来源:alert7 blog
以前在焦点BLOG上写的小东西
软件的bug有多种多样,在我看来,只要是违反软件意图的行为都可以视为bug,当然bug的严重性也分三六九等,有直接crash的,有内存泄漏的,有功能性的,有逻辑性的,有界面显示问题的……
vulnerability中文翻译为弱点,一般人所说的漏洞.
那些能引起弱点(vulnerability)的bug,我们称软件有该bug的vulnerability.
那么,何为能引起弱点(vulnerability)的bug??
这里是指能利用(exploit)这个bug,可以做一些危害系统.危害系统的使用者的这么一些bug.例如权限提升,CSS拿别人的cookie进别人的邮件系统,sql注入改数据库等等.
阅读全文 »
Tags: Bug,
Vulnerability
secdrv local exp
winxp cn sp2, win2k3 cn sp1 测试通过
之前的版本只能xp下用,这个2k3也可以了,其实前段时间朋友给过我一个这个漏洞的1day,但是朋友的东西不能乱发,这次是自己写的,发出来大家恶心一下。
http://www.blogjava.net/Files/baicker/secdrv_local_exp.rar
by 009
http://www.blogjava.net/baicker
Tags: Exploit,
Vulnerability,
Windows
之前的反弹sc有问题,请重新下载测试(071218)
http://www.blogjava.net/Files/baicker/Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability for xp 2k3.rar
(怪不得有人说成功有人说不行,不过有人说根本没有sc,我不知道为什么了,我发的只是sc错了,不是没有sc)
by 009
http://www.blogjava.net/baicker
Tags: Vulnerability
Win2k3_CN SP1 msjet40.dll ver 4.0.9025.0 测试成功
WinXP_CN SP2 msjet40.dll ver 4.0.8618.0 测试成功
http://www.blogjava.net/Files/baicker/Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability for xp 2k3.rar
————————————————————
by 009
http://www.blogjava.net/baicker
Tags: MDB,
Vulnerability
小改了一下代码,这下好用了
WinXP_CN SP2测试通过
Win2k3测试蓝屏,注意保存文件哦
http://www.blogjava.net/Files/baicker/localPrivilege.rar
————————————–
by 009
http://www.blogjava.net/baicker
Tags: Exploit,
Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system.
Affected Software Versions:
Microsoft Office Access 2003 sp3 on Windows XP SP2(chinese)
阅读全文 »
Tags: MDB,
Vulnerability
鬼仔注:不过axis说这个漏洞有忽悠人的嫌疑,看 这里 。
来源:iDefense Labs
I. BACKGROUND
RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. HelixPlayer is the open source version of RealPlayer. More information can be found at the URLs shown below.
http://www.real.com/realplayer.html
阅读全文 »
Tags: RealPlayer,
Vulnerability
鬼仔注:幻影出的
来源:milw0rm
Vuln Exposed by: ZhenHan.Liu
Team: Ph4nt0m Security Team
http://www.ph4nt0m.org
Tested on: Full Patched Excel 2003 Sp2, CN
http://www.milw0rm.com/sploits/06272007-2670.zip
Tags: Excel,
Exploit,
PoC,
Vulnerability