Cloud Security

How to disable USB flash drives in the registry, how to disable USB flash drives in the Group Policy, and how to disable USB flash drives in the computerTo prevent USB flash disks from being leaked, we sometimes need to disable USB flash disks and

Dell VPN Client netex1_0day Analysis   VPN Client is a tool used by most IT security experts. IT can be used to connect to a "restricted" LAN for anonymous Internet access and network traffic security. But imagine if the VPN Client can improve the

N backdoors in Linux Preface During penetration testing, we often encounter various types of Linux system hosts. Today, we will make a summary and discussion about the several backdoors in linux. Pose 1. PAM Backdoor Overview: PAM (Pluggable

How can I disable mobile storage devices and USB flash drives by using the classified mobile storage media management system?USB storage devices such as USB flash drives and mobile hard disks are currently very popular storage tools, however,

Nightmare of thousands of PostgreSQL servers Recently, it was revealed that a weak PostgreSQL password was used to implant Trojans in batches. This article will share the tracking process of this event, from attack methods, tools used, to attack

How to encrypt shared files, set shared file access permissions, and prohibit arbitrary copying of Shared FilesNowadays, many local networks have file servers, which usually share some files for access and use by LAN users, so that you can save and

Aspcms background backup logic error causes injection of a Trojan The backup logic in the aspcms background has serious logic problems, which can lead to a single-statement Trojan being introduced and executed. As we all know, for an access

Execution of a system command on Meituan involves unauthorized access to the project source code and Intranet. Rt http://43.241.211.74:8080/     Command ExecutionNt authority \ system  Intranet environment    SonarQube unauthorized access  http:

The water drop management platform has the arbitrary User Password Reset Vulnerability. Reset any user password on the Water Drop Management PlatformThe friendship test uses an account of a friend of Wooyun. During the Spring Festival, wooyun

Thumb play has SQL blind injection somewhere involving tens of millions of data Log on and select a game to join the album.  Then there is an injection in the delete operation.    GET /index.php?action=profile&opt=DeleteOne&aid=4794&type=album

Front-end security of Web Attacks: XSS attacks  XSS(Cross-site scripting cross-origin scripting) attacks are the most common Web attacks, focusing on "cross-origin" and "client execution ". Some people divide XSS attacks into three types: 1.

Vision energy OA system JAVA deserialization: getshell Command Execution Getshell and Intranet roaming Vision Energy Technology Co., Ltd. OA systemUrl: http://oa.envisioncn.com  One sentence address: http://oa.envisioncn.com/tk/tx.jspPassword 110 

The VPN link is not strictly controlled by Sohu Changyou account system. RT 01 # weak Email PasswordHttps://webmail.cyou-inc.com/owaWangjian 1qaz @ WSXThe VPN link is displayed.  The Wi-Fi password is displayed.  You can view the latest games with

SQL Injection for a station in chelaile City ~~~~ Injection Point http://app.cheshi.com/substation/ad.php? Province = 21 & city = 299 & pid = 1 *Injection Parameter pidTime-based blind injection. Data can be obtained. It is very slow and easy to

An SQL injection vulnerability exists in a website of Zhiyin manke (involving million user information and passwords) Database: comicTable: mk_user[53 columns]+ ------------------ + -------------- +| Column | Type |+ ------------------ + ------------

Pudding mobile APP has SQL injection (containing more than 4000 million user data) SQL Injection for APP security Target: pudding mobile APP-pudding couponSQL Injection exists in the following locations: (app_name, UNION Query, Boolean blind

Test the vulnerability of an icloud phishing site Yesterday, a great guy hacked an icloud phishing site for the goddess for 10 minutes. He didn't want to receive a phishing email today, but also followed by a brush. But the phishing site of the

Xss (available in the background) stored in multiple locations in a sub-station of Youku and any posts deleted by common users Four stored xss types are found, two cookie types can be used, one is used as the Administrator, and the other one can

User Password leakage due to improper p2p configuration (plaintext) The user's account and password (in plaintext) can be seen directly) I was shocked to see this. p2p is really unreliable. The company is affiliated with the Financial Management

Bilibili SQL Injection Vulnerability The last csrf was ignored and unhappy: (so I found an injection.PS: for a large review, give a front-end. So long, no front-end ever :( Injection point: http://live.bilibili.com/ I /operation? Month = 2016-01-01%