Cloud Security

0x00Some time ago, a friend asked me a question about "no port is available. In the Intranet environment shown in, firewall only allows port 80 of the Web Server to establish a network connection, and port 80 on the Web Server has been occupied by

The SNMP protocol is often used for device management and monitoring in LAN Management, and the weakness of SNMP has become the key to our penetration. Only one community string is required to use the SNMP management device. The so-called password

Sniffing can be easily implemented in the Age of hub prevalence You don't need to do anything. The hub will automatically send others' packets to your machine. But that time has passed, and nowVswitchInstead of hubs, vswitches will no longer forward

There are three main types of network attacks by using ICMP Packets: Death Ping, ICMP DoS attacks, and redirection-based route spoofing. I. Death Ping 1.1 attack principle-limits the length of Ethernet packets, ultra-large packet networks adopt

Author: my5t3ry A few days ago, I saw fjhgx sending a Modoer injection vulnerability in the forum. I was bored and ran the code. Let's take a look at it. First, we can see line 76-94 of common. inc. php: preview the source code and print the

When I was an interviewer at SitePoint, I was certain to ask: What do you think are the advantages and disadvantages of PHP code? This problem gives me a general idea of the type of programmer the applicant is, rather than simply understanding his

Rule 1: Never trust external data or input The first thing that must be realized about Web Application Security is that external data should not be trusted. External data includes any data that is not directly input by programmers in PHP code.

Yesterday, the knife threw a problem in the group, saying that there was always an error when a sentence was inserted in the background. The friends in the group made a lot of ideas, but they still did not solve the problem. Later, this kid threw

A security meeting a few days ago published an ASP.. NET Security Risks (both in versions 1.0 and 4.0). Hackers can use this risk to obtain the website's web. the config File (usually stores some sensitive information, such as database connection

With the popularization of web, various web pages have become increasingly useful, which also gives hackers a chance. They found that CSS code used to make webpage special effects can also be used to mount Trojans. The irony is that CSS Trojans have

Exponent CMS v0.97 Multiple Vulnerabilities  Vendor: OIC Group Inc.Product web page: http://www.exponentcms.orgAffected version: 0.97 Summary: Open Source Content Management System (PHP + MySQL ). Desc: Exponent CMS suffers from multiple

1. Introduction1.1. Document Description:1.2. Document organization:2. Text2.1. SQL Injection2.1.1. Attack Mode:2.1.2. Defense methods:2.2. Script Injection2.2.1. Attack Mode2.2.2. Defense methods2.3. Cross-Site attack2.3.1. Attack Mode2.3.2.

Since I bought a hot pot package from a Group Buying Network recommended by my colleagues in March, I became fascinated. I have to browse it almost every day to see what is cheap and delicious. Of course, this is no exception during the New Year's

/*** Title: Discuz Small set of Xss vulnerabilities in series X* Author: sogili @ 0 xsec* From: 0xsec.org* Website: 0xsec.org & sogili.com**/ DiscuzMinor Product Version X SeriesXssVulnerability set. InvolvedDiscuz x1.0&X1.5Version.

Compared with 32-bit MD5.asp and 40-bit MD5.asp files, The 40-bit encryption can be used to find out the rule. We can also use the 48-bit encryption. First look at the 32-bit encryption: MD5 = LCase (WordToHex (a) & WordToHex (B) & WordToHex (c) &

Vps Security Settings 1. Disable default sharing.Method 1:Create a notebook and fill in the following code. Save as *. bat and add it to the startup projectNet share c $/delNet share d $/delNet share e $/delNet share f $/delNet share ipc $/delNet

Constructr is a content management system. Constructr has SQL injection and XSS vulnerabilities, which may cause sensitive information leakage.[+] Info:~~~~~~~~~Constructr CMS 3.03 Miltiple Remote Vulnerabilities (XSS/SQLi)Vendor: phaziz interface

  Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bug (s): Directory

========================================================== ========================================== # TextAds 2.08 Script Cross Site Scripting Vulnerability ========================================================== ================================

 OsCommerce is an open-source e-commerce program. The banner_manager.php in osCommerce 2.3.1 has a file upload vulnerability, which may cause attackers to directly obtain webshells. [+] Info:~~~~~~~~~OsCommerce 2.3.1 (banner_manager.php) Remote