Cloud Security

Firefox 31 ~ 34 Remote Command Execution Vulnerability Analysis 0x00 PrefaceSome time ago, the second brother promoted the scripting vulnerability to remote command execution in many browsers, almost all domestic browsers on the market, which has

Vulnerability: CVE-2015-0932 ANTLabs is a very popular gateway device. It is usually installed in hotels, conference centers, and other places to provide WIFI services for guests. It is usually bound to a room for billing. If you have used it in a

Threat warning: a large number of ubnt devices are implanted with BackdoorsThis article describes in detail the entire process of discovering a hacker attack, analyzing intrusions, attacking a hacker server, obtaining permissions, and collecting

Discussion on recovery from accidental deletion of SD card files on USB flash drives Today, I deleted a file from the USB flash drive by mistake. I tried to fix it by using the repair software and found that the recovered file was empty. When I

Eight security settings to ensure the security of Apache Web Servers Apache server is an open-source WEB Server supported by the Apache Software Foundation, a non-profit organization. Many of our virtual hosts and VPS use the Apache server

SSL/TLS Suffers 'bar Mitzvah attack' Vulnerability Detection Method and repair suggestions 0x01 PrefaceOnce again, SSL is difficult for everyone due to the Bar Mitzvah Attack Vulnerability.At the Black Hat Asia security conference held in Singapore,

Defend against attacks 0 × 01. Preface I am a cainiao security engineer. I had the honor to have participated in two security competitions, and some people had some personal experience, so I had this article.‍‍‍‍0 × 02. What will attackers do?‍‍‍‍ I

Commonly used iptables scripts #! /Bin/bashexport PATH =/sbin:/usr/sbin:/bin:/usr/biniptables-Fiptables-Xiptables-Z # remote SSH Login, we need to enable port 22 iptables-a input-p tcp -- dport 22-j ACCEPT # WEB server, enable port 80 iptables-a

Anti-Virus Software successfully killed itself as a virus It's not uncommon for different anti-virus software to conflict with each other and intercept each other. But have you ever seen anything about killing yourself? Panda Security, a

PeCloak. py-a kill-free trial process Before starting the experiment, we must first explain that this is not a real experiment.The premise of this experiment is also very simple: AV detection and removal relies heavily on file features, and

What methods can we use to identify fake scam emails? Today, there are more and more frauds and we have to watch out for them all the time. Today, we will teach you how to identify fake scam emails. The details are as follows: Foxmail outlook or

Crawler Technology Practice In the previous article, crawler Technology Analysis (http://www.bkjia.com/Article/201411/353078.html) introduced the basic technology of crawler, and shared a dynamic crawler demo. This article mainly describes the

Hubei Agricultural Machinery Safety Supervision promotion information network stored XSS + SQL injection (Cookies already exist) Hubei Agricultural Machinery Safety Supervision promotion information network stored XSS + SQL injection (Cookies

MOOC web IOS client SQL injection (with script) When you click a course on the iOS client, the post request is as follows: POST/api2/getmediainfo_ver2 HTTP/1.1 Host: www. imooc. comProxy-Connection: keep-aliveAccept: */* Accept-Encoding: gzip,

A wonderful file upload on ZTE bypasses GetShell After a long time, I finally uploaded it. Come to the homepage ~ http://www.appstar.com.cn On the ZTE application star website, we saw a Common File Upload Bypass Vulnerability. Next let's take a look

Web attack log analysis guide This is often the case: web applications face suspicious activities for different reasons, such as a child using an automated vulnerability scanner to scan a web site or a guy trying to perform fuzzy testing (fuzz) A

Oecms storage type xss The file access is not verified, and one of the parameters is escaped at the end. After reading a lot of websites using oecms, the xss is also convenient to use and directly post data, the front-end is directly triggered, and

If an officially purchased interface is improperly designed, You can parallel unauthorized modification of others' information and orders. 1. Download an official APP, view your shopping cart, modify the uid in the burp, and perform brute-force

B2Bbuilder latest SQL injection (DEMO) B2Bbuilder latest SQL injection (DEMO) The following code exists in module/buy/detail. php: query ('select valid_time from '. BUY. 'Where id = '. $ id. 'limit 1'); $ valid_time = $ db-> fetchField ('valid _

Out_of_Order Retransmission of Wireshark Today, we captured packets with WireShark and found the following two problems: TCP Out_of_Order and TCP Retransmission. Cause Analysis of TCP Out_of_Order: Most of them are network congestion,