Cloud Security

Analysis of attacker intrusion paths traced by Webshell Not long ago, we received an emergency response task in which a group's website was planted with a backdoor. Our job was to find the attacker's intrusion path and analyze the security problems

Comprehensive Protection of systems, files and programs In the Internet era, computer information security is crucial. System modification, program modification, and file deletion are all things we don't want to encounter. With the help of the

Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784)Apache OpenMeetings ZIP file path traversal vulnerability (CVE-2016-0784) Release date:Updated on:Affected Systems: Apache Group OpenMeetings 1.9.x - 3.1.0 Unaffected

Possible problems and solutions after iOS 9.3 is updated on iPhone The apple press conference was about a week ago. Have you updated iOS? If you haven't updated it, don't rush to remove the red dot on the "Settings" application. Because your old

Analysis of some recent changes to malicious office macro attachments In the past, the office macro series of malware did not rely on office. adobe vulnerabilities were popular, perhaps because the vulnerability mining costs were rising. Today's

Use ten lines of code to bypass anti-virus software for kill-free Process Analysis I originally intended to write a lengthy blog about bypass technologies for different anti-virus software, but when I started writing the first chapter of the

Simply bypassing Chome password to view the logic and how to view the Saved Password in the browser View logic:When you want to view the password saved in Chrome, click it to display a dialog box asking you to enter the Windows Password to verify

The popcorn main site has SQL injection to be filtered (POST involves more than 2400 tables in the master database of 30 databases) Popcorn master site SQL injection (POST involves more than 2400 tables in the master database with 30 database Cases)

Discussion on the Content of random numbers after Penetration ConceptRandom Number is the result of a special random test.Before The PassageThe Penetration Process has no bright spots. No great skill, just for fun.BeginThe target website is aspx and

View my direct connection to the master site www database (github leaks 28 databases/2 million user data with a password) RT Security #1 github leakage: https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c25

Analysis on arbitrary JS code execution beyond the XSS character limit I. Summary Some XSS vulnerabilities cannot be effectively exploited due to a limited number of characters. Only one dialog box can be displayed for YY. This article mainly

M1905 zabbix injection exists in a website of movie network, leading to background Command Execution Http: // 118.145.26.196/zabbix/index. phpThe zabbix version is too low. I remember there was a front-end injection hole in the past, so I typed it

Vulnerabilities in Git versions earlier than v2.7.1 allow attackers to execute code remotely. It is understood that security researchers found a security vulnerability in all versions of Git before version 2.7.1, which exists on both the server side

Can I use a train ticket to restore my ID card number? Today, we will show you how to use a train ticket to restore the complete ID card number. As we all know, a train ticket can have an incomplete name and ID card number. The four digits in the ID

Some accounts are leaked due to database hit attacks on a proxy server in 37wan (the proxy server leaks the Account resources used for database hit) The attacker's proxy settings are incorrect, causing a large number of requests to be sent to the

The Youku shared iframe player page has the dom xss vulnerability to obtain user cookies (vulnerability analysis process included) Xss vulnerability exists on the Youku shared iframe player page. You can exploit this vulnerability to obtain user

SQL Injection exists in the official medical inquiry APP (including 116 million + User Data) SQL Injection for APP security Objective: to query the Doctor's Android APPSQL Injection exists in the following areas:  Http://api.m.xywy.com/api? M =

Analysis of Microsoft WebDAV Elevation of Privilege Vulnerability (cve-2016-0051) 1. About cve-2016-0051The official description of Microsoft is as follows:If the Microsoft Web Distributed creation and Version Management (WebDAV) Client

Rowhammer attack technology can be used to attack some DDR4 Memory Modules Recently, security researchers have demonstrated a new Rowhammer attack that can be used to attack some DDR4 memory modules.Rowhammer attacks have a wide impactRowhammer

Symantec released its February 2016 threat intelligence report   According to the latest report in February 2016, one of every 125 emails contains malware. Based on data from the Global Intelligence Network (GIN), one of the world's largest threat