Cloud Security

Deep Analysis of JavaScript Backdoors 0x00 background Previously, the article JavaScript backdoorof @ san mentioned how to use rundll32.exe to execute a JavaScript code to bounce an Http Shell. Here, I will share with you the article on the

ClassyShark: a lightweight Android Executable File Browser   First of all, we have to explain that ClassyShark is not an official product of Google. Introduction ClassyShark is a convenient file browser that allows you to browse executable programs

Phpweb + iis6 Parsing Vulnerability shell Process To achieve the desired efficiency, we can find phpweb sites in batches, Keyword: inurl: news/html /? 411. html can also be detected in batches using some web vulnerabilities, such as the Red/Black

FFmpeg hsf-_slice_header_init Function Denial of Service Vulnerability (CVE-2015-8661)FFmpeg hsf-_slice_header_init Function Denial of Service Vulnerability (CVE-2015-8661) Release date:Updated on:Affected Systems: FFmpeg Description: CVE

Vanke lives here. The APP resets the password of any user. Vanke lives here. The APP resets the password of any user. Download the official website app http: // **. **/Feedback. aspxTake 13888888888 as an example to testForgot password-> burp packet

Five input methods Win8 login interface Bypass The Win8 logon interface of the five input methods of hichina can be bypassed to execute any local program.Detailed description: 1. Download the test programThe latest version of the five input

Burpsuite plug-in development-RSA encryption and decryption This article mainly records the development process of a plug-in that decrypts the request packet, inserts payload, and encrypts. The plug-in application scenario is mainly used to analyze

Ctf encryption I have done in those yearsRecently, ctf has made a lot of work. By the way, I have made some notes, including several articles on encryption, implicit writing, reverse cracking, and web. After these articles are compiled, they will be

A Baidu business can remotely read arbitrary system files. A Baidu business can remotely read sensitive files Http: // 111.13.100.253/pcheck/index. php? Action = showPcheck & report =.../etc/passwdRoot: x: 0: 0: root:/bin/bash bin: x: 1: 1:

Kali Information Collection ~ 3. subdomain names 3.1 Netcraft: subdomain name query Official Website: http://searchdns.netcraft.com/ Enter the domain name to be queried to know the subdomain name. 3.2 Fierce: subdomain name queryOverview: Fierce

A command execution vulnerability in a system of huatai insurance threatens the Intranet. Command Execution System address:Http: // 219.141.242.62/huataiwechart/index_neu.jsp  Address: Where did the customer come from? huatai property insurance

CmsTop media edition template has three SQL blind Injection Vulnerabilities Not all websites have these templates installed. This template is generally used by users. The vulnerability file is in/apps/rss/controller/fullsite. php.Public function get_

Yonyou FE collaborative Office Platform System Union Injection Vulnerability A system of UFIDA does not strictly filter the data, resulting in union injection. Arbitrary data can be obtained. The yonyou FE collaborative office system does not

Miaoji travel multiple vulnerabilities Sensitive Information Leakage Mio travel (www.mioji.com) is China's first travel route customization Engine Based on AI technology. Use big data and intelligent technology to provide users with a one-click

Weak Password of a website on Netease causes getshell to go directly to the Intranet for analysis. A simple weak password, simple and crude.  http://223.252.223.246:8080/manager/html Weak tomcat PasswordAdmin/adminYou can deploy the war package to

Miaoji travel multiple vulnerabilities sensitive information leakage/GetShell Mio travel (www.mioji.com) is China's first travel route customization Engine Based on AI technology. Use big data and intelligent technology to provide users with a

Wireless Security: bypassing a car rolling code of BYD First, let's introduce the wireless key of the car key... most of the attacks based on the traditional car are basically replay attacks based on the car key. Simply put, replay attacks.

Failed to fix SQL injection vulnerability on a platform of Xinhua life insurance, resulting in another Getshell Failed to fix SQL injection vulnerability on a platform of Xinhua life insurance, resulting in another Getshell When I read the case, I

A GitLab platform vulnerability in Hang Seng leaked a large number of sensitive engineering source code. RtDetailed description: Http: // 60.191.25.162: 5222/users/sign_inRegister an account and log on The source code of the Internally shared

1905 Intranet roaming caused by an inflatable doll Intranet roaming caused by an inflatable doll has been obtained by the main site of www.w.5.com shell by the end of November. I will hear from my brother Jian Xin. 1. getshell caused by Nginx