Cloud Security

Baidu Browser Remote Command Execution   1. According to the general test idea, first we find the privileged domain, including bdbrowser: //, http://xapp.baidu.com.2. then we need to find the available XSS under these two privileged domains, and

Threat from Killer Kernel configuration change-Swappiness We are under non-hacker attack. We use the Linux kernel version 3.5-rc1 and RedHat backport patch to deal with swappiness = 0. This is a real threat. One of our customers is affected and the

Safari/Android browser full-version URL Spoofing Vulnerability   The problem exists in the full version of the android standard browser and the full version of the safari (desktop/mobile) browser.POC: http://kcal.pw/t5.htm https://baidu.com In terms

Baidu anti-virus shared memory vulnerability causes access protection to fail DllInject. dll uses shared memory data and has no permission to check it. Any process can modify it, resulting in Baidu's Anti-Virus defense against browsers being

Baidu guard defends against all invalid Vulnerabilities In the full defense environment of Baidu guard, common user-state programs can kill all the daemon processes of Baidu guard. 1. Trigger exp:  2. After exp is run:  3. malicious programs

XEpan Cross-Site Request Forgery Vulnerability (CVE-2014-8429) Release date:Updated on: Affected Systems:XEpan XEpanDescription:Bugtraq id: 71309CVE (CAN) ID: CVE-2014-8429 XEpan is an open source php cms. XEpan does not effectively authenticate

GNU glibc Arbitrary Command Execution Vulnerability (CVE-2014-7817) Release date:Updated on: Affected Systems:GNU glibcDescription:Bugtraq id: 71216CVE (CAN) ID: CVE-2014-7817 Glibc is the implementation of C libraries in most Linux operating

Detailed analysis and utilization of Masque AttackI. Vulnerability Overview Two vulnerabilities recently exposed on Apple's iOS mobile phone system, WireLurker and Masque Attack, affect the latest version of iOS to version 8.1.1 beta, and are not

The administrator password and broadband password are directly obtained from multiple vrouters of feixun. FIR150M, FWR-701 and other types of device administrator password directly through simple encryption on the existence of JS. The administrator

Using GRC for security research and auditing-converting radio signals into packets0x00 Introduction As a company engaged in information security research and consulting, InGuardians has not only focused on penetration testing and network forensics

CentOS server command for simple judgment of CC attacksCC attacks are easy to launch and have almost no cost. As a result, there are more and more CC attacks.Most CC attacks are used for online download. These tools seldom forge features, leaving

Rice cms brute force getshell   SeeInstall \ index. php Determine whether install. lck exists. However, the header does not exit. The page is only redirected, but the subsequent code will continue to be executed.Attackers can open mysql database

Interesting Security experiment: using multi-thread Resource Competition technology to upload shell By competing with multi-threaded resources, you can upload two portraits at the same time to implement remote code execution in the Apache + Rails

Discuz! Any file contained in the front-end of the Public Platform Plug-in can be directly shell Discuz! The front-end file of the plug-in can be directly included in the shell. The result of the dz plug-in center's main site was intercepted by the

A Rich Text Editor File Upload Vulnerability (on how to control the IsPostBack value) The Amir Rich Text Editor is actually a small product. Let's take a look at how to control the IsPostBack value of. NET.     In this text editor, you can directly

XSS attacks when setting cookies We all know that many XSS attacks aim to obtain users' cookie information. The most common method is to transmit cookies to other servers by setting src in js. So how can we prevent js from getting cookies? Here is

51 Mike mcnet SQL injection can cause data leakage of millions of users POST injection exists at the home page logon. Http://www.51mike.com/pages/login/login.jsp? From = app & RSRU = http://www.51mike.com/     An error is reported when the

Gionee mobile phone remote command execution in a system (Getshell) Control all company information Command invocation address: http://mail.gionee.com/m/index.actionEmail system. There should be more than 200 users.SPAM login address

Exploitation of NTFS data streams under WIN in webshell hidingThis exploitation method. As early as a few years ago, it was nothing new.I have never paid special attention to it before. I made a mistake today, so I recorded it.First, write the

Getshell + database leakage of a tourism network + executable permissions of all its sites   0x1If struts exists, getshell can be used directly.0x2Affected sites  (Only some of them are listed, and other administrators can check them)