Cloud Security

Measure the test taker's knowledge about DOS Vulnerabilities in the Android system.0x00 Preface There are some vulnerabilities in the Android system that can cause the system to restart. Of course, restarting the system is only a phenomenon. Some

Linux single-user password cracking Ubunt1. When the system is started to grub, use the up/down key to move to the recovery mode of the second line, and press e (note not to press Enter)That is, Ubutn, kernel 2.6.12-9-386 (recovery mode)2. Change ro

Apache Web Server Security Configuration small TIPS Apache is one of the most widely used open-source WEB servers. It is widely used because of its excellent stability and rich functional modules, almost all Linux distributions have Apache services

Wargama-leviathan WriteupLevel 0 This is a simple introduction to the game. Of course, there is also a clear account and password. Open the web page and you will see it again.Level 0-> 1 Use the account and password obtained from the previous

Baidu statistics js hijacked for DDOS Github0x00 background At noon today, the largest Information Security practitioner zone.wooyun.org of the same-sex dating community in China, suddenly the browser m keeps popping up every few seconds: My first

How to use Linux bots to penetrate a small Intranet The shell method in the case is relatively simple. We only focus on the limited space, starting from obtaining permissions.Install BackdoorAfter entering the system, my RP was so lucky that it

O & M shell commands 1. display the 10 processes that consume the most memory/CPU Ps aux | sort-nk + 4 | tail-10Ps aux | sort-nk + 3 | tail-10 2. view the number of concurrent Apache requests and their TCP connection status netstat -n | awk

How to decrypt the Flash Vulnerability in the Nuclear Vulnerability exploitation Kit In recent years, the Exploit Kit (EK) has gathered a variety of vulnerability exploitation tools to perform automated analysis and vulnerability exploitation tests

Decrypt 10 million passwords: view human nature through passwords (1) We already know a lot about the password. For example, most passwords are short, simple, and easy to crack. However, we know little about the psychological reasons for a person

China Mobile Wallet Business getshell (involving multiple sub-sites in multiple databases, can replace APK)   Struts2 VulnerabilityHttp://wxhd.shwxcs.cn/PhotoflyingCity/AppActivityNfc/index.action? Urlcategory = 1 & appid = ap300000000000000034 &

A full-version stored XSS plug-in WordPress can be used in the background to affect more than 30 thousand websites Today, I entered my blog background as usual. I opened the SEO Redirection plug-in setting interface to check the redirect status of

Phpyun v3.2 (20141226) Injection The first newly discovered item is In model/redeem. class. php Function dh_action () {$ this-> public_action (); if (! $ This-> uid &&! $ This-> username) {$ this-> obj-> ACT_layer_msg ("You have not logged on yet.

An SQL blind injection vulnerability exists in a substation of Tianji. SQL blind injection (with verification script) The Tipask Q & A system has 12 injection packages:

Mining XSS vulnerabilities in HTML5 mobile apps Now it is increasingly popular to develop mobile apps using HTML5. HTML5 is not only highly efficient in development, but also cross-platform and highly reusable in code. Zoho (the world's largest

Fanwe shopping shares the latest foreground Code Vulnerability One step and two steps are similar to the Devil's pace Defect file:/Core/function/global. func. phpAs follows:  /*** Display page ** @ param string $ cache_file cache path * @ param bool

Cross-origin Scripting Vulnerability (poc) in the browser provided by Huawei mobile phone)       Solution: Restrict script execution on builtins objects

12 injection packages in the Tipask Q & A SystemWhen taking part in a public test, the manufacturer used this system and downloaded it and looked at it and found a lot of injection. Because the backend SQL statements of the program do not enclose

ADO. NET Quick Start-SQL injection attacksRelated Knowledge: You can construct an SQL command string through String concatenation. However, the concatenation of SQL command strings is an important cause of "SQL injection attacks. Consider the

WordPress plugin Google Analytics by Yoast stored XSS Vulnerability The storage XSS vulnerability is exposed in the famous WordPress plug-in Google Analytics by Yoast, which allows unauthorized attackers to store any HTML code, including JavaScript,

Douban mobile csrf replies to any post Csrf can be used for spam comments -- POST/group/topic/72292507/comments HTTP/1.1 Host: m. douban. comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv: 35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,