Cloud Security

This shell seems like a fierce shell!This shell successfully used the flower command generation engine, and the younger brother finally failed to analyze the OEP. I will show you the learning records.I have analyzed the Protection Technology:

When I went around today, I accidentally found a crackme, so I tried it.Install the sample first.  The figure shows the registration method of the user name and serial number.Then we will decompile the apk to see the code.In the code, run the

[Author's statement]: I am only interested and have no other purpose. For errors, please enlighten us![Debugging environment]: WinXP, Ollydbg1.10C, WinHex, LordPE, UPXAngela, ImportREC---------------------------------[Shelling Process ]:In fact,

I finally got the magazine "", which contains a "SQL formatting tool". It actually took 50 RMB to register. Although it can be used for trial, I still felt very uncomfortable, so I continued my style, piracy is supported.Check the shell first, and

[Cracking tool] PEiD, OllyDbg [Difficulty of cracking] ++ beginner ++ [Cracking platform] WinXP SP2 Bytes ----------------------------------------------------------------------------------------------[Introduction] 1. You can enter the website2. You

With this vulnerability, third-party applications registered on the Netease open platform can skip the page asking users if they are authorized, and directly obtain users' authorized access to user sensitive information.The normal oauth

1) register a user and test to find that "" are filtered out, so they are looking for other Breakthrough points. 2) The whole website seems to have only uploaded their own profile pictures. 2.1) select an image and upload it. 2.2) the packet capture

Discuz! X2.5 a Flash application has a vulnerability that may cause cross-site scripting attacks. The last time we talked about flash. external. externalInterface. call ($ methodName, $ parameter) in the browser is executed by try {_ flash _ toXML ($

My amazing discovery today,Current webkit-Based Kernel(Chrome, Safari, etc.), you can set domain to the last level (content after the last point) through document. domain ). Example: Www. qgy18.ComYou can set domain to "com" instead of "cn" or

Success Qool CMS v2.0 RC2 XSRF Add Root Exploit Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities '/> '/> '/> '/> '/> '/> '/> '/>

Original: http://www.anying.org/thread-36-1-1.html reprint must indicate the original addressRecently, I have seen many people talking about XSS on the Internet. I used the shadow platform to express my understanding of this part.In fact, many

Hello list! Earlier I 've wrote about Content Spoofing and Cross-Site ScriptingVulnerabilities in SWFUpload (http://securityvulns.ru/docs29181.html). ThisIs very popular flash-file, which is used at tens millions of web sites andIn hundreds of web

Phpwind9.0 was released after a long delay. It looks like NB, but who knows it? All kinds of bugs are everywhere, all kinds of errors... this is an example. The killer type ..., the official website does not fix the problem. I am using a new version

Arbitrary User Password Modification Vulnerability in the temple library network where the password is retrievedAs long as you know the user name, the verification code is a 6-digit pure number, which can be cracked, and the verification codes sent

The problem lies in the "Happy rent" under the Home Network. The two websites should share the database, but happy rent has a set of independent registration, login, and password reset logic! 1) when I came to the happy rent password reset function,

Currently, the talent website system used in China has the blind injection vulnerability... Vulnerability page: Educate/Book_Info.asp .. Query management account: + aNd + 0 = (selEct + toP + 1 + su_SupperName + frOm + pH_Web_Supper) query management

The submitted parameter is not determined, so any file can be written to the server... wap/Plus/PhotoVote. asp 14-23 Dim KS: Set KS = New PublicClsDim ID: ID = Replace (KS. S ("ID"), "", "") Dim ChannelID: ChannelID = KS. G ("ChannelID") If

The idea is to match the script file and the configuration file hash to find out the script or configuration file whose hash is changed. The script has three parameters: 1.-save reads the web directory and configuration file, calculate the hash

Some time ago I went to listen to the internal 4399 mobile game boss and talked about some php security knowledge, some of which I have never heard of, some of which I have heard of, and I think it is better, the principle of SQL injection is very

After the bigbull dug out the comment plug-in's comment box and executed the Cross-Site Script, the light heron filtered out the comment box, if "1. log On again. Do not select social login. You must enter the homepage field (cross-site access