Cloud Security

This article focuses on O & M security and is not very specific. It is mainly a keyword summary. Take CentOS as an example:0x01Physical protection1. Guide grub. conf to add a password Title xxx linux server root (hd0, 0) password 123321 // plaintext

1. What is bootloader?   In short, bootloader is a small program that runs before the operating system kernel runs. Through this small program, we can initialize hardware devices and build a map of memory space to bring the system's hardware and

Even manufacturers that do not defend against driver loading will not speak out. The latest version, the personal version of anti-virus software was not intended to be tested, and later I thought about downloading it and not looking for any problems

QQ browser for android has a vulnerability in cross-origin implementation. In principle, access to the file domain is prohibited from the internet domain, but the QQ browser has defects in implementation, resulting in access to files in the file

Bdlogicmain. dll Buffer overflow causes Denial of Service. I guess strncpy didn't fix it? STATUS_STACK_BUFFER_OVERRUN encountered (272c. 2070): WOW64 breakpoint-code 4000001f (first chance)  I guess the actual cache is 1024 bytes, but the URL

StartUpProduct. dll is an activex, and several of the functions are faulty. No pointer validity judgment is made. See figure ESI for passing in parameters. If any pointer is passed in, it will be overwritten in. winxp for testing.  Here the

Author: Mickey Basically when we installed Tomcat that we saw installation wizard below screenshot, We usually deployed a WAR to tomcat almost used default port 8080, even though when port 8080 was blocked by firewall, do we still exploit?In fact,

When an attack app (both malicious and non-malicious) sends a request to the 360 browser to open a local page, on this local page, you can obtain all the data in the 360 browser according to the attack app requirements, including cookie information.

0x01 white hat Art of WarThe core of internet security is data security. In an Internet company, assets are classified, that is, data is classified. Some companies are most concerned with customer data, and some are their own employee data, because

It's easy to configure an Email server. You just need to configure it in a few minutes using software such as Postfix. However, the Email sent by the Email server is often treated as spam. How can I configure the Email server so that the Email sent

The email system is one of the most frequently used network applications of enterprises. Generally, the email system contains key customer information. Once the email system is paralyzed or controlled by hackers, it will cause significant losses to

1 OverviewLike most Android viruses, Skullkey also embeds itself into a normal APK package. Most samples use the Master Key of Android.Vulnerability is repackaged. At the same time, some common packaging technologies are used to embed themselves

When I post for the first time, I will give you a thought of yesterday.Tested CMS: site building star.Because it is easier for SEO to do pseudo-static operations, many CMS also have pseudo-static operations. However, pseudo-static is mainly used to

Baidu album, which is not filtered somewhere, exists in XSS Cross-Site 1. baidu post bar has a function to add images to favorites 2. click "add to Favorites" to capture the request. 3 has been added to favorites. this is a get request. 4. copy this

It seems that the source is completely closed after waves. I have already prepared to prevent you from decompiling. I don't know how to use it for the moment. Let's talk about it later. So the official team should not talk about the XXX source code

The latest XDCMS enterprise management system, due to lax filtering, can bypass restrictions, resulting in multiple SQL injection in the XDCMS enterprise management system registration function, look at \ system \ modules \ member \ index. PHP file:

Introduction: This article focuses on how to prevent external XSS attacks. Practice: In fact, we can see from the http://www.bkjia.com/Article/201312/264737.html article that the main attack means does not allow attackers to run a section of JS on

Register a reviewer account and you will be able to notice that the administrator can find the function where you accept the POST variable, so I think the problem lies in/zb_system/function/lib/dbsql. php. Public function ParseWhere ($ where)

6. Cookies Spoofing)Overview: in a system that only performs Cookies verification on users, users can log on to the system by modifying the Cookies. Cookie spoofing is often used in intrusion. By modifying the content of Cookies, you can obtain the

The use of the host House Self-plug-in points can pass through. Host House member center personal information detailed address contact QQ there are stored XSS insert statement ">  You can get the current detailed address and insert your own code