Cloud Security

  Author: constandingEach student may encounter an error message when uploading the aspx Trojan and cannot execute the cmd command or IISSPY. For example:Figure 1] I believe many people do not understand the principles. Let me talk about it.First,

One day, a web design friend sent me a website (www. ba *******. net) and asked me how I felt? Isn't the website well designed? I clearly know that I am not very good at art, especially in aesthetic design, but I am still sending it, but now I have

Today, I am engaged in an edu with a hacker, and I am very sad to urge the webmaster. I installed ke Xun 6.5 just a while ago. Now I am directly burst into Chrysanthemum... T00ls's Daniel only provides the method of exploits. I cracked md5, but I

Brief description: on a log page, the first line of Wood All error logs are recorded there. Including the absolute website pathDetails:/caches/error_log.phpThis is a situation where the trojan cannot be added in the first line. . In this way,

Nowadays, virtual hosts are becoming more and more secure. Although they cannot directly go to the target website directory, they can read the SessionThe following is a demonstration: localtest1.safe121.com and localtest2.safe121.com.Assume that we

Brief description: Smarty is a widely used front-end template framework in PHP. However, because Smarty3 introduces new features, in some cases, you can use feature combinations to directly execute arbitrary code remotely. Detailed description:

In fact, there have been many articles about mysql injection on the Internet ~ But there is still a lack of emphasis ~ Use into outfile to write the code to the web directory and obtain WEBSHELL.First, three innate conditions are required. ① Know

What is SQL injection? Many website programs do not judge the validity of user input data when writing, which poses security risks to applications. You can submit a piece of database query code (usually in the address bar of a browser and access

From: black box of RAyh4c The uckey is exposed across databases and is queried across databases to the ucenter. I will not go into details here.     Number of databases exposed Profilesubmit = 1 & formhash = 232d1c54 & info [A', (select 1 from

Title: WordPress UnGallery plugin Author: Miroslav Stampar (miroslav. stampar (at) gmail.com @ stamparm): Http://downloads.wordpress.org/plugin/ungallery.1.5.8.zipTested version: 1.5.8 ---Test Method---#! /Bin/python Import urllib2 FILEPATH =

The problem is in buy a good network of mobile phone shopping site: http://m.17mh.com A. Any brush money, instantly turned high handsome rich! 1) register a user, log on to the site, start shopping, watch the computer for a long time rough skin, buy

#! /Bin/sh # Exploit Title: Kloxo Local Privilege Escalation # Google Dork: inurl: kiddies # Date: August 2012 or so # Exploit Author: HTP # Vendor Homepage: http://lxcenter.org/# Software Link: [download link if available] # Version: 6.1.6 (Latest)

Sina pass logon. After tests, this xss does not affect Sina Weibo. It can affect all products under the sina.com.cn domain name. The defect location is limited to 20 bytes (actually 18 bytes ), through some construction, attackers can call arbitrary

Author: President @ shadow team (www.anying.org) must indicate the author and team website.In the past, the simple sister wrote "still a GetShell" to write IIS7.5 + DZ using parsing to generate a horse GetShell Article address:

This is not an era in which XSS vulnerabilities are prevalent. This vulnerability has little harm, The problem actually exists but has little impact. Vulnerability exploitation address: http://list.daquan.xunlei.com/feedback/collect.php? Callback =

Today, I met a WAF with a red umbrella. I tested it and found that many of them intercepted it. However, any WAF is not omnipotent. In this regard, the waf I found a defect. For example, there is no matching policy on Characters in size. I can

This vulnerability is in account management and is a logical issue. The 11 account of jianxin is punking. Obtain the punking id from the recording center as 301098178 Logon account management. Click Change Password and capture packets. Change the id_

After the video is uploaded, the file is submitted, captured, modified, submitted, and directly returned to the file path. On the upload page, a kitchen knife is displayed to connect to the database and use it for SA. The SA user can execute system

. The SiteServer cms on the net platform has powerful functions but has many problems. The cookis found to be a test, in version 3.44 and later versions, a local environment is created, and then the system logs in to capture and manage cookis, and

I submitted a report on the April 13 vulnerability platform in 360, and provided a tool to calculate db_pscode. Db_pscode is a String constant randomly generated during installation and saved in the configuration file. On July 6, April 22, the new