Cloud Security

The Bastille research team discovered an attack on the Bluetooth keyboard and mouse. 0x00 Preface Recently, the Bastille team discovered an attack targeting the Bluetooth keyboard and mouse. Attackers can exploit this vulnerability to control

Analysis of vulnerabilities such as "stealth" and "seckilling" in 360 terminal games 0x01 PrefaceI have posted a general D3D game Buck perspective plug-in before. A buddy uses the plug-in to play the ultimate firepower to solve the problem because

Webshell cleanup-driver-level file hiding on the server Today, my friend's website is infected with Trojans. Baidu and Google search will find keywords such as guns and support. I have not found the cause for a long time, so I asked my younger

You do not need to use third-party tools to directly use the built-in function of Windows to encrypt the flash drive. How to encrypt the flash drive in the simplest way, in fact, there is no need to use a variety of third-party tools, the built-in

Finecms Affected version 2.3.0 and earlier versions updated from January 14, April 18. This problem does not exist in the latest version. Wooyun blew a http://www.wooyun.org/bugs/wooyun-2014-060197 using brute-force cracking verification code to

Be careful when you have ears: The project code for stealing target information using electromagnetic radiation is open-source  Recently, a computer technical expert William Entriken invented a new method that allows computers to send wireless

An SQL injection exists in a parameter of retao Network (involving multiple databases) ...   Http://guanli.letao.com/letaozu/articlelist.aspx? The parameter id = 1697id has been injected.     sqlmap identified the following injection points with a

Multiple TCL system commands have the executable Vulnerability (involving 6 management platforms, management systems, and multiple database account passwords) Multiple TCL System Command Execution Vulnerabilities (two Windows servers have won \ 6

Command Execution in a system in Guizhou Province (involving details of nearly one million female family planning staff) Command Execution in a system in Guizhou Province (involving nearly one million female family planning staff/involving a large

ClickJacking Analysis for Web Security) ClickJacking is a visual deception. There are two methods. One is that an attacker uses a transparent iframe to overwrite a webpage and then induces the user to perform operations on the webpage, at this time,

Renren website has SQL injection vulnerability with verification script Renren website SQL Injection Vulnerability Recently live800 seems very fire on the dark clouds search... http://live800.wan.renren.com/live800/loginAction.jsp? CompanyLoginName =

Command Execution at a site of Guodian South Swiss jiehong can scan the Intranet (involving a large number of staff information reports/can scan Intranet hosts)   Http: // 211.160.21.126: 7002/EICS/jsp/login. jsp Command Execution exists,A large

General system design defects in an insurance industry can be added, deleted, modified, and checked A general system design defect in an insurance industry can be directly operated on the database to obtain sensitive data (affecting a large number

Commands executed by a substation in Kingdee may be further infiltrated by the intranet due to being unauthorized Further Intranet penetration Http://dmp.kingdee.com/jenkins/scriptCommand Execution caused by unauthorized access to the jenkins System 

A sub-station on Sina Weibo has SQL injection to be filtered SQL Injection exists in a substation on Sina Weibo URL: http://xueyuan.weibo.com/course/index? Categoryid = & orderby_fild = 3 & orderby_operate = desc & key_word = foreign t _ type = 0

Attackers can exploit the Axis2 default password security vulnerability to intrude into the WebService website. Recently, wooyun has followed several penetration tests using the Axis2 default password. The penetration ideas are basically the same,

Code audit-file unauthorized access and file upload and Search Skills0x01. Global Search overauthorization skills In code audit, when the file volume is large, you can find files that can be accessed without excessive permissions (taking PHP as an

Introduction and use of ELK 01 what is ELK? ELK is the abbreviation of three applications: ElasticSearch, Logstash, and Kibana. ElasticSearch (ES) is mainly used to store and retrieve data. Logstash mainly writes data to and from ES. Kibana is

A rare MSSQL injection vulnerability in the Google Rewards Program The author is going to share a fairly rare vulnerability found in last year's Google rewards program, the only one that the author has encountered throughout his penetration testing

A sub-station in Baidu has SQL injection that requires filtering or forced type conversion. A sub-station in Baidu has the SQL injection vulnerability. 1. vulnerability addressHttp://house.baidu.com/guilin/map/searchrect? City = guilin & minx = 999