Cloud Security

#/Sbin/iptables-I input-p tcp -- dport 80-j ACCEPT #/sbin/iptables-I INPUT-p tcp -- dport 22-j ACCEPT #/etc/rc. d/init. d/iptables save after the computer is restarted, the firewall has opened ports 80 and 22 by default. Temporarily shut down the

Software introduction:It integrates many TCP/IP utilities, such as local information, connection information, port scanning, PING, TRACE, WHOIS,FINGER, NSLOOKUP, Telnet client, NETBIOS information, IP monitor, etc. The IP-Tools feature is indeed

[Article Title]: A themida shelling program LOADER cracking[Author]: rockhard[Author mailbox]: wnh1@sohu.com[Software name]: test.exe[Shelling method]: themida[Protection method]: themida[Tools]: ollydbg, VC[Author's statement]: I am only interested

========================================================== ========================================================== ====004991B1 call rtcRandomNext004991B7 fmul dbl_403920004991BD call _ vbaFpI4004991C3 mov dword_4D1030, eax; random number R1004991

Arm3.61 enhanced IAT decoding protection. Here we only talk about the protection code tracking experience before IAT decoding.The program used this time is goodmorning issued in http://tongtian.net/pediybbs/viewtopic.php? T = 5395 & sid =

A very important discipline in vulnerability mining is fuzz technology, including local parameters and network overflow. bestorm is a business software and industry leader in terms of network, which is also easy to use, in particular, tcp fuzz

This is an empire Download System.Ps (directly write shell without any account or password) Text: Xidu   Because many websites have to integrate discuz and other forums for download .... The Empire has 10 thousand million interfaces,   This

I re-checked that the getip vulnerability was completed before 91736. vulnerability file: system/modules/member/index. php public function edit () {if (empty ($ _ COOKIE ['Member _ user']) | empty ($ _ COOKIE ['Member _ userid']) {showmsg (C ("admin_

0x0 backend getshell At the place where the order is submitted, you can see that the Code calls get_mail_template () to obtain the content of the remind_of_new_order template, and then puts it in fetch for execution, if you can control the content

Ecshop does not completely filter out wide characters.The following parameters are provided:Http://www.xx.com/user.php? Act = is_registered & username = % ce % 27% 20and % 201 = 1% 20 union % 20 select % 201% 20and % 20% 28 select % 201% 20 from % 28

Vulnerability file: plus \ feedback. php. Problematic code: ...If ($ comtype = 'comments '){$ Arctitle = addslashes ($ title );If ($ msg! = ''){// $ The typeid variable is not initialized.$ Inquery = "insert into 'dede _ feedback' ('aid ', 'typeid',

Keywords: cookie encryption oning Summary: In addition to session, it generally does not store overly-important credencookies in cookies on the client. However, e-commerce applications sometimes inevitably store some sensitive data on the client, of

Webshell has the system permission and cannot add administrators. In the end, it cannot connect to 3389 successfully. This is generally caused by anti-virus software. To solve this problem, first view the process: tasklist and then kill the process:

This injection point can use error echo injection to blow up data. This article uses more troublesome blind injection for the purpose of explanation.Reading this article requires a little SQL basics. Blind note is actually very simple to understand,

Dedecms version 20121122Magic_quotes_gpc = OffThere should be no major hazards.A Dedecms injection vulnerability has been detected and does not seem to have been fixed. You can obtain the administrator password by reusing the vulnerability.It is a

Some time ago, dedecms and so on broke out a variety of 0-day cases, so I found a small php open-source program to open the knife.Tool used in the process: phpxref: a useful php code audit auxiliary tool in Windows Grep: linux to find the key

Google: intext: powered by Thaiweb inurl: index. php? Page = board. php exploitation Point 1: http://www.bkjia.com/index. php? Page = .. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd utilization Point 2: http://www.bkjia.com/index. php?

1. Cross Site 2. forged login box Mailbox System: https://mail.19lou.com/extmail/cgi/index.cgi extmail reflection of Cross Site, https://mail.19lou.com/extmail/cgi/index.cgi? _ Mode = % 3 Cscript % 3 Ealert % 28document. cookie % 29% 3C/script % 3E &

Http://blog.house365.com/ajaxuser.php? Type = blog & action = atcblogclass & job = add UPDATE pw_userinfo SET dirdb = ...................... Send data: Blogclass = AAAAAAAAAAAAAAAAA "\ & itemid = 1 & uid = 1 & name = Note that you can modify the

Blind play, X to the background found that all apps of the company can push messages to the background (many apps of the company, various platforms, and all the feedback are sent to the background ), if the PUSH message is used for illegal purposes,