ha.ckers.org上发出来的,原地址:http://ha.ckers.org/slowloris/
http://ha.ckers.org/blog/20090617/slowloris-http-dos/
下载地址:slowloris.pl
Getting started: perldoc slowloris.pl
milw0rm上的地址
Multiple HTTP Server Low Bandwidth Denial of Service (slowloris.pl):
http://milw0rm.com/exploits/8976
阅读全文 »
<%@ page import="java.util.*,java.io.*"%>
<%
%>
<%--
abysssec inc public material
just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
阅读全文 »作者:Safe3
呵呵,Apache Tomcat出了一个类似当年IIS url 编码的漏洞。既然CVE已经已经公布了,我也来发一下吧!
漏洞发生在Apache Tomcat处理UTF-8编码时,没有正确转换,从而导致在处理包含%c0%ae%c0%ae的url时转换为类似../的形式,使得可以遍历系统任意文件,包括
/etc/passwd等
触发的条件为Apache Tomcat的配置文件context.xml 或 server.xml 的’allowLinking’ 和 ‘URIencoding’ 允许’UTF-8’选项
漏洞测试代码如下: 阅读全文 »
Tags: Apache, Tomcat