Cloud Security

========================================================== ==================SiteGenius Blind SQL injection vulnerability========================================================== ==================  # Exploit title: SiteGenius Blind SQL injection

By: jannockAll the data transmitted over the Internet means that the backend can be used only when the plus directory exists, and the server can be connected externally, the shell can be used. Prerequisites: You must prepare your own dede database

Brief description: After clicking a specific content on Weibo, you can call an external JS file on the current page.(No account yet, leave a nickname) -- by gainover 2011/7/13Detailed description:Cause of the vulnerability: When music is inserted

Brief description: This vulnerability allows you to directly execute any PHP script file in the background, directly obtain webshell, and obtain the permissions of the entire server. SnDetailed description: First register an account in http://shop.

Background login injection points, but the tragedy is that no echo can only be blind. What's even more tragic is that the mysql database version is version 5!But fortunately, the site is the asp.net program that can display some information after

Generally, after the eweb uploads the shell, click "source code" to see the path,However, the situation here is a bit special. It is incorrect to copy the path shown above directly. In this case, you can go to the style editing page to check the

The search box in the clove garden is quite strange. When I encounter so many search boxes, some special characters such as <> or "are filtered out. Only a few sub-sites (many, almost all affected) are not filtered. Affected sites:

Http://3g.admin5.com /? Appid = 330051% 27% 20and % 20 sleep % 282% 29% 3d % 27 & host = admin5.com & src = http://bbs.admin5.com/forum.php? Mod = viewthread & tid = 10112420 http://3g.admin5.com /? Appid = 330051% 27% 20and % 20 sleep % 281% 29% 3d

Chrome and ff are effective, IE is not tested, and Baidu users need to log on   When you search for more than two Chinese characters on the Baidu homepage, the search content and Pinyin will be written to the localstorage of the browser. When you

It is still a functional defect, and I am sorry for some old filtering errors made by developers.1. The template log shows that there is such a player. Add a song to the player, send a log at will, and capture packets at the same time.   2. We

1. Use the password retrieval function and enter the account you want to retrieve the password for. In this test, the official account "OPPO community" is used as an example to capture packets using the packet capture tool. The following data

Submit for interception, POST http://www.lusen.com:80/Member/RetrievePassword.aspx HTTP/1.1 Host: www. lusen. comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv: 19.0) Gecko/20100101 Firefox/19.0 Accept: text/html, application/xhtml + xml,

First post the original article: http://www.bkjia.com/Article/201305/211043.html This is a good vulnerability, not how widely IPB is currently using (although it was still widely used in my time, sigh, so old)However, the main advantage of this

I am the first to collect information. See the picture, you know. Some background files are deleted in the afternoon, and you are too lazy to manage them. In the background of the OA system, excessive authority is allowed to view a lot of sensitive

Title party !, The article is short. Haha! I studied php before. Php automatically performs similar conversions. This is a feature of php, not known as 0-day,Perl. Directly cutting the text, everyone who learns php knows the difference between "="

At present, many websites have doneRewrite, Such /?id=1 /1 /1111.phpUnder the general trend, the attack threshold gradually increases. In this way, there are advantages and disadvantages. Those who like to study will go deep into it. On the other

First, the website's main site has a feedback. Then I inserted the code at will. However. The dedecms page is displayed after successful submission. Then I will know. It must have failed. Open data/admin/ver.txt and find that the version is very old.

1. Modify webshell Webshell, such as eval ($ _ POST []), is familiar to everyone. In recent years, many variants have been derived based on common webshells, increasing the difficulty of detection. Let's take a look at several samples taken from the

You can use another Weibo account to send Weibo messages by modifying the sid. First, log on to t.3g.qq.com and click the home page. I found my own URL with sid... Then Baidu finds a sid at will. This id should have a retention period, because some

Recently, we have been engaged in some web security issues, but we still have some gains. Actually, I am not a hacker. I am really a white hat. Today, we are going to penetrate a website. We have used several traditional injection methods and found