Cloud Security

Code auditing Overview 0x00 Introduction I have read all the PHP code auditing books written by seay. as a little bit of code auditing, I hope to provide my gains to some people who are just like me, as well as an overall framework and common

Penetration testing practices In fact, I personally feel that a complete penetration (from the perspective of hackers to think about problems) should be to do everything possible to obtain the highest permissions of the target system or server,

Which methods can bypass PowerShell Execution Policy? By default, PowerShell prohibits PowerShell scripts from being executed in Windows. This will impede penetration testers, system administrators, and developers ...... Here, I will bypass

SQL injection vulnerability in a substation of Shentong express SQL injection vulnerability in a site of Shentong express GET/Dot. asp? Area =-1 'OR 1 = 1 * -- HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.gdsto.com.cn/Cookie:

Getshell can be used for weak passwords in a substation of Huaxia mingwang (strong and weak passwords and patches are required) Huaxia mingwang's weak password for a substation can be getshell (case study of cloud lock waf) Directly go to the

3 SQL vulnerability packages in a substation of letao Network (11 databases/may affect more than 800 million users) RT Sites: http://guanli.letao.com/   Injection 1,  Http://guanli.letao.com/wap/shoe.aspx? Add = & iid = 123 & pid = 967243173

Simple Analysis and debugging of CVE-2015-7547 Overflow Vulnerability 0x00 vulnerability information Recently, glibc has a stack overflow vulnerability. For details about the vulnerability, refer to the following link. CVE-2015-7547: glibc

A simple test of Lanzhou public transit GPRS monitoring and Scheduling System How can I play with the Lanzhou public transit GPRS monitoring and scheduling system?Can I request the last homepage? How can I play with Lanzhou public transit GPRS

Weak Tianji net password causes Arbitrary File Reading Vulnerability Gift Packs Rt Http: // 219.239.88.138/phpmyadmin  Weak Password root/root  Database Leakage  And phpinfo.  Http: //

A substation of founder broadband has a vulnerability. You can use Getshell. A sub-station of founder broadband Http://traffic.founderbn.com/  Cacti installed the weathermap plug-in to write arbitrary files./Plugins/weathermap/editor. php? Plug = 0

Floating HOME hotel chain stores Multiple SQL injections on a station (DBA permission/nearly orders) Floating HOME hotel chain  Http://www.piaohomeinn.com injection point: Http://www.piaohomeinn.com/hotelList? Shard id = 43  

Yahoo Mail XSS vulnerability details Analysis   This month, Yahoo Mail reported an XSS vulnerability that allows code to be embedded into special-format emails. XSS is automatically triggered when you preview an email. XSS vulnerability affecting

Getshell caused by unauthorized access to redis on a website of Phoenix Learn from Pig Http: // 61.155.16 7.220: 843/  61.155.167.220 although redis port 221 is changed, it is still not authorized to access  Http: // 61.155.167.220/test. php

Shopex Open Platform SQL injection and Getshell SQL Injection. BBScan scanned a git information leak: http://open.shopex.cn/.git/ Use the rip-git.pl to download the source code.Source code audit finds an SQL injection:Open.shopex.cn \ core \

Injection of tens of thousands of users (name, password, transaction password, region, mobile phone number, etc) I heard my boss sent an iPhone 6 plus?Injection of another store database to the main site Injection:  python sqlmap/sqlmap.py -u "https:

GETSHELL (involving payment interfaces), a financial platform of Anbang Insurance) An insurance server: http: // 123.127.251.8: 7001/console/login/LoginForm. jspFrom the project deployed in it, it should be stored and paid interface.Previously,

178 SQL Injection for an interface of the game (involving 13 databases) 178 SQL Injection on a site (involving 13 databases) URL: http:// I .178.com /? _ Action = getgamedata & _ app = game & _ controller = gamedata & id = 1Parameter idHttp:// I .178

An SQL injection vulnerability exists in a station in the truck House (DBA permission + 0.4 million user data) An SQL injection vulnerability exists in a station in the truck house Injection

Identifies and attacks meterpreter's http or https handler This article will show how to identify the https or http handler of meterpreter, and how to launch DoS attacks (by setting fake sessions between attackers and listeners ).Summary: 1. Request

Technical Secrets: How do I analyze whether a Chinese kitchen knife contains a backdoor? 0 × 00 Preface There is an old saying in our country that "We often walk by the river and there are no wet shoes". Many tools circulating on the Internet