Cloud Security

(Akira total) write an iptables rule3est: I thought it was good. I just reprinted it./* It is also a simple anti-CC attack. #! /Bin/shIPTABLES = "/sbin/iptables"Echo "1">/proc/sys/net/ipv4/ip_forward$ IPTABLES-P INPUT DROP$ IPTABLES-P FORWARD DROP$

There are many software programs on mail viruses in the world, most of which are perl. The reason why I chose amavis and clamav is that these are all c-writing, and they have an advantage in performance first. At the same time, amavis has good

Since the beginning of the ghost virus, the virus using MBR techniques has become increasingly popular. To analyze such viruses, it is inevitable that basic knowledge such as MBR and disk boot will be used. Therefore, I used the rest time to sort

What is distorted encryption transformation? This is a software I developed. The official term may be "mixed encryption". I name my software "distorted encryption transformation technology. I spent more than a year developing this software on and

Delphi/C ++ Builder uses the drag-and-drop control to design the interface and associate it with the event. The information is stored in executable files as resources (RCDATA. DeDe uses this principle for decompilation, obtains relevant information,

1. From SOP to CORS SOP is the Same Origin Policy Same-Origin Policy. It refers to the document or script of one domain and cannot obtain or modify the document attributes of another domain. That is to say, Ajax cannot be accessed across domains.

Used to kill 0-dayThe Code is as follows:/Api/datacall. php? Type = user & limit = 1 & order = 1 and (select 1 from (select count (*), concat (select concat (0 × 27, 0x7e, pd_users.username, 0 × 27, 0x7e, pd_users.password, 0 × 27, 0x7e) from

Many people in the ss do not pay attention to it. They always think it is a chicken fault. How many people actually know xss? Xss is divided into storage and reflectiveThe so-called reflected type often appears in the url search

1.1.1 Summary   Recently, network security has become a focus. In addition to domestic plaintext password security events, there is also a major impact-Hash Collision DoS (Denial-of-service attacks through Hash collisions ), some malicious people

When an XSS occurs in a blind input box, when an XSS session expires, or when the session expires, the cookie statement is incorrect. Go to the background and reset any user password. How many images of the website will all be suspended? How many

See the public_get_suggest_keyword function:/Phpcms/modules/search/index. php[Php]Public function public_get_suggest_keyword (){$ Url = $ _ GET ['url']. '& q ='. $ _ GET ['q'];$ Res = @ file_get_contents ($ url );If (CHARSET! = 'Gbk '){$ Res = iconv

HTML5 Security Risk Analysis 3: WebSQL attacksHTML5 Security Risk Analysis II: Web Storage attacksHTML5 security risk details: CORS attacks1. Introduction to WebWorker Because Javascript is executed in a single thread, the browser cannot execute

As required by JJ, write an analysis source code process:Attackers can bypass the faisunzip compression program to package the entire site program.When I scanned the website today, I found a compressed file program: zip. php.Why can't I enter the

Background verification is not strict, SQL Injection exists, and information leakage exists1 background search function missing verification accessible: http://badrpt.kuaibo.com/report/search http://badrpt.kuaibo.com/report/lists

1. Activate dual-play Weibo and open the form on the modify data page. It looks very simple to hide xuanjicang. 2. Check the packet capture directly. The field owner who pays attention to Post should say that the programmer of Dual-play, js writes

Currently, php injection tools are not very easy to use. pangolin is always an error, so I decided to write an example of php manual injection. Manual injection uses slightly different commands and methods under different conditions. The first thing

Not long ago, I got the source code of the system and was curious about its database connection string. For example, I thought it was only base64 encoding, but I couldn't decode it with base64, on the login interface, you need to call the database

A few days ago, I got a shell from the station, windows2000 system. The Elevation of Privilege was successful, 3389 was not enabled, and 3389 was opened. After the server was restarted, lcx forwarded and 3389 logged on. After entering the server, we

Currently, most websites in China are built on various virtual host systems, with fewer and fewer independent servers.Therefore, once you obtain the highest permissions of the host, you can master a large number of sites, and the virtual host is so

The problem lies in the/install/index. php file. After the program is installed, the install. lock file is generated in the root directory of the program. /Install/index. php has an error in determining whether install. lock exists.If (file_exists ("