来源:milw0rm
=============================================
vBulletin Google Site Map Creator (base) Remote File Include Vulnerability
=============================================
Found by : Host4vb.com & Cold z3ro
Contact : [email protected] , [email protected]
Homepage : Host4vb.com , Hack-Teach.Org
=============================================
阅读全文 »
鬼仔注:XAMPP(Apache+MySQL+PHP+PERL)是一个功能强大的建站集成软件包。我见过有不少站为了省事直接用这个做,我以前测试东西也用这个搭建过环境。影响的版本挺多:
XAMPP Apache Distribution 1.4.14
XAMPP Apache Distribution 1.4.13
XAMPP Apache Distribution 1.4.12
XAMPP Apache Distribution 1.4.11
XAMPP Apache Distribution 1.4.10 a
XAMPP Apache Distribution 1.4.10
XAMPP Apache Distribution 1.4.9
XAMPP Apache Distribution 1.4.8
阅读全文 »
鬼仔:我用的是 firefox 2.0 ,测试成功。
看了下源文件,只要你输入的文字里面的字符里面包含了C:\boot.ini之后就会触发(不需要连在一起,分散的就可以),
C:\boot.ini对应的一个数组 var needstr = [ 67, 59, 220, 66, 79, 79, 84, 190, 73, 78, 73 ];
这个是指定读取C:\boot.ini
你可以通过改下这个读取其他文件。
来源:幻影的邮件列表
There is an interesting logic flaw in Mozilla Firefox web browser.
The vulnerability allows the 阅读全文 »
Tags: Firefox, Vulnerability来源:Sebug.net
危害级别:★★★★★★
影响版本:
QQ2006 beta3 and previous versions
详细说明:
QQ is a very popular IM in China developed by Tencent.There exists a remote denial of service vulnerability in QQ when using the SuperVideo chat.Current study showed that the attacker who successfully exploited the vulnerability would cause the remote client crash.
阅读全文 »
neeao那里看到的
Adivisory Name : Hotmail and Windows Live Mail XSS Vulnerabilities
Release Date : 2006.11.03
Test On : Microsoft IE 6.0
Discover : Cheng Peng Su(applesoup_at_gmail.com)
Introduction:
Hotmail and Windows Live Mail are both web-based e-mail services by Microsoft.
Details:
Hotmail's filter identifies "expression()" syntax in a CSS attribute. According to Hasegawa Yosuke's post(http:// 阅读全文 »
Tags: Hotmail, Vulnerability, XSS作者:superhei
信息来源:5up3rh3i'blog
getip()过滤不严导致sql/xss等攻击。
sablog\include\common.php
阅读全文 »
