugging 32bit demo,!htrace-diff actually show a few lines of stack, switch to x86 mode display, indeed show the createevent words, instantly

A mssql worm code by ha0k The following is a hexadecimal conversion. the decoded file is in the lower part. this statement inserts a JS code at the end of each file on the website. --------------------------------------------------------------------------------- '; DECLARE % 20 @ S % 20 NVARCHAR (4000); SET % 20 @ S = CAST (upper (4000); EXEC (@ S );-- --------------------------------------------------------------------------------- -----------------

I do not understand this is not a worm, can only use the ID of the known SessionId to launch? Id = 29869663592644772 insert XSS in comments to get cookies. The password in cookies is encrypted by hash twice, which is not easy to solve. However, it is lucky to log on to a VIP directly with veterans.Post comment, id = [Post ID] uid = [user id, but only SessionId is required during the test. This parameter can be deleted] sid = [SessionId] con = [comm

Discuz 7.2 storage-type XSS, capable of writing worm propagation. The discuz 7.2 personal space posts a blog, the default administrator can edit the source code, but the administrator can set permissions in the background to allow normal users to edit.This vulnerability exists in XSS, and worms can be programmed for propagation. The hash value of each user's form can be obtained in html without considering the salt. Proof of vulnerability: When discuz

supplementary explanations and so on. This section is only used when you need to know or supplement the article, and you can generally disregard it.:)In addition, for general academic papers, you go through the above steps, you can basically complete the reading of the article. Perhaps you will ask: What is the most critical part--the text does not look? In fact, the problem is here, at the beginning of the paper, often is this stuck, always do not pass. For the text, we want to distinguish how

Link: click here~~Test instructionsThe problem is that a bug falls in an n-length well, and then it can climb the U-length every minute, then take a minute to rest, during which time it falls off D and asks how long it will take to get out of the well.Simple simulation:Code:#include "Greedy topic" HDU 1049 Climbing Worm (well-climbing fun problem)

Simple Analysis of MA worm. win32.agent. IMH hanging on the Literature Forum EndurerOriginal1Version I failed to download the horse from the literature forum yesterday. I tried again and finally downloaded it. Ga.exe uses the UPX Shell Before shelling:File Description: D:/test/ga.exeAttribute: ---An error occurred while obtaining the file version information!Creation Time:Modification time:Access time:Size: 16933 bytes, 16.549 KBMD5: 72525ccb22d2f

The solution of different or equations of Gaussian elimination element1#include 2#include 3#include 4#include 5#include 6#include 7#include 8#include 9 Ten using namespacestd; One A intN,m,ans; - Charstr[1100]; -bitset1100> a[2100]; the - voidGauss () - { - intI,j,k,cur=0; + for(i=1; ii) - { +cur++;j=cur; A while(!a[j][i] j; at if(j==m+1) {ans=-1;return ;} - Elseans=Max (ans,j); - if(j!=cur) swap (a[j],a[cur]); - for(k=1; kk) -

The horse on the literature forum becomes worm. win32.qqpass. A/0.exe EndurerOriginal1Version Check that the webpage contains code:/------/ Hxxp: // www. y * Oyo * 5*9 ***. com/M ** 6 * 8.htm? Id = 907Code included:/---123---/ 00. jsContent:/---Eval ("/146/165... (Omitted )... /40/175 ")---/ The decrypted code function is downloadHxxp: // www. * down * 8 ** 9.com/0.exe, Save to % WINDIR %, the file name is defined by the function:/---Function Gn (tnv1

Kapsersky reportsTrojan-PSW.Win32.OnLineGames.fqThe rising report isTrojan. mnless. LXV In addition, C:/Documents and Settings/Administrator found that: C:/Documents and Settings/Administrator/msinfo. vbs content:/---Set shell = Createobject ("wscript. Shell ")Shell. Run ("msinfo.exe ")Set shell = nothing---/ File Description: C:/Documents ents and settings/Administrator/msinfo.exeAttribute: ---An error occurred while obtaining the file version information!Creation Time: 8:50:55Modification tim