Cloud Security

Google fixed the zero-day Kernel Vulnerability, indicating the problem was not that serious. A privilege escalation vulnerability was detected in the Linux Kernel a few days ago, affecting a large number of Android devices. Due to the

Introduction to shellcode development on Windows (1) This article briefly introduces shellcode development technology and its features. Understanding these concepts can help us write our own shellcode. Further, you can modify existing

Technical Analysis of Java deserialization Vulnerability1. Background of Java deserialization Vulnerability In short, serialization refers to the process of converting the object state to a format that can be kept or transmitted (bytestream ). In

Advantech EKI-132x Authentication Bypass Vulnerability (CVE-2015-7938)Advantech EKI-132x Authentication Bypass Vulnerability (CVE-2015-7938) Release date:Updated on:Affected Systems: Advantech EKI-132x Description: CVE (CAN) ID:

Tryton-server Access Vulnerability (CVE-2015-0861)Tryton-server Access Vulnerability (CVE-2015-0861) Release date:Updated on:Affected Systems: Tryton Description: CVE (CAN) ID: CVE-2015-0861Tryton is a general application framework, licensed

Libc heap management mechanism and vulnerability Exploitation Technology (I) Some time ago, I was bored to participate in a competition named RCTF. As a result, I was topped by the stakeholders and did not enter the finals. Although I didn't take

Principle of HTTP escape: using HTTP 0.9 for bypass   This is the first article in the HTTP escape series. Most firewalls only block packets that are incorrectly identified by rules. Therefore, data packets that cannot be understood by the firewall

Start with: What about malicious code!Hacker malicious code   Any software or code that causes damage to users, computers, or networks in some way can be considered malicious code.  Category  Infected Virus Worm Trojan hacker tool HackTool Spyware

Installation Package GHOST: in-depth analysis of the stealth means of rogue promoters and Trojans I. Sample InformationVirus Type: Rogue promotion TrojanFile Name: setup_15.11.5.3.exeMD5: 691e97d3f69fda172cf4c78d5c202069File Size: 5,914,624

Tianhong mall app SQL injection (including 380 million + mall user data and 330 million + VIP user data) SQL Injection for APP security Objectives: Tianhong mall red scarf APPCheck that SQL Injection exists in the following places: (injection

Master site SQL injection of the red/Black alliance and bypassing Baidu cloud Acceleration Master site SQL injection of the red/Black alliance and bypassing Baidu cloud Acceleration When I went to the Consortium for study, I started to search for 1

Tencent Excel has the SQL injection vulnerability on a website Tencent Excel has the SQL injection vulnerability on a website POST/index. php/Home/Index/HTTP/1.1Content-Length: 179Content-Type: application/x-www-form-urlencodedX-Requested-With:

An SQL injection tool (dba permission) for a system of China Eastern Airlines) This should be a homepage ....Leaked a large amount of information about the company's employees ..... Http://bus.satrip.com/login/login.aspx_ VIEWSTATE = % blank %

Analysis of phishing attacks against well-known password storage software LastPass Recently, the author discovered a phishing attack against LastPass, which allows attackers to steal a verification code for a user's email address, password, or even

Alibao API exposes sensitive information of all investors (mobile phone number and investment amount) Financial Product Investment records leak investors' mobile phone numbers GET the investment record url for the web app:

A vulnerability exists in a core system of Yanzhao property insurance. The getshell Intranet affects hundreds of thousands of messages. Yan Zhao property insurance was approved by the China Insurance Regulatory Commission in December 3, 2013 with a

96wan game platform storage vulnerability # Involving 0.3 million users (ID card # name # email, etc) Injection address  # SQL Injection URL: http://www.96wan.com/websiteapi/website_serverlist? Gid = 6 parameter gid controllable  Six databases

DVWA series 13 Brute Force code analysis and defense I have analyzed the low-level Brute Force code before. Next I will analyze the medium and high-level Code respectively.Medium-level code:Obviously, we can see the difference between medium and low.

Shanghai Greenland Shenhua Football Club official website has SQL injection (DBA permission) Rt. Shanghai Greenland Shenhua Football Club official website:Http ://**.**.**.**The vulnerability exists in:Http: // **. **/news. php? Category = 41Http: //

Equick International Express www main site injection (leakage of Express Information) RTLeakage: name, Waybill time, address, phone number, cargo and other express information Main Site:  http://**.**.**.**/index.aspx Vulnerability address:  Http ://