#############################################################
# Application Name : İnternet Explorer 7 # Vulnerable Type : Clickjacking # Author : UzmiX ############################################################# < ------------------- header data end of ------------------- > <html> <body> <div id="open" 阅读全文 »Tags: Clickjacking, IE7, Vulnerability
Trace注:tarasco出的http扫描软件,这次发行的版本带了fscan_gui。
Introduction
We have been developing Fast HTTP Vulnerability Scanner as an alternative for reviewing http devices over the network. This tool is able to check the security of your routers by identifying the login entry point and checking more than 160 default passwords.
Make pentests easier with this multhreading scanner and get nice html reports.
阅读全文 »
by Ryat[puretot]
mail: puretot at gmail dot com
team: http://www.80vul.com
date: 2008-12-18
一分析:
这个漏洞出在后台:(
阅读全文 »
# 鬼仔:编译好的 ms08067.rar
Author: Polymorphours
Email: [email protected]
Homepage:http://www.whitecell.org
Date: 2008-10-28
#include "stdafx.h"
#include <winsock2.h>
#include <Rpc.h>
#include <stdio.h>
#include <stdlib.h>
#pragma comment(lib, "mpr")
#pragma comment(lib, "Rpcrt4")
#pragma comment(lib, "ws2_32")
阅读全文 »Serv-U 7.2.0.1 Remote FTP File Replacement Vulnerability (auth)
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
阅读全文 »
Serv-U 7.2.0.1 (stou con:1) Denial of Service Vulnerability (auth)
#Serv-U 7.2.0.1 ftp server DoS
#user must have upload permissions
#
#(x) dmnt 2008-10-01
阅读全文 »
php use create_function function to CREATE an anonymous function like below(stolen from php_manual):
————————————————–
Description
string create_function ( string args, string code )
Creates an anonymous function from the parameters passed, and returns a unique name for it. Usually the args will be passed as a single quote delimited string, and this is also recommended for the code. The reason for using single quoted strings, is to protect the variable names from parsing, otherwise, if you use double quotes there will be a need to escape the variable names, e.g. \$avar.
阅读全文 »
Mysql charset Truncation vulnerability
By http://www.80sec.com/
We found that there is a interesting feature in mysql database,when you are using utf8,gbk or other charsets.This feature may make your application unsecure.
Stefen Esser shows some attack manners of mysql in his paper[1], in which he issues the SQL Column Truncation vulnerability.
The application is a forum where new users can register
The administrator’s name is known e.g. ‘admin’
MySQL is used in the default mode
There is no application restriction on the length of new user names
The database column username is limited to 16 characters
阅读全文 »
