Cloud Security

Try to analyze the computing Verification Code 0x00 Preface The original intention of the verification code is human-machine recognition. However, most of the time is only used to increase the time cost and reduce the frequency. If it is only for

Corega CG-WLBARGS Privilege Escalation Vulnerability (CVE-2015-7792)Corega CG-WLBARGS Privilege Escalation Vulnerability (CVE-2015-7792) Release date:Updated on:Affected Systems: Corega CG-WLNCM4G Description: CVE (CAN) ID: CVE-2015-7792Corega

Lobotomy: Android Reverse Engineering Framework (Part1) If you have followed the previous articles on Android security, you should be familiar with rotlogix. He is keen on the mobile security business and plays a binary role. This series of

Google Chrome MIDI Subsystem Application Crash Vulnerabilities (CVE-2015-6792)Google Chrome MIDI Subsystem Application Crash Vulnerabilities (CVE-2015-6792) Release date:Updated on:Affected Systems: Google Chrome Description: CVE (CAN) ID: CVE-2015

Seven methods for hackers to use Wi-Fi to attack youSeven Ways for hackers to use Wi-Fi to infringe your privacy Wi-Fi-Ah, you are so convenient, but so dangerous! Here, we will introduce seven methods and countermeasures to "generously donate" your

JAVA serialization, deserialization, and vulnerability remediation Last week, cyber security staff suffered a further setback in front of the black market. Joomla exposed high-risk 0-day vulnerabilities, which can be triggered without user login.

Analysis of the pseudo "Student transcript" Agent Trojan Review: When the graduation season is approaching, student transcript has always been the focus of parents' attention. Alibaba mobile security lab has previously discovered a malicious App

The wonderful site of ASP + MySQL won shell Wonderful site of ASP + MySQLBored, casually google a site, click the link, asp, id followed by a ', immediately reported an error. However, the error message is still very bright. The mysql error message

Espcms latest V6.4.15.08.25 arbitrary User Logon Vulnerability Appears at User Logon/interface/memebermain. phpFunction in_center (){If ($ this-> CON ['mem _ isucenter ']) {Include_once admin_ROOT. 'public/uc_client/client. php ';}Parent:

Discussion on PHP-based Automatic Webshell Detection For network maintenance personnel, I am afraid the biggest headache is that the website is hacked, and a backdoor is left, and even the server is Elevation of Privilege. Hacker usually leaves a

Tang Dynasty scanner parallel excessive access to view sub-domain name \ ip Meow Simple and rude, parallel excessive permissions. After logging in, you can directly view other task IDS by modifying taskids (other enterprise users)I also called the

A giant network design defect cracking Weak Password It's not easy. Ask for a homepage and a high rank. We all know dudu.Dudu.ztgame.comThey are all broadcasters. In theory, they all have backend management. Find them.Google

Attackers can bypass logon authentication if a system is improperly configured. Chicken ribsHttp://photos.xywy.com Login page requires authentication before entering   However, a directory was found during the test. index.php? We will bring this

China Water Association equipment Commission's website SQL Injection China Water Association equipment network-China Water Industry Authority-China Water Association equipment Commission's website, SQL injection to login website management

A post-type SQL injection vulnerability exists in a website of alimama. POST/Loupan-Search? A = index & g = Loupan & m = Search HTTP/1.1Content-Length: 176Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http:/

Cool music MySQL blind injection (bypass filtering) Where Parameter: sid (GET) Type: AND/OR time-based blind Title: MySQL It seems that the BENCHMARK function is no longer usable, but the test finds thatTrue

Alimama traveled to a website where tamper bypasses SQL Injection Another website found an injection during packet capture !~~~ Injection address:Http://m.lvmama.com/activity/index.php? S = L1509/shiyiCityDataInfo & v = 0.708363635931164 & callback =

An important website of Anhua insurance has the JAVA deserialization Vulnerability (which can penetrate multiple systems in depth) Anhua insurance http: // 221.8.57.106: 7006/http: // 221.8.57.106: 7009/weblogic deserialization vulnerability rebound

Man-in-the-middle attack & defense methods One very interesting thing about network security is that, as technology changes, the old network attack methods will be used again. Just like MiTM ). The objective of this attack is to put an attacker in

58. Multiple groups of mailbox passwords in the market group were leaked I was too busy recently and didn't have time to submit the vulnerability. But I suddenly found that wb was not enough to enter the zone. I was very depressed. The previous