Cloud Security

Title: razorCMS 1.2 Path TraversalAuthor: chap0: Http://www.razorcms.co.uk/archive/core/Affected Versions: 1.2Test Platform: UbuntuPatch: Upgrade to latest release 1.2.1  RazorCMS is vulnerable to Path Traversal, when logged inA least privileged

Brief description: The Discuz 4.0 profile picture can be configured with a post xss script,It may be an old vulnerability. I found it on an intranet forum. I don't know if it hasn't been upgraded ......Description: In the Discuz 4.0 profile picture

Sae supports a large number of streams, but only one http protocol is actually encapsulated. The purpose of encapsulation is to control user requests, for example, you can restrict the target address of access and control the number of requests in a

Brief description: The cause is caused by the log Editor, which is not strictly filtered. clickjacking is mainly used to hijack clicks. ps: I wonder if it can be set as a clickjacking vulnerability.Detailed Description: insert code into the log 

Program: http://wapvy.cn/FILE/DOWNLOAD/2011/07/09/2011070902255801.rar  First injection: http://www.bkjia.com/bbs/bbsvice. asp? Action = view & id = [SQL]Filtering; chicken ribs The second serial number is used to kill the wap mobile phone network

By ettackMain functions involvedInclude (), require (), include_once (), require_once ()Aggregate (), aggregate (), allow_url_include (), aggregate (), readfile () file (), and file_get_contents (), upload_tmp_dir (), post_max_size (), and max_input_

Header: Ananta Gazelle CMS-Update Statement SQL injectionAuthor: hackme: Http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/Ananta_Gazelle1.0.zip/Affected Version: 1.0 stableTest Platform: backbox 2.1 [Apologize for poor English

Title: ForkCMS 3.2.5 Multiple VulnerabilitiesAuthor: Ivano Binetti www.2cto.comSoftware: http://www.fork-cms.com/downloadDevelopers: http://www.fork-cms.com/Affected Versions: 3.2.5 and lowerTest System: Debian Squeeze (6.0)+ ---- Multiple defects

Cross-Site-Scripting is also called a Cross-Site Scripting attack, which is usually abbreviated as XSS.Or here to add knowledge: http://en.wikipedia.org/wiki/Cross-site_scriptingDue to work needs, we have recently studied some common attack methods

========================================================== ==============================Title: [Iranian] Saman portal LFIAuthor: TMTEmail: taktaz_m2800 [a. t] yahoo.comType: PHPAddress: http://www.sis-eg.comOverview:The defects are found in

The nickname of the Sina Blog avatar does not filter the submitted data. attackers can submit malicious code. At the same time, security settings such as verification codes are not found in nickname modification, which may cause a CSRF Vulnerability

HTTPS (full name: Hypertext Transfer Protocol over Secure Socket Layer) is an HTTP channel targeted at security. It is simply a Secure version of HTTP. That is, the SSL layer is added under HTTP. The Security Foundation of HTTPS is SSL, so the

Brief description: the backend management of a sub-station in Soufun can bypass verification.Http://dg.soufun.com/market/zhongjie/admin/1. SQL injection in the logon box. You can construct a query statement to bypass verification, for example, 'or ''

I heard from my friends that there are many vulnerabilities in the simplog, so let's take a look at how insecure his program is. Because of time issues, I will analyze them from the code. I will not write this part for testing !!! It's about to get

Www.2cto.com: the new version of dz requires a security code. I'm afraid this is hard to get.Which versions have vulnerabilities? You can test the vulnerability by yourself. If you can install the plug-in, you can get the shell. It has been in your

First look at the file sms. phpCan see not to filter ------------------------------------ using the method as follows 1. http://demo.easethink.com/sms.php? Act = subscribe first get the verification code! Stitch it to verify2.

Order submission on the official website always fails, so you can only test the vulnerability code in Line 73 of module \ index \ order. php. $ _ P_info ['order _ productmoney'] = $ money ['order _ productmoney']; $ _ p_info ['order _ wlmoney '] = $

There is a problem with the system background Permission Logic verification, resulting in a backend module function being bypassed and unauthorized accessThe background administrator permission is verified in the file \ public \ class_connector.php:

1, first register a user test, normal login time point forgot password, select mailbox retrieve password get Reset Password connection http://www.kugou.com/newuc/user/resetpwd/code=EE0544XXXXX4CEBB2E41E56C8E0A6413E43FA3FC19B9E0109DC39CD44C76906392264

"Security is a whole. to ensure security, it is not how powerful it is, but where it is actually weak." -- Jianxin From the perspective of many cases of penetration into the intranet of large enterprises, most intruders find vulnerabilities on the