来源:往事如风
安装程序名:2009_02_11_01_webvulnscan6.exe
下载地址:http://www.namipan.com/d/2009_02_11_01_webvulnscan6.exe/5f4dcd983232913075c1bdbcff8abf508562116190c0db00
或
http://www.acunetix.com/download/fullverv6/2009_02_11_01_webvulnscan6.exe(需要用户名密码,旧版程序里有。)
Patch:web.vulnerability.scanner.6.0.0.3013-patch.rar
使用方式:复制到安装目录后执行。
Tags: Acunetix Web Vulnerability Scanner, AWVS来源:WEB安全手册
sql_2005_inj 0.2 Final Code By kook1991 [Sql 2005 Injector Updated by kook E-Mail:[email protected]]
[1] What’s Sql 2005 Injector?
http://www.pcsec.org/archives/sql-2005-inj-gui.html Updated
[2]What’s it can do?
It’s used to Sql injection MSSQL 2005 & 2008.
[3]What is its working theory?
阅读全文 »
RainbowCrack 1.3 is released, with following new features:
A proof of concept implementation of GPU accelerated RainbowCrack is also provided, with the use of CUDA technology.
作者:oldjun
这个漏洞可以很鸡肋,也可以很致命,关键看你怎么利用!
此漏洞存在于Example\NewsSystem目录下的delete.asp文件中,这是ewebeditor的测试页面,无须登陆可以直接进入,看这些代码:
阅读全文 »
信息来源:Trace
I’d like to announce the release of Webtunnel 0.0.2, available at http://sourceforge.net/projects/webtunnel.
Webtunnel 0.0.2
Copyright 2009 Janos Szatmary
E-mail: [email protected]
Web: http://webtunnel.sourceforge.net
WHAT’S NEW
阅读全文 »
# 鬼仔:前几天比较大的新闻了,PHPBB的数据库也被拿了下来。今天更新Blog想起来这篇还没发,估计不少朋友已经看过了。
It all started on Jan 14th when I was surfing milw0rm and came across this exploit: http://www.milw0rm.com/exploits/7778 I then remembered that phpbb.com was running PHPlist and went looking through my email to find the link to the script’s location. So I went to phpbb.com/lists and sure enough they were running a vulnerable version. Next I enabled my favorite program proxy program and tried http://www.phpbb.com/lists/admin/index.php?_SERVER%5bConfigFile%5d=../../../../../../etc/ passwd and sure enough it included the etc/passwd
阅读全文 »
