vulnerability patching

Recent work has been compiled shell script to the customer use, will inevitably encounter some sensitive information do not want to let customers know, so the SHC script encryption method compiled binary file submitted to the customer use, found that SHC encryption will appear to the fate of the vulnerability. This article describes the vulnerability method:SHC version: shc-3.8.3Shell script code Volume: 30

[TOC]Python3 Vulnerability Detection Tool--lanceLance, a simple version of the vulnerability detection framework based on PYTHON3.A simple version of vulnerability detection framework based on PYTHON3--LanceYou can customize the POC or exp plug-in to specify the POC or exp to be loaded.The code has been uploaded to Github:https://github.com/b4zinga/lanceScreensho

or FTP), but more often, people are using unsecured versions of these protocols. Some protocols, such as the mSQL database service, provide virtually no validation mechanism. It's a good idea for Web administrators to from outside the company and test and simulate attacks on their own websites to see what happens. Some services have been started in the default configuration after machine installation, or some services have been started due to installation and initial setup, and these service

IIS6.0 Parsing VulnerabilityUnder IIS6.0, there is a file " name. asp; name. jpg"Represents a jpg file that can be executed as a file of the ASP script type.Based on this parsing vulnerability, we can upload images of this name type, such as1.asp;xxx.jpg 他会忽略;后边的内容，所以文件相当于1.aspASP a word Trojan HorseAfter finding the uploaded path, you can connect directly with the chopper. If the file content detection, you have to use the picture of the horse.Someti

This may be due to a communication problem, which led to an STRUTS2 official understanding of the S2-012 vulnerability name I submitted, a vulnerability described as an example application of struts2, but Struts2 was patched according to the framework. And this s2-012 unexpectedly caused a series of murders.In fact, send this article, I am very annoyed, who has a 0day hand, covering a half-day, the results

Objective Hello everybody, good man is me, I am a good man, I am -0nise. We often see XSS vulnerabilities in each of the major vulnerability reporting platforms. So the question is, why is there such a loophole? How should this vulnerability be fixed? Body 1.XSS? Xss? What the hell is XSS? XSS is also called a cross-site scripting attack (Cross Site scripting), and I won't tell him that it was originall

Vulnerability Description: ImageMagick is an extensive and popular image processing software. Recently, the software has been a burst of remote code execution vulnerabilities, numbered cve-2016–3714. This vulnerability allows an attacker to execute arbitrary code on the target server by uploading a maliciously constructed image file. Due to the wide application of ImageMagick, it has been determ

My personal mailbox many times received cosmetics advertising mail, it does not feel like a poison, so point open connection to see, originally is a Sales cosmetics business website. Look prettier, just don't know how safe it is? Previously noted Providence Business Network, but this stranger, I do not know what the system (as shown in Figure 1). Figure 1 Habitually to see whether there is no upload, incredibly did not find any upload pictures or other Dongdong place. Do not forget, register

In June on the black defense to see "dynamic network 7.1 loopholes found in the world," a paper, said admin_postings.asp file exists injection loopholes, but the prerequisite is to have a super moderator or front desk administrator rights. I think of the previous discovery of the 7.x version of the network has a foreground privilege elevation loophole, just can be combined to use. This foreground privilege elevation vulnerability is valid for both acc

Microsoft Security Bulletin MS12-020-Vulnerability in critical Remote Desktop could allow Remote Code Execution (2671387) This security update resolves two secret-reporting vulnerabilities in the Remote Desktop protocol. If an attacker sends a series of specially crafted RDP packets to the affected system, the more serious vulnerability in these vulnerabilities could allow remote code execution. By default,

Solve the 6, ASP Program Password Verification Vulnerability Vulnerability Description: Many web sites put passwords into the database and use the following SQL for login verification (for example, ASP) Sql= "SELECT * from user where username= '" username "' and Pass= '" Pass ' " At this point, you simply construct a special username and password based on SQL, such as: Ben ' or ' 1 ' = ' 1 You can go to

XXe The reason why the vulnerability cannot be reproduced The main problem is simplexml_load_file this function, in the old version is the default parsing entity, but in the new version, no longer the default parsing entity, you need to specify in the Simplexml_load_file function The third parameter is libxml_noent, Otherwise, the entity will not be parsed. XXe Entity injection detailed 0x00 background XXE injection is the XML External entity inject

Reference:Http://wooyun.jozxing.cc/static/bugs/wooyun-2014-059911.htmlHttp://bobao.360.cn/learning/detail/3841.htmlhttp://blog.csdn.net/u011721501/article/details/43775691http://thief.one/2017/06/20/1/The vulnerability is usually too small, and the impression is that it starts with X, presumably in relation to XML. Reference: http://thief.one/2017/06/20/1/ XXe vulnerability full name XML External entity inj

before learning to infiltrate, although also played the Universal password SQL Injection Vulnerability landing site backstage, but only will use, do not understand its principle. Today learning C # Database This piece, just learned this knowledge, just understand the original is how.Well-known universal password SQL Injection vulnerability, we believe very familiar with.Do not understand the simple understa

first, the steps of SQL injectionA) to find injection points (such as: Login interface, message board, etc.)b) The user constructs the SQL statement (for example: ' or 1=1#, which is explained later)c) Send SQL statements to the database management system (DBMS)D) The DBMS receives the request and interprets the request as a machine code instruction to perform the necessary access operationse) The DBMS accepts the returned result and processes it back to the userBecause the user constructs a spe

home:www.errs.cc$dsql->executenonequery ("UPDATE ' #@__guestbook ' SET ' msg ' = ' $msg ', ' posttime ' = '". Time (). "' WHERE id= ' $id ');ShowMsg ("Successful change or reply to a message! ", $GUEST _book_pos);Exit ();}home:www.errs.ccif ($g _isadmin){$row = $dsql->getone ("select * from ' #@__guestbook ' WHERE id= ' $id '");Require_once (dedetemplate. ' /plus/guestbook-admin.htm ');}Else{$row = $dsql->getone ("Select Id,title from ' #@__guestbook ' WHERE id= ' $id '");Require_once (dedetemp

This article and its attachments are published in the PostgreSQL Protocol. A friend once asked how to clear the cache. Without this function, it is very inconvenient to test. I made a patch This article and its attachments are published in the

This article and its attachments are published in the PostgreSQL Protocol A friend once asked how to clear the cache. Without this function, it is very inconvenient to test. I have made a patch. For more information, see the attachment. Provide

Ef-the latter tale. Introduction Note:Http://snow.2dgal.com/g_intro.php? Id = 11   Not a fairy tale. Following popular works", MinoriChallenge the new interactive novel "ef-A fairy tale of the two .』. Chapter 6: the second part of the story,

Game name: Xiu xianxiang-See you lover- Production Company: teatime Release date:   For this game, it is recommended that you compile it on the UI in Chinese.I think teatime's current game is far better than club I. Teatime Chinese is