Cloud Security

Microsoft's free anti-virus software, Microsoft Security Essentials (MSE), has become a popular anti-virus tool for many friends. However, in actual use, there are also some problems that cannot be updated. Failure to update anti-virus software

Previous: http://www.bkjia.com/Article/201207/143938.htmlFor iptables to be overly concerned at the application layer, we must first patch layer7 for the kernel and iptables definition tools at the application layer to enable Feature Matching for

What should I do if the vulnerability file uses the obfuscation technology? Let's take the PDF file as an example: for PDF File Parsing, you must first familiarize yourself with all types of PDF files. It seems that all official PDF files are in

In the case of magic_quotes_gpc = On, if the submitted parameter contains single quotation marks, it will be automatically escaped \ ', making many injection attacks invalid, GBK dual-byte encoding: a Chinese character is expressed in two bytes. The

I. analysis processTake some time to analyze the process of iis url Decoding for parameter strings.1.1Asp. dll decoding AnalysisDue to time and capability issues, iis does not understand the entire parsing process of a url and only records the parts

The vulnerability affects all versions. Combined with all versions earlier than Anwsion 0.7, the site can be intruded. The code for the design defect is as follows: lines 75-96 Save the website background configuration to the database and save it to

2. process user input We need to think that all user input is untrusted. How to securely process user input is a critical requirement for defense against attacks. Generally, WEB programs will make input validation on the front-end page (generally js

Author: conqu3r Pax. Core Mac Team member Last week, I promised to give a keynote speech. Later I only talked about one usage of burpsuite. Sorry, this week's topic is bypassing. Although there are few people here, the meeting still has to continue.

Nikto is an open-source Web program scanner that can scan server problems. Nikto is a tool in linux/Unix. It can be downloaded from the official website and decompressed to a local computer for running. Here the nikto tool integrated in backtrack 5

Hackers use Multiple XSS attacks, and PHP built-in functions cannot cope with various XSS attacks. Therefore, filter_var, mysql_real_escape_string, htmlentities, htmlspecialchars, strip_tags and other functions cannot be used for 100% protection.

Http://tuchong.com/273329/albums/ Http://tuchong.com/273329/albums/277850/3361539/ Http://tuchong.com/273329/albums/277850/3358396/ First, the album name is not escaped. Second and third: the image name is not escaped. You can also modify tags

1. register your own account number to complete email verification.2. Use your account to retrieve your password.3. [cause of the vulnerability: When the modified password is submitted to the server, the system directly submits the card number + new

Reference: http://www.bkjia.com/Article/201209/157778.htmlThis penetration is also a pain point. The target site is a discuz forum. The latest version does not have any 0day. Let's take a look at the side Station, which is basically a deep-throat

The address book function of No. 1 stores has a storage-type cross-site.1. The recipient field modifies the post request through webscarab and bypasses the Character Count limit to implement cross-site communication.2. The recipient address can be

The random field of the link for retrieving the password of the website is too simple. You can scan the link for other users to retrieve the password and modify the password of the user. Then, you can directly log on to the user account.Retrieving

1. This is the site! Website alliance at looks like a cool.Http://union.yihaodian.com 2. You can insert any special characters in the basic information, but the client still has some judgment. See the figure! 3. But all client filters are paper

Www.2cto.com: The latest phpcms patch has fixed this issue.Variables that use urldecode are not effectively filtered before they are imported into the database, resulting in injection. File Path:/phpcms/modules/wap/index. php Vulnerability

Code auditing at Party A's company is generally dominated by white boxes, with only a few vulnerabilities, XSS, SQL injection, command execution, upload vulnerability, local inclusion, remote inclusion, Permission Bypass, and information leakage. 1.

After a common member logs on to the website, a malicious URL can be used to view, modify, and delete the shipping address of the entire website. This may cause leakage of user sensitive privacy and unnecessary losses to the website. Detailed

By Danux Mitnick Last week I was invited to join a team to participate in a CTF (Capture The Flag) contest organized by CSAW Team.With my wife and kids around, I only had the opportunity to pick one challenge related to Web Exploitation named: