Cloud Security

Flying vest @ Ada Lab SEU 1. Chinese Character prediction in MS-SQL It can be said that the Chinese Characters Under the MS-SQL is not to guess, you as long as the conditions of the construction is good enough, you can directly let the other side in

Editor's note: the most reliable method is to do it by yourself, instead of using tools. I have summarized some things during my learning process. I am sending them here. I hope they will be helpful to anyone who can see them!Name of the table to be

XxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxX Web Security-XSS & more XXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ~ Introduction In this article, I will explain all the knowledge about XSS and more. through this document, I hope you can understand what XSS is, Why XSS is

Currently, most system permissions obtained through mysql on the Internet are obtained through User Function interfaces udfs of MYSQL, such as Mix. dll and my_udf.dll. In Mix. there is a MixConnect function in the dll that will rebound the shell,

By: lone fox Longson blog: itpro.blog.163.comThe following statement has the same permissions as the ROOT user. We should have met each other before. The root user's MYSQL can only be connected locally and the connection is denied. The following

From: http://hi.baidu.com/xi4oyu/blog/item/c8fb353e0f87b7eb55e723e9.html When I got home, I couldn't get on the Internet. I looked at python's core programming and found an interesting use of python tips. I didn't dare to hide it and share it with

From: Old Xie's blog Today, let's take a look at some of the issues that need to be paid attention to in the popular WEB system security architecture.By the way, we will first mention the so-called popular WEB architecture. In terms of network

Author: 4 lertFrom: [H.S. G] http://www.3hsg.netPs: For reprint, please indicate from H.S. G and author, thx! There are a variety of methods for elevation of permission on the network. In fact, it is simply summarized as overflow, third-party

1... NET version Serv-U Elevation of Privilege Love, Where are you?Sub BTN_Start_Click (sender As Object, e As EventArgs)Dim Usr As String = Text_Name.TextDim pwd As String = Text_PWD.TextDim Port As Int32 = Text_Port.TextDim Command As String =

Kang Kai This article will introduce a SQL Injection Technology Based on Cross-Site Request Forgery. PhpMyAdmin is currently the most popular PHP project. In reality, PhpMyAdmin has been widely used. In early December this year, a vulnerability was

1. Script insertion(1) Insert normal javascript and vbscript characters. Example 1: Example 2: /Insert a script into the tableExample 3: (2) conversion character type. Converts any or all of the characters in javascript or vbscript to a decimal or

Or the html "target = _ blank>Server limit dos.The access volume of this article on my blog is the fastest growing in all my articles. It seems that everyone is interested in this article.The reason why we need to talk about this problem again is

Secure-hiphop Space I tested it on http://www.ssk-keukens.nl Step 1: find a site with asp, like ex. http://www.site.com/news.asp? Id = 2 Step 2: add after 2 with space; and 1 = 0 OR and 1 = 1So: http://www.site.com/news.asp? Id = 2 and 1 = 0 By 1 = 0

Method 1: brute-force cracking. The most prominent one is the user name and password. The key is how to break the password? I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar) on the Internet. It's too slow. What

Taskkill.net We all know that oracle is relatively large, and the 11g installation program is about GB. You may encounter fewer oracle databases and better oracle + jsp combination...The default users of the oracle system Library include sys, system,

Author: oldjun & emperorUnfortunately, I got a database with hundreds of tables and N fields in many tables. I didn't want to manually detect useful tables and fields one by one and wrote some SQL statements, with the help of oldjun, we have this

/* Xuanmu */Houjie I want to deduct something from the SWF file and read the format of the file for the whole 2 weeks ...... -_-#However, the rule can be parsed almost now. At the beginning, it was a bit dizzy to see this structure. In fact, you can

I suddenly wondered if we could use any method to bypass the restrictions of SQL injection? I checked on the Internet AND found that most of the methods mentioned are aimed at AND "" AND "=" filtering breakthroughs. Although there are some

Author: jshell This system has been analyzed before. Today we see an updated version, so we downloaded it and read it. The previous vulnerabilities were completed, but the new one was upload, and the other was background injection. First, the

Mysterious little strong & 1943 To be honest, if a website's front-end is prone to injection vulnerabilities, the chances of having a universal password in the background are basically A hundred percent. However, some people say that if the GPC