Cloud Security

Enterprises such as servers, desktops, laptops, and mobile devices are facing more and more attacks. The consequences of these attacks become more and more serious. A small amount of data leakage may cause millions of dollars in losses. Therefore,

0x00 background In the past two days, a customer reported that his website often encountered a mysql 1040 error. His online users only had less than one thousand, and the mysql configuration was okay. The linode160 + knife was used for one month

Using GPG for encrypted communication is the safest way. Keep your private key safe and exchange it with your friends in person. RSA 4096, you deserve it. It is said that developers are writing ECDSA algorithms, which is becoming more and more

I believe many friends in the LAN are no stranger to ARP attacks. In our common Windows operating system, there are many arpfirewalls that can effectively block ARP attacks, but what should I do if I use a Linux system to prevent ARP attacks? To

Preface:The heartbleed vulnerability has pitted a wireless network. This time, it is used in a harsh way. The most common reason is the EAP-based Router, which is also used by many large companies. Original article addressBody:I have received a lot

In the last test, the technical support was spoofed, and the resolution was modified successfully. We may think DNSpod is safe, but it all relies on emails to identify authenticity, which brings us the advantage of forging emails.Three steps in

Author: Dong Qing, Wang Huan, Shi Haoran   Three months ago, we found a Trojan horse that has been lurking in the mobile phone for many years-the Elders Trojan (fakedebugadh), which was automatically started by replacing the system

To protect users' financial information and personal privacy, many mobile phones require users to enter their personal identification code, biometric information, or four passwords before using their mobile phones. But is this method really useful

Sina Weibo has a large number of applications, such as judge.sinaapp.com and qmatch.sinaapp.com, which are applications with a large number of Weibo users. The oau22.Take judge.sinaapp.com as an example.Sina authorization

Before 0x00 For how to detect XSS in Flash, everyone has their own methods, whether it is using automated tools (such as swfscan) or self-developed automation tools (decompile first, and then Audit The actionscript code) or manually audits the code.

This article mainly introduces the hazards of eval functions in php and the correct ways to disable them. For more information, see Php's eval function is not a system component function, so we cannot disable it by using disable_functions in php.

The Cross-Site Scripting filtering rules of the mail body are not complete, and thus the email body is bypassed. Test 1: result 1: minimize the test content and identify the root cause of the problem. Test 2: result 2: determine pseudo ": "The

The premise is that you must have the permission to manage the topic. Test version PHPCMS program version: Phpcms V9.5.6 Release 20140522 Process 1. Add a topic Topic name: test Topic banners:/1.jpg Thumbnail:/1.jpg Special guidance:

The default two accounts are reporter and the auditor password is nsfocus.Log in with a common account and change the password, User % 5 Baccount % 5D = admin & user % 5 Bname % 5D = Admin & user % 5 Bpassword % 5D = admin123 & user % 5Bpassword.

Traffic hijacking. After a period of silence on this old attack, it has recently started to stir up. Many well-known brands of routers have successively discovered security vulnerabilities, attracting domestic media reports. As long as the user does

Previous: http://www.bkjia.com/Article/201406/310931.html introduced the system, although can defend against simple inline XSS code, but want to bypass is still very easy. Because it is in front-end protection, policy configuration can be found in

Web substation SQL injection and sensitive information leakage an injection point... and a leakage of sensitive information ...,,,,Http://licaike.hexun.com/GjzDetail.action? ProdCode = 400008 & prodType = SThe prodCode has a problem.An error is

The injection file exists in index. php In the/fang/directory. Point 1: http://www.dayrui.net/fang/index.php Demonstration on the official demonstration site: http://www.dayrui.net/fang/index.php ? C = search & area = 2395 & catid = 1 & order =

It can be triggered without interaction. Attackers can bypass the filter function and call the administrator. Still rich-text XSS, completely bypassing the filter function and executing arbitrary XSS code. As we all know, phpcms supports

The rich text is still not processed, and the dsafe function is bypassed again. Various browsers are provided with payload (FF and IE1789 are directly triggered, and other browsers click to trigger )... I learned how to "zoom in hazards" before.