Cloud Security

Built-in browser cross-origin Scripting Vulnerability The built-in browser cross-origin Script Execution Vulnerability imposes no strict restrictions on the script execution, resulting in cross-origin script execution being tested using Android 4.0.3

Baidu Browser Remote Command Execution 3 and Solution When the browser is updated, it is updated to the latest version (6.5.0.50449). After reading this article, a certain API has made some restrictions, but after studying it, I found that the

An improper configuration of a financial asset exchange allows Intranet roaming   Beijing Financial Assets ExchangeSystem of http://rzt.cfae.cn/Ox BHttp://rzt.cfae.cn/jmx-console/ jboss not much said  Direct deployment of war HorseShell

Improper O & M during multiple games, leading to leakage of core information, 1% of hazards At present, the common problem of almost all enterprises is that the front-end is solid as the background bean curdAbout 300 core servers, but almost all

The background address is leaked due to a design defect in zhimeng. A design defect occurs. The program does not strictly filter some items, leading to backend address leakage. It only tests 5.7. Other Visual versions also have problems.  

How to Protect WordPress security? (1) Recently I read "Protecting WordPress Installations in an IaaS Environment" by infosec and decided to reinforce the security of the streaking wordpress. Wordpress is the first choice for building a personal

Discuz! X xss rebound background no defense SQL Injection getshell Discuz! X xss rebounded without defense against SQL Injection getshell in the background. Here, xss is just a reference, because xss comes from the log function, but this log

Select 10 features that should be paid attention to in the Web application scan Solution The Web application scanner communicates with Web applications through the Web Front-end. It can automatically check Web applications, detect and analyze their

How to build a reliable WAF Previously I wrote a WAF Defense Capability Evaluation and tool, which is taken into consideration from the perspective of security O & M personnel choosing WAF products (prior to the test is considered as an

Qibocms local portal system injection (similar in multiple places, demo test) Many similar methods can be used to find a place. Register a member first.In dianping/post. php If ($ action = "postnew") {if ($ webdb [ForbidPostMore]) {if ($ db->

Dudubao has two Command Execution Vulnerabilities (getshell can be used) in a system) To prove this, getshell does not download any data and delete any files.------------------------------------------------------------------The "dudubao city public

Dress assistant XSS vulnerability successfully wins background (affects more than 2200 million users) A feedback is submitted through the mobile APP and successfully enters the background.   Official Website  Cookies are stolen through XSS. 

Multiple vulnerability combinations in server guard CMS (20141027) can cause all data leakage + getshell and Solutions74cms_v3.5.20.20151127.zip unlimited SQL injection just got 74cms_v3.5.20.20151127.zip, and diff found the following changes: diff -

Password Reset Vulnerability for any user on qihong Network Qihong net is an official website of the Securities Market weekly market journal. Founded in 1992, qihong net is China's first-class financial information provider and a leading financial

What should I do if the Shell cannot rebound? In the penetration test process, how did you deal with the failure of shell rebound?Generally, web servers are placed in DMZ, which causes data to be inaccessible only,If no data exists, the shell

A sub-station in the competitive world commands getshell A sub-station in the competitive world commands getshell In earlier versions of discuz, the request array after php 5.3 does not contain $ _ cookie, leading to variable overwrite, resulting

SQL Injection exists in the web Console of a ZTE Product ZXV10 MS90 video conferencing Management System, which provides unified video conferencing business and equipment management solutions, integrates user management, conference management,

SQL Injection caused by leakage of CMS Leakage of CMS, causing serious problems Character leakage after cookie encryption. Other fields can be replaced, resulting in SQL and other serious vulnerabilities.File: C: \ WWW \ cscms_v3.5_utf8 \ app \

Discuz! HTTP host Header attacks in multiple versions Http://www.bkjia.com/Article/201404/292132.html Discuz! X3.2 is an example.Take http://bbs.locojoy.com/as an example, 1. its ip address is 115.29.162.113 2. Add entries to hosts 115.29.162.1

Youyax latest version (V5.85) injects one   View File/Lib/BidAction. php Lines 13-35 Public function accept () {$ id = getparam ("id"); $ id2 = getparam ("id2 "); $ reply = $ this-> find (C ('db _ prefix '). "reply", "string", "id2 = '". $ id2.