Cloud Security

[CVE-2015-2080] Jetty web server Remote shared buffer Leakage0x00 Introduction A very ugly security company named GDS recently discovered a jetty web server security vulnerability that allows attackers to remotely read previous request information

Samba File Sharing Service Remote Command Execution Vulnerability (CVE-2015-0240)   The violent CVE-2015-0240 security vulnerability occurs in the smbd daemon, which can be exploited by malicious samba clients. attackers send a specially crafted

Cross-Domain command execution (QQ, browser, email, etc.) is caused by xss stored in the whole system of IOS) The last edit was tested and found that the ios version existed a long time ago. It may have been in existence for many years. It can

How to prevent brute force attacks It is very simple to prevent brute-force cracking. Whether it is a B/S architecture or a C/S architecture, the following points are summarized below. 1. complexity of passwordsThere is no doubt that the password

Shell scripts for safely deleting and restoring files in CentOS Currently, most of the Linux file systems are in Ext3 format. Once a file is deleted, it may not be restored, even if it can be recovered. Therefore, executing the rm command becomes

How to check whether the Mac system is infected with the iWorm virus? Recently, a Mac system virus called "iWorm" spread freely. It can execute commands on Mac computers and steal user data. According to statistics, 18.5 thousand Mac computers

Getshell can access the Intranet to obtain domain control and solutions from yifen. Http: // 112.65.254.20.: 8080/jmx-console/ This is another server.And the last It is not completely fixed. As a result, getshell can be performed again.JBOOS

How to Prevent SQL Injection in Pyhton The Code is as follows: c=db.cursor()max_price=5c.execute("""SELECT spam, eggs, sausage FROM breakfast WHERE price Note that the separator between the preceding SQL string and the subsequent tuple is

Summary of use of character Security filtering functions in PHP In the WEB development process, we often need to obtain user input data from all over the world. However, we "Never trust the data input by those users ". Therefore, various Web

Research on the New Arbitrary File Read Vulnerability0x00 Preface Boooom has discovered many Arbitrary File Read vulnerabilities on wooyun, which are like Http: // target/.../etc [wooyun]/passwd In this way. At that time, I felt very novel, because

Read.html5.qq.comHttp://read.html5.qq.com/image? ImageUrl = http: // XXX is a service that compresses third-party images for mobile users and uses HAProxy for load balancing.In actual tests, it is found that the page content can be contaminated

MYSQL injection from a station in Zhongguancun online (ascll code bypasses waf skills) Website: active.zol.com.cn Parameter blind InjectionFiltering is available, but it can be bypass.  GET/09 active/vote/index. php? Id = 4353% 20and % 20if

CVE-2015-2080 Analysis Jetty is a widely used java container. When developing java Web applications, jetty is used as an embedded container, which is very convenient for debugging. Many large Internet companies use it to replace tomcat. As far as I

Methods to break through the jsp website after encountering a firewall There is a website with an upload point and any suffix. Then I rushed to upload a common jsp without a password. However, when I visited the address, I found that the browser

51 auto network password Modification Vulnerability for any user 51 cars can be scanned in batches on the registration page The following is a scanned number, which is only used for testing.  Retrieve the password on your mobile phone 

UWA 2.X v2.1.5 multiple storage xss First Submit an article. The author does not filter double quotation marks.  Onfocusin = alert (0) autofocus x ="Triggered during Administrator review  Second place.Capture packets and modify article

The chance of a virtual machine breaking through the physical machine is the dawn of mysql injection failure! The reason is that I tried to enter a second-level website of my high school alma mater. The last thing came to my head. I felt lucky and

YYjiacms v3.0 SQL injection. (Official Website demo, you can directly change the management password) The source code zend is encrypted .. So. Black Box test -. -Let's talk about how to use it.  The demo of the enhanced pc version on the

Gray-box web Security Detection Technology In traditional application testing methods, gray-box testing is between white-box testing and black-box testing. Gray-box web Security Detection still follows the concept of gray-box testing, but only

Analysis of malicious IP. Board CMS redirection IP. Board CMS is a famous CMS system that allows users to easily create and manage online communities. Sucuri researchers recently discovered a redirection for IP. Board. After analysis, the