Cloud Security

PostgreSQL Information Leakage Vulnerability (CVE-2014-8161) Release date:Updated on: Affected Systems:PostgreSQL 9.4PostgreSQL 9.1PostgreSQL 8.4Description:Bugtraq id: 72538CVE (CAN) ID: CVE-2014-8161 PostgreSQL is an advanced object-relational

After the MySQL database is attacked and tampered with, it uses backup and binlog for data recovery.This article mainly describes how MySQL is attacked and tampered with data, and uses slave database backup and Binlog of the master database for

Server security protection measures Today, we will explain some specific measures for server security protection through multiple backups. Let's take a look at them carefully.   　　1. Start with the foundation and provide basic protection.   First,

Siemens Ruggedcom WIN product Remote Security Restriction Bypass Vulnerability (CVE-2015-1448) Release date:Updated on: Affected Systems:Siemens Ruggedcom WIN 72xxSiemens Ruggedcom WIN 70xxSiemens Ruggedcom WIN 52xxSiemens Ruggedcom WIN

Multiple security vulnerabilities in Google Chrome 40.0.2214.91 Release date:Updated on: Affected Systems:Google Chrome 40.0.2214.91Description:Bugtraq id: 72288CVE (CAN) ID: CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927,

Zend Framework Session Validators security measure Bypass Vulnerability Release date:Updated on: Affected Systems:Zend FrameworkDescription:Bugtraq id: 72270 Zend Framework (ZF) is an open-source PHP5 development Framework that can be used to

Black out student cards at Oklahoma State University0x00 basic magnetic stripe knowledge All content in this article is for study and research purposes only. If it is used for illegal purposes, you are solely responsible for any consequences! Note:

Crude CC attack-HTTP Flood HTTP Flood is an attack on Web Services in Layer 7 protocol.Hazard: Simple attack methods, difficult defense and filtering, and huge impact on hostsAttack method: HTTP Flood attacks do not need to control a large number of

Anti-Virus Defense Research: self-replication and self-DeletionI. PrefaceBased on Computer Security knowledge, the series of anti-virus attack and defense studies anti-virus Trojan technology by analyzing common techniques implemented by virus and

How to correctly test and maintain the firewall?Eric Cole, a technical expert in this article, describes how to solve the problem of low firewall performance and fault through proper maintenance and testing. Most enterprises think that firewall is a

Discovering the New World: The simplest way to crack SSL encrypted network data packets1. Introduction I believe that the peers who can access this article will basically use WireShark, a popular network packet capture tool, to capture corresponding

PHP automated code auditing technology0x00 As there is nothing to update in the blog, I will summarize what I have done. As a blog, I will mainly talk about some of the technologies used in the project. At present, there are many PHP automated

Web security engineer-growth record Environment: dvwa1.7 Database: mysql knowledge: SQL statement (Click me) before SQL injection, we are familiar with select statements. 1. Open our SQL Terminal2. After Entering mysql, we can see that we have

Baidu consortium code defects cause dom xss to exist for websites promoted by Baidu (in Tianya, 58 cities, and Ganji as an example) The http://cpro.baidustatic.com/cpro/ui/c.js file is called with the following code: Y && Y("union/common/logic", [],

Test 178 Intranet through a storage XSS Test the 178 Intranet attachment payload through a storage XSS Site: http://apt.178.com/The input is not filtered when an app or ringtone resource is added.As follows:  After the upload, it will be displayed

LBE arbitrary number interception vulnerability and Solution LBE exports the blacklist, whitelist, and keyword interception databases to third-party programs in the form of ContentProvider without verifying the caller. As a result, the interception

Prevention of CSRF for Web Security Cross Site Request Forgery (Cross-Site Request Forgery) is a type of network attack, the attack can send a request in the name of the victim to the attacked site without the victim's knowledge, so that the

Bypass youdao cloud note reading Password I am a fan of youdao cloud notes. I have nothing to test today. Note has a private Notebook function. You need to enter the reading password during reading, so we can keep important things confidential. When

Yeah.net email storage XSS can hijack others' accounts First, the problem lies in the attachment Preview (currently, the mailbox body is filtered almost ), attachment preview: If you preview files of the doc docx type, Microsoft's Online Preview

China Mobile Weibo storage XSS worm (with worm POC) 1. Forward Weibo2. Posting new Weibo posts3. Listen to me The problem lies in the long Weibo post of China Mobile Weibo.  You can insert 30 characters of code without filtering the title.  Page