Cloud Security

Data Hiding Technology 0x00 Preface Data Hiding has penetrated into all aspects of life, and has always been very interested in data hiding. However, there are few articles on data hiding on wooyun. After reading the summary of implicit writing, I

2015 Microsoft Windows vulnerability report      This article mainly analyzes the new security protection mechanisms or functions of Microsoft, Google, and other companies in 2015. In fact, in the previous year, Windows exploitation in 2014, we also

Kingsoft Ciba has SQL injection in the background of a website. Kingsoft Injection of this site beforeWooYun: a management system leaked a lot of Kingsoft MAC (tftp + ftp account 30 + decrypted MD5 enters the management background)Decrypt the

Let's Encrypt recently popular free SSL tutorials In February October 2015, Weibo accidentally saw Let's Encrypt release the beta version. This is undoubtedly a major news for the coders who have been abused by https. Let's Encrypt stands out under

Click my link to access your zhihu account. Click my link to access your zhihu account. Zhihu's Weibo login Binding Request is  Http://www.zhihu.com/oauth/redirect/bind/sina? Next =/oauth/callback this request is not protected by csrf. Attackers

Green ant logistics platform main site SQL Injection Vulnerability Green ant logistics platform (SQL injection) POST /road/28373-39351/index.html HTTP/1.1Content-Length: 3119Content-Type: application/x-www-form-urlencodedX-Requested-With:

Discuz! Conditional storage xss and ssrf (easily met) First, submit a chicken rib... In fact, the conditions are easily met.Detailed description: FileSource \ function \ function_discuzcode.phpFunction discuzcode  if(!defined('IN_MOBILE')) {

Discuz! Conditional storage xss and ssrf File source \ function \ function_discuzcode.phpfunction discuzcodeIf (! Defined ('in _ mobile ')){If (strpos ($ msglower, '[/media]')! = FALSE ){$ Message = preg_replace ("/\ [media = ([\ w,] +) \] \ s * ([^

Unauthorized access to a Huawei system may cause information leakage. Getshell/root permission may affect Intranet security. Rt Http: // MAID: 8080/imeeting_webinar_web/  Http: // MAID: 8080/dmp_sys_web/  Http: // 183.131.151.13: Port 8088/8088

Mitm attack-Cookie Eruption 0x00 Preface Share the man-in-the-middle attack posture and try again and again. It was originally an old article, but it was too long-winded. I will repeat it in concise words today.0x01 Principle Traditional cookie

Website security dog WebShell upload interception Bypass The website security dog has a defect in processing the upload request, which leads to the failure of the upload interception for suffixes such as. asp. asa. Test environment: IIS 6.0Dongle

Click my link and I will probably access your jumeiyou account. Click my link and I will probably access your jumeiyou account The Weibo login request bound to jumeiyou product is  Http://passport.jumei.com/ I /extconnect? Site_name = sina_weibo &

A system vulnerability in heihu. getshell can control official website advertisements. RT Main Site:  http://www.hihuu.com/     Http: // 120.55.138.90/Weak PasswordLifang: 123456High Permissions      There are multiple upload injections in the

Netease series mailbox versions with long-lasting mail titles xss Netease 126 yeah 163 5.0 users can receive all emails from each other when they open their inbox. Netease mailbox 5.0 still has a large number of users, because 5.0 is relatively

SQL Injection exists somewhere in Sina financial Rt affects user data Injection point: http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_smsy/PEFundService.getHowBuyData? Page = 1 & num = 10 & sort = jjjz * & asc = 0 & ccode = &

KesionCMS ASP edition SQL Injection Search Injection Obviously one injection, but it seems that the injection needs to be closed. First, the injection is submitted to prove that the injection is closed and handed over to

A sub-station of Changan Mazda has a vulnerability and can be executed with commands. A sub-station of Changan Mazda has a vulnerability and can be executed with commands. The website was previously exposed to the JAVA deserialization

SQL injection 2 exists somewhere in Sina financial Involving 52 databases that affect a large amount of user data Injection point: http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_jjpj/FundRank_Service.getHTSMFundManagerInfo?

Webshell-Part1 & Part20x00 Preface As we all know, every moment, web servers in the world are being attacked by thousands of malicious requests, and their attack forms are also different. Today, I am studying one of the following types:

Use NSURProtocol to inject Test Data In previous blog posts, I have introduced the Unit Testing Method for accessing asynchronous networks and how to use simulated objects to further control the scope of unit testing. In today's tutorial, I will