Cloud Security

Self-built CDN defense against DDoS (2): architecture design, cost and deployment details In the first article in this series, we introduced the situation of DDoS attacks on our customer service system and the reasons why we decided to use

Analysis of assembly code debugging under X86-64 This article should be the most basic thing for some big guys who often use gdb, but here I just want to share some basic tools or other useful things I have found. If you are converting from gdb to

Advantech WebAccess Buffer Overflow Vulnerability (CVE-2016-0860)Advantech WebAccess Buffer Overflow Vulnerability (CVE-2016-0860) Release date:Updated on:Affected Systems: Advantech WebAccess Description: CVE (CAN) ID: CVE-2016-0860WebAccess

Libpng Heap Buffer Overflow Vulnerability (CVE-2015-8472)Libpng Heap Buffer Overflow Vulnerability (CVE-2015-8472) Release date:Updated on:Affected Systems: libpng libpng 〈 1.0.65libpng libpng 1.6.x 〈 1.6.20libpng libpng 1.5.x 〈 1.5.25libpng libpng 1

How HTTP Evasions works: Deflate compression bypasses the Firewall This is the second article in the HTTP Evasions series. This article focuses on browsers or other devices that support compression, which may cause firewall bypass. In short, the

How to Use Metabrik to automate malware Analysis In this article, we will show you how to use Metabrik to automate malware analysis, so that you can run malicious programs on virtual machines after creating a snapshot of the Windows system. In this

COFCO buy my Web OA system getshell roaming Intranet People planted trees and enjoying the cold The verification code can be bypassed by a vulnerability in the A8v5 system.  Brute force cracking successful  You can see many internal information

Db_owner permission is improved by webshell. Reduce the backup file size and improve the webshell success rate.Add a parameter with differential declare @ a sysname, @ s nvarchar (4000) select @ a = db_name (), @ s = 0x77006F006B0061006F002E006200610

Analysis of PayPal Remote Command Execution Vulnerability In December 2015, the authorA SubstationJava deserialization vulnerability that can remotely execute arbitrary shell commands is found, and the product database of PayPal can be affected. I

Aviation security-the SQL Injection exists in multiple sites of okai Objective: To launch okai official APPSQL Injection exists in the following areas:I. userId in POST, Boolean blind note  POST

58. A system fell from Audit Account to Regional Manager account (numerous information leaks) Zhuang Zai I dasmaI am here in the world of worldly fireworks, and I love the floating city of time reflection. Different from this: WooYun: A system

Arbitrary File Download from a Baidu website Punch Http://youxi.baidu.com/?demo/demo.jspi guess this page should be confidential Mask Region *****?? ******************************?? PO ********************* y = 27dccf180116259d89d ********

Spring Airlines can use shell for multiple sites in a system . Spring and Autumn Airlines Operation Control SystemHttp:/// 218.78.217.83: 7001/Http:/// 180.153.27.8: 7001Http: // 210.51.48.122: 7001All three servers

Root permission SQL Injection for a website in sogou Mt.sogou.com can be written to shell in windows.  GET/MobileCloud/Handlers/checkMd5.ashx? Md5 = HTTP/1.1 Accept: text/xml, application/xml, application/xhtml + xml, text/html; q = 0.9, text/plain;

Aol.com configuration file disclosure Aol.com configuration file disclosure, mysql user password leaked Aol.com configuration file disclosure  http://videosection.video.aol.com/application/configs/application.ini  [Production]PhpSettings.

An SQL injection vulnerability exists in a sub-station of happy Tao Network (more than 8 million user information) The SQL injection of a website on happy tao.com involves more than 8 million users. Http://huan.letao.com/wap/app_download.aspx? Op =

Sina Weibo's CSRF point will be followed by my link Recently, I was looking for a CSRF issue on Sina Weibo. As a result, I did not review the issue on wooyun. Later, I found several platforms that were packaged and sent to them.Now we can see this!

ZOL Zhongguancun online APP Multiple SQL injection (including 949 tables) SQL Injection for APP security Target: ZOL Zhongguancun online APPCheck that SQL Injection exists in the following places: (the session may have expired. Please obtain it

Pseudo static SQL injection (bypassing filtering) on a bus stop) Pseudo static SQL injection (bypassing filtering) on a bus stop) URL: http://speed.tgbus.com/tgdb/car/202.shtmlPOC http://speed.tgbus.com/tgdb/car/202 xor sleep(52.16.shtml because of

Introduction to privilege abuse attacks and defense 0x00 Introduction Permission abuse is generally classified as a logic issue. This refers to the fact that the server is too open or has insufficient permissions. As a result, attackers can directly