Cloud Security

Today, I took a foreign site, LAMP environment, and read files using load_file. It cannot be displayed. Neither can I use substring. I don't know if it is related to encoding. Later, I checked the Internet and found an article reading sam with

Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phpcollab.html Product: phpCollab Vendor: phpCollab Team (http://www.php-collab.org /) Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type:

5up3rh3iblog Http://www.80vul.com/test/gflashtoxml.htm   Code: the principle is that ExternalInterface is called through uploaderapi2.swf. call to determine the gmail logon status by judging the _ flash _ toXML function. Of course, the

SoftXMLCMS is an XML-based content management system. SoftXMLCMS has a file upload vulnerability, which may allow attackers to upload webshells. [+] Info:~~~~~~~~~SoftXMLCMS Shell Upload Vulnerability [+] Poc:~~~~~~~~~=== [Exploit] ===Asp "> http:/

By: Red Snow Official: http://www.chpanshi.net/ Ver: asp Enterprise Edition with the same background structure. This is not technical, it is just an experience. Don't scold me. (Thank you for Alan's upx8 invitation code) When you open a website,

================================== Vulnerability ID: HTB22946 Reference: http://www.htbridge.ch/advisory/multiple_ SQL _injection_in_ajax_category_dropdown_wordpress_plugin.html Product: Ajax Category Dropdown wordpress plugin Vendor:

Author: Mr. DzYAdded association between style and site table;Background: if admin/login. asp does not exist, you can guess it. Injection point: http://www.bkjia.com/index.asp? Subsite = 1Add the table name: dcore_user column name: user_admin

Brief description: The Save method of the ReportAll. ocx control does not filter the file name path, and any file overwrite vulnerability exists, Detailed Description: The Save method of the ReportAll. ocx control does not filter file name paths,

Brief description: JSP + ORACLEHttp://www.lib.tsinghua.edu.cn/homepage/announce_view.jsp? Id = 2217% 27 + or + 1% 3Dutl_inaddr.get_host_address % 28% 28% 28 select + distinct + chr % 28126% 29% 7C % 7 Cchr % 2839% 29% 7C % 7 Ccast % 28table_name +

# Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS # Date: # Author: Saif El-Sherei # Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip # Version: 1.4.0.3 latest updated 2011-4-19 #

Black blog Today, a website is detected to have a default message Book database. Microsoft VBScript compiler error 800a040e The loop statement lacks do. /Data. asp, row 474 Loop A few days ago, I created an ART2008CMS background, I have never found

Painful belief You can take a look at this article: http://www.bkjia.com/Article/201102/83165.html I recently published my thesis on how to inject vulnerabilities. I used to help my friends get PHP anti-injection. I think it is still a habit to do

First, the space server is the IIs7.0 script of win2008 system that supports asp asp.net (aspx) First, we assume that the Bypass Station is intruded and try to escalate the permission. Of course, I am saving a lot of things myself. ftp transfers an

1. You need to set the readable and writable html directories as data, templets, uploads, a, or 5.3;   2. You need to set the readable and executable directories that cannot be written to: include, member, plus, background management directory

DodeCMS was developed by Liaoning chengchuang Network Technology Co., Ltd. based on Microsoft ASP and general ACCESS database;The access mode adopts the dynamic mode, which basically realizes the custom functions of the system. The code is concise

# Exploit Title: Glasstree # Author: Caddy-Dz# Facebook Page: www.facebook.com/islam.caddy# E-mail: islam_babia@hotmail.com | Caddy-Dz@exploit-id.com# Category: webapps# Google Dork: intext: "powered by Glasstree.com" inurl:. asp? =# Tested on:

#------------------------------------------------------------------------ # Software ...... NoticeBoardPro 1.0 # Vulnerability ...... SQL Injection # Threat Level ...... Critical (4/5) # Download ...... http://www.NoticeBoardPro.com/ # Discovery

The path of the load_file () function used for mysql data injection to view its files:  1. replace (load_file (0x2F6574632F706173737764), 0x3c, 0x20)2. replace (load_file (char (47,101,116, 115,115,119,100,), char (60), char (32 ))The above two

##### Exploit Title: InHouse CMS # Author: Caddy-Dz# Facebook Page: www.facebook.com/islam.caddy# E-mail: islam_babia@hotmail.com | Caddy-Dz@exploit-id.com# Category: webapps# Google Dork: intext: "powered by InHouse CMS"# Tested on: [Windows Vista

// Obtain the table name, number of rows, and occupied spaceSELECT relname, reltuples, relpages * 8/1024 AS "MB" FROM pg_class order by relpages DESC;// Obtain the table's priamry keySelect column_name from information_schema.constraint_column_usage