Cloud Security

. NET Remote Code Execution (MS14-026/CVE-2014-1806) Today, I saw pig in the safekey group saying that I have been paying attention to A. NET remote code execution vulnerability for a long time. So I immediately went to exploit-db and found

Analysis of cve-2014-0569 vulnerability Exploitation0 × 00 Vulnerability description from CVE: Test environment: Win7 SP1 + Flash ActiveX 15.0.0.167  0 × 01 vulnerability exploitation Analysis Before introducing critical vulnerability code, let's

LRPC Buffer Overflow The LPC client connects to the server through NtConnectPort. The server returns the maximum message length, but RPCRT4! LRPC_CASSOCIATION: The NULL parameter used to call NtConnectPort in OpenLpcPort. Rpcrt4! LRPC_CASSOCIATION:

Windows Remote Desktop IP address Control Access Permissions 1,Working Group Environment In the working group environment, because there is no Group Policy Service, you only need to open "console", add "Group Policy object Editor", and set "group

The Xiaomi chat APP has the UXSS vulnerability.   Test the URL of UXSS: Save as sop. php and put it in my wamp environment. The test url is http: // 192.168.59.135/xdcms/sop. php.   Open link:    Solution: Enhanced

SET the SET bit permission in Linux Although ACL increases the flexibility of permission settings, only the read, write, and execute permissions can be set in Linux. In some special cases, this may not meet the requirements. Therefore, some special

Baidu guard Local Denial of Service This vulnerability is used to construct the botnet Baidu guard process, so that users cannot use all functions of Baidu guard. After baiduan.exe is created, the program logic suspends. No matter you click the

Configure the access control list ACL in Linux In Linux, the traditional permission setting method is simple. There are only three identities and three permissions. You can use commands such as chmod and chown to set the permissions or owner of a

An old vulnerability NtUserQueryUserCounters found NtUserQueryUserCounters () is currently only supported by win2k and winxp, and there is an overflow. However, winxp has been patched. I do not know if the last version of win2k has been patched, but

IE: Kill remote command execution poc open notepad and calculator for you, IE Only ~  

Production Environment CentOS Server System Security ConfigurationChapter 1 account security and permissions 1. Disable super users other than root 1. Check Method: Cat/etc/passwd: view the password file in the following format: Login_name: password:

Wordpress 3.0-3.9.2 XSS Getshell Payload (you can use the current Getshell template or all plug-in templates) If it is used in practice, remember to send the line "console. lnfo...Password: HackLeLeThis getshell js has the functions of the current

Best 10 methods for implementing URL filtering URL filtering is a filter that allows or prevents users from accessing a specific website. This method has become a basic method on the enterprise network. Its goal is to prevent employees from

You can log on to any user account due to improper design of the authentication mechanism. You can log on to any user account due to improper design of the authentication mechanism. Determine that the cookie used for logon is MMUSS, in the format

1 + 1 large online games in China are severely unauthorized, and all of their financial and user privacy services are in a hurry. 1 + 1 large online games in China are severely unauthorized, and all of their financial and user privacy services are

A well-known food group's SQL injection causes server breakdown and repair solutions SQL Injection by a well-known food group causes server breakdown"Can you give me a kiss ......" What kind of advertisement is this? Obtain shell through web SQL

U-mail arbitrary user adding Vulnerability (No Logon required)   This vulnerability allows you to add an email user immediately. You can use it with other unknown 0-day emails to get the getshellAs long as you log on to the email server, it is very

Phpshe SQL Injection Default Configuration verification Bypass /Include/plugin/payway/ebank/Receive. phpEbank_md5 is empty by default. You can generate a sign to bypass it. Include ('.. /.. /.. /.. /common. php '); $ cache_payway = cache: get

Jiangnan keyou bastion host full-version code execution + SQL injection (No Logon required)   SQL Injection:/System/download_cert.php? Manager = 1 & user_id = 2 & cert_psw = 11 user_id ParameterSqlmap-u "https://12XX.XXXX.

Coremail mobile storage XSS Vulnerability An XSS vulnerability was discovered after a brain hole was opened. Our school's internal mailbox is coremail.After logging in, set in the upper right corner-Modify Personal DataChange it to   Save. Send