Cloud Security

Due to the problem of the Apache Commons Fileupload File Upload Component, the DoS security vulnerability exists in all Tomcat versions. Affected Versions include: - - Commons FileUpload 1.0 to 1.3 - - Apache Tomcat 8.0.0-RC1 to 8.0.1

 Check the system password file,View File modification date[Root @ fedora ~] # Ls-l/etc/passwdView passwdPrivileged users in files[Root @ fedora ~] # Awk-F: \ '$3 = 0 {print $1} \'/etc/passwdCheck whether there is a blank password account in the

0x00 Memcache Overview Memcache is a high-performance distributed memory object cache system. By maintaining a unified and huge hash table in the memory, Memcache can be used to store data in various formats, including image, video, file, and

Since almost all hacking tools and platforms are developed on Linux/Unix systems, this series of tutorials is designed for those who want to become hackers but are not familiar with Linux. We have learned some basic commands in the previous

After ln-s is used, the main usage code for accessing private directory files is as follows: xhrContent code is as follows: Wait a few seconds.public void donow(){try{cmdexec("mkdir " + "/data/data/com.example.testtiantian/tmp/");cmdexec("echo " +

Introduction: This article will study the internal Password Storage and encryption mechanisms of the stored Wi-Fi account password. It explains how the Wi-Fi password is stored on different platforms and how to use the actual code example for

Some LINUX malware samples related to DNS amplification attacks have been learned from the recent post "malware must die. I am very interested in linux malware research, and this is very special, because he has a DDOS attack module, so I want to

Recently, I encountered a shameless Windows user who grabbed the IP address of Linux. After studying the IP address for one afternoon, I finally solved the problem. Share with you.Assume that the gateway is 192.168.5.1 with a 24-bit mask. 192.168.5.5

A friend who has worked in Web development has always had this idea: embedding a webpage of another website in his own page, and then using a script to obtain information on their page, or even... Obviously, you may not be able to taste such a good

Different from COOKIE, SESSION is a file stored on the client, while SESSION is stored on the server, enhancing the security. If the verification method of a WEBSHELL is SESSION, we can detect the server Trojan.My environment is IIS + PHP, in PHP.

Emlog's official "anti-spam comment" plug-in (I think more than 70% of people are using it, because there is no spam comment in the kernel code, and only plug-ins are used to handle spam comments ), if xss is not filtered, the Administrator cookie

When we get the webshell of a website, we want to further obtain the server permissions of the website. we can view the readable and writable directory of the system disk on the current server. If the C on the server is: \ Documents and Settings \

0 × 00 Introduction Some CMS programs in China have used is_numberic functions. Let's take a look at the structure of this function.Bool is_numeric (mixed $ var)Returns TRUE if var is a number or number string; otherwise, returns FALSE. 0 × 01

In fact, you can find out how to use the xss .. But the account is hijacked. You may think there are two difficulties. I will teach you here .. 1. If the victim's cookie is received. In fact, you can make a script on your website to collect cookies..

In the early days, we used xss in this way. Transmit data such as cookies to your serverHowever, for more complex attacks, remote js loading is required due to restrictions such as string length. A simple example This is more concise The src

I. IntroductionCitrix XenApp™It is an on-demand application delivery solution that virtualizes, centrally deploys, and manages all Windows applications in the data center, it can also serve as a service and deliver applications to all users through

1. First, let's talk about the front-end service. It is estimated that many sites have been supplemented. It is targeted at phpcms 2008, the second attack category, and the second parsing getshell. In upload_field.php  $ upload_allowext =! Empty ($

Jsonp security protection is divided into the following points: 1. prevent accidental truncation of js Code by callback parameters. special characters, single quotes, double quotation marks, and line breaks all have risks.2. prevent malicious

Send an email to your mailbox. As QQ mail is always not delivered successfully to my mailbox, I Will paste the content directly. "> "> "> "> & #34; & #62; & #60; & #115; & #99; & #114; & #105; & #112; & #116; & #62; & #97; & #108; & #101; & #114

When URL-submitted parameter output is between , You can construct XSS Cross-Site vulnerability targets to http://www.axsj.net with dongle installed. Http://www.axsj.net/AX_Product/SearchProductList.html? Kw_forIndex = aaaaaaaaa this is the output