2009年11月 的日志
WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
=============================================
– Release date: November 11th, 2009
– Discovered by: Dawid Golunski
– Severity: Moderately High
=============================================
I. VULNERABILITY
————————-
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
阅读全文 »
Renegotiating TLS Attack
# 鬼仔:综合帖,有云舒写的,有Sowhat写的,最后还有一个POC。
作者:云舒
摘要:sowhat大牛今天介绍了国外一 种的新的针对TLS/SSL3.0的攻击方式,貌似关注的人不多,所以我特地看了一下那个PDF,稍微八 卦一下。
这个攻击是非常巧妙的,主要是利用了TLS/SSL 3.0重置加密算法机制和HTTP协议请求头的key、value结构,实现了多次数据的组合以完成自己想要的请求,从攻击效果来看有点类似CSRF攻击。主要步骤如下:
阅读全文 »
milw0rm 的站长去世了,又满状态复活了
# update(2009.11.5):str0ke又满状态复活了,这个。
I’m not dead yet, just being trolled.
========================================
milw0rm 的站长 str0ke 去世了,因为心脏病,一路走好。。。
原文在这里:http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html
Tags: milw0rm, str0keMany of us have wondered where str0ke has been and why milw0rm has not been updated in a good while. I recently was informed that str0ke has been hospitalized due to a strange condition with his heart, which he has had since he was a child.
Sadly….
I’ve just received information that str0ke @ milw0rm has passed away due to cardiac arrest early this morning at 9:23 AM. We @ blacksecurity are deeply saddened by the loss of a good hearted friend.
We wish nothing but blessing to his wife and 4 children.
RIP str0ke 1974-04-29 – 2009-11-03 09:23
:o(
Flash应用安全规范
Author:jianxin [80sec]
EMail: jianxin#80sec.com
Site: http://www.80sec.com
Date: 2009-07-25
From: http://www.80sec.com/release/flash-security.txt
[ 目录 ]
0×00 前言
0×01 安全的服务端flash安全策略
0×02 安全的客户端flash安全规范
0×03 flash安全的checklist
阅读全文 »