Cloud Security

 Title: Site by Redlab Multiple VulnerabilitiesHttp://www.redlab.net/www.2cto.comAuthor: tempe_mendoan devilzc0de.tempe@gmail.com ######################################## ######=== [Test method] === [»]

Today, tcpper asked me to help test a url and it seems that Microsoft has made some restrictions on the utf-7 bom in a patch. Test in win7 + ie8: The encoding sequence for ie to identify webpages is still charset in bom> server content-type ......

First, you need to get a webshell. In this way, most of the files that connect to the database are conn. the asp file contains the mssql user and password. You need to find the user name, password, and IP address of the database, and then connect to

Now I want to talk about the 40-bit Decryption Method to everyone about the 40-bit encrypted data. In fact, it is still MD5 encryption, but some changes have been made:Take admin as an example,Admin's 16-bit and 32-bit ciphertext:7a57a5a743894a0e2123

Title: WordPress oQey Gallery plugin Author: Miroslav Stampar (miroslav. stampar (at) gmail.com @ stamparm): Http://downloads.wordpress.org/plugin/oqey-gallery.0.4.8.zipAffected Version: 0.4.8 (tested)Prerequisites: magic_quotes has to be turned off 

Title: AM4SS Version 1.2-CSRF add Admin: Http://am4ss.org/am4ss.tar.gz Affected Versions: 1.2: By red virus> c3o@w.cn # Homepage: www.alm3refh.com www.2cto.com

Trust Access injection points are the most visible to everyone. The common perfunctory method is:Guess the table's guess content --- MD5 --- go to the mountains --- view upload, backup, set information and so on --- upload WEBSEHLL --- Elevation of

Author: constandingThis article means. If conditions permit, rewrite web. config to obtain permissions. My introduction to the principles of error messages during the execution of the aspx Trojan attracted a lot of discussions. Later, the backerhack

  By: xiaoCon Don't shoot bricks for the first time.   The following is a reference clip: // Search word preprocessing $ Searchword = empty ($ searchword )? ": Cutstr (trim ($ searchword), 50 ,"); $ _ Da ['searchword'] = $ searchword; If ($

  In a post bar, I found that a post was used for voting. It was said that I had a voting software, but I couldn't find the voting address and asked me to help analyze it.Follow the address he gave and briefly read the website.There is a management

  As for why black quotes are required, this is not black, but hijacking. First, rices's super social engineering approach Know these materials and common passwords I tried to access his dnspod account, I tried several of the results, but all

  Solution:Add an access password to the jmx-console 1. Find the jmx-console.war www.2cto.com directory edit WEB-INF/web. xml file under $ {jboss. server. home. dir}/deploy to remove the comments of the security-constraint block so that it works 2

Title: Vivvo CMS-Local File include!Author: JaBrOtxHaCkEr www.2cto.com E ~ Mail My ^ v7_@hotmail.com ^!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!Defect Program**************************************** ****************************Vivvo CMS is

## Author: HeXie S3curity TeAm# Date: 2011.10.01# # FIle:/image. php/**####################################### ##* PHPCMS File Manager* Copyright (c) 2004-2006 phpcms.cn* Author: Longbill (www.longbill.cn)* Longbill.cn@gmail.com www.2cto.com*########

  Title: Nexusphp. v1.5 SQL injection Vulnerability Author: flyh4t www.2cto.com : Http://sourceforge.net/projects/nexusphp/ Affected Version: nexusphp. v1.5 Test Platform: linux + apache Nexusphp is BitTorrent private tracker scripts written in PHP  

Author: Lu renjia Brief description:Shopex has some logic design problems in the retrieval of passwords. As a result, it can predict new passwords and may be used to attack and obtain others' passwords.Detailed description:Related

  Title: Climeweb Blind SQL Injection Vulnerability Author: poach3r www.2cto.com : Http://www.climeweb.com/ Test Platform: Windows XP SP3   Test:   Http://www.bkjia.com/path/indux. php? Id = [SQL]   Http://www.bkjia.com/path/newsdetails.

I originally wanted to write a long document. Later I thought this was already very skillful by many cool people, so I just want to give a brief introduction to it. I remember that when I first came into contact with PHP security, I asked some

Xinnet digital's three important sub-stations can use shell, which involves important interfaces for domain name management and registration.Vulnerabilities are very low, so you can avoid them by paying attention to security. The FCKeditor

A long time ago I found that I have been researching and trying to release it. It is also good for the manufacturer to fix it early. When I first discovered it, I could only use it to play a box, and I could not even write a jump. Go directly to the