Cloud Security

KANG Sheng's authcode function can be said to have made significant contributions to the Chinese PHP community. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or

Fengxun foosun's registration file has a vulnerability. Hackers can use brute-force Administrator accounts and passwords. Vulnerability file: www.2cto.com/user/SetNextOptions. aspSimple Method: Violent Administrator

Author: Zui lie red dust First, it should be noted that the purpose of spoofing access is not to deceive the server. It was originally thought that adding a Referer header to the XMLHTTP object would be fine, but the result would not work, as would

Reduta You can learn from this article:What is DLL hijacking? DLL hijacking is commonly used to crack reverse programs. We can also use it for Webshell Elevation of Privilege. ● Causes of DLL hijacking ● Let's take a look at the causes of DLL

At night, I saw a FCKeditor all versian Arbitrary File Upload Vulnerability on Weibo. I am working on fckeditor using my framework recently. Address: http://www.bkjia.com/Article/201108/99594.html The result is basically meaningless (at least I

Outside: previous one: http://www.bkjia.com/Article/200903/36736.html Lu renjia Brief description: Ecmall makes a serious error by default. It bypasses the protection logic in the system and can contain arbitrary files for php code execution.Details:

Title: OneFileCMS v.1.1.1 Multiple Remote VulnerabilitiesAuthor: mr. pr0n (@ _ pr0n _)# Homepage: http://ghostinthelab.wordpress.com/-http://s3cure.gr: Http://onefilecms.com/download/onefilecms_site_v1.1.1.zipTest version: OneFileCMS v.1.1.1Test

If the value is 0, all projects are displayed ~ View source1 mysql> select * from login where username = 0; 2 + ----------- + ---------- + 3 | username | password | 4 + ----------- + ---------- + 5 | administrator | password | 6 | aaa | ccc | 7 + ---

When I opened it, I found that my number was blacklisted. The speed returned to the post. I was nervous. I found a system for the speed. Okay, I admit that I just read it, the array is not filtered and directly submitted to the query statement. The

In some large companies, mysql + php + apache is usually used, and Microsoft SQL Server injection is rarely used. During vulnerability processing or testing, for some valuable injection testing ideas and SQL statements, you can forget the text. Here,

Problem System: supplier system http://www.vans-china.cn repair is not complete, bypass login is repaired, post repair is not completely, from URL injection into a blind note, get N multi-data. Post parameter, USERNO. The post package is as follows:

Remember that the previous blog recorded an error injection Article {Injection Technique: how to inject and use mysql three error Modes}, Today I saw another, and then share it with everyone http://xxx.cn/qcwh/content/detail.php? Id = 330 & sid = 19

Fan scalping vulnerability! Supports CSRF and Home Page worms. Test only! Currently, official V3 users are 3 K + users. For more information, see here. Site:Http://demo.thinksns.com is still a demo, it is necessary to test. The CSRF worm can be

URL: http://test.myoppo.com/bluesword/blue_sword.php? T = t_upload & Action = PostMsg Someone has previously uploaded this file, but the Administrator has completed fixing the vulnerability .. Although the PHP file is forbidden, you can continue to

Such a strange name is a bit fresh in this article. Many cainiao like me don't know anything, so they know that the tool starts to crash. Go to the workshop after reading a tutorial. I don't understand anything. Let's analyze the principle of this

There is no parallel permission control.Soufangbang ERP-no parallel permission control is available for all modules of the real estate business management system. Other user modules can be operated and user accounts can be stolen. Http://erp.soufun.

Write a cainiao article. This website was launched on December 20 ,. The time relationship is written only today. Let's take a look at the website. The main site. I checked that there are no vulnerabilities.Take out the [Fans] Daniel wwwscan

Open-source free java CMS-FreeCMS1.3-Data Object-mail Project address: https://code.google.com/p/freecms/   Submitted action: Http: // localhost: 8080/ff/login_login.do? User. loginname = EXP         Add account: http://localhost:8080/ff/login_login.

MetInfo released the new version 5.1.5 on the 23rd and fixed the vulnerability mentioned in this Article. Of course, it should strictly be an arbitrary variable overwrite vulnerability .... ps: You are welcome to repost it in various forms. The

The latest dedecms variable overwrite vulnerability can control global variables, but cannot fully control $ GLOBALS [$ v1]. = $ v2; note that the incremental content is added on the initialized global variable content. Currently, public