Cloud Security

1. Do not use sa for accounts connecting ASP programs to SQL Server, or any accounts belonging to the Sysadmin group. do not have high permissions for application services, A general user with the db_owner permission should be used to connect to the

With the development of B/S application development, more and more programmers are writing applications using this mode. However, the entry point of this industry The threshold is not high, and the programmer's level and experience are also uneven.

1. Determine whether injection exists; and 1 = 1; and 1 = 2 2. Determine whether it is mssql. and user> 0 3. The injection parameter is the character and [query condition] and = 4. The and [query condition] and % 25 = of the parameter is not

First, the server uses private operating systems and databases. The so-called private systems are not completely written by themselves, but are all private and transformed, generally, the open-source operating system and database are used for

Preface:In our previous teaching in our long-term class, we have explained the principles and analyzed the code of Cross-Site attacks. We have also explained in detail how to use the Discuz4.1 Forum's Cross-Site vulnerability. The Teaching of "cross-

Now I want to talk about some new SQL Server bugs. Although I have worked hard for a long time, I am also lucky to find out that I am afraid to be exclusive. I would like to ask you to identify them, of course, some experts may already know that,

After studying the mysql Privilege Escalation problem, we can easily think of what if there is no password? Brute force cracking? You need luck! In fact, it is easy to combine php injection ~ Next, I will use php injection to demonstrate how to get

If the website only opens port 80, you will find that the following method is more useful.The methods used are almost none I have found. I have some personal experience and skills in injection.There are four methods (currently known) Method 1: This

Http://blog.csdn.net/kzh4435The Php environment is generally apache + php + mysql, and the common configuration server is to open php. in the security mode in ini, set safe_mode to on, and set display_erors to off To Disable Error display. There is

There is an additional article in the website. You can find it. In martial arts, you can take advantage of your flexibility only when you are not willing to give full play to your skills. Today, when firewalls are widely used to implement access

As an embedded program to many extent, eWebEditor is widely used. Every day, a large number of enterprise websites or even large and medium-sized websites are intruded into it due to their early version vulnerabilities. Recently, hackers exploited

Mainly divided into three categories1. The most basic system processes (that is to say, these processes are the basic conditions for system operation. With these processes, the system can run normally)Smss.exe Session ManagerCsrss.exe subsystem

Http://viewsonic.zol.com.cn/detail.php? Id =-1428 + union + select + 1, 2 /*Http://active.zol.com.cn/08active/413ainol/detail.php? Id =-9021/**/union/**/select/**/load_file (0x2F6574632F706173737764), 2, 3, 4 /* Proof of vulnerability: Http://active.

DIM a, I, e, ie, limit 5I = InputBox ("input target address format http://www.dedecms.com", "DEDECMS 0DAY exploitation program BY Nuke ")If I = "" ThenMsgbox "Enter the address"WScript. QuitEnd IfE = "/group/search. php? Sad = g & keyword = % cf % 20

PhpMyAdmin is vulnerable to attacks or cannot be used properly. phpMyAdmin has three authorization modes: ; N & k7M0B4T: S # X * h # P Cookie: A web login page is displayed. Enter the mysql user name and password and enter the management interface

A good Penetration Tester must have a path Dictionary of his own. It can help a lot during penetration testing.However, Good dictionaries are collected slowly at ordinary times. Therefore, this script is available.The script automatically determines

From 28 degrees ice When a sa injection point is encountered, the mssql error prompt is undoubtedly depressing. Even if the error message is closed, you can execute the command in the column directory, but it is inconvenient. A d can be in the

From 28 degrees ice First, the first question: if the error message is disabled, how can I determine whether the current permission is sysadmin? The simplest method is as follows: 1 = (select IS_SRVROLEMEMBER ('sysadmin ')) Of course, in some

Earlier versions are also possibly vulnerable. Information: Affected program: Network Weathermap 0.97a Remote-exploit: yes program address: http://www.network-weathermap.com/ Abstract Network Weathermap 0.97a is vulnerable to a persistent XSS when

We know that XSS attacks are divided into three types: Persistent, Non-persistent, and Dom-based. The reflection type is the most commonly used and the most widely used attack method. It sends a URL with malicious script code parameters to others.