Pages: 2/2 First page Previous page 1 2 Final page [ View by Articles | List ]

Web安全之攻防战争

  [晴 July 27, 2008 09:37 | by !4p47hy ]
来源:网络搜集整理

当前,来自Web的各种攻击已经成为全球安全领域最大的挑战,并且有愈演愈烈之势。目前的难点在于,很多Web威胁的思路已经有别于传统,隐蔽、牟利、产业化已经成为了此类威胁的特点。对广大企业用户来讲,Web威胁令人无法忽视,而相关防御技术的应用与保护也同样充满挑战。

MYSQL Injection IDS

  [多云 July 16, 2008 09:31 | by !4p47hy ]
出处:80sec
函数严格限制SQL文里出现

  ###########################################

百度的JS数据流注入型跨站

  [晴 July 13, 2008 22:02 | by !4p47hy ]
来源:0×37 Security

今天看到的百度贴吧XSS有属于这种类型的,不过仅在FF下有效,原因是在GBK字符集及其子集(或更高级的双字节字符集)编码环境下构造类似于包含%c1′这样的双字节字符串时,提交给服务端,返回。在这整个处理过程的任何一环节,FF都会单独处理这两个字节(%c1与’),而服务端却认为这是一个完整的双字节字符,这导致了单引号这样的特殊字符可以侥幸在FF下残留下来。IE不行,那是因为它也认为这两个字节构成了一个双字节字符。

HTTP Header Injection

  [雨 May 27, 2008 09:57 | by ]
Author : Psiczn
Website: www.psiczn.uni.cc
Contact: Psiczn@gmail.com
Note : If you are going to post this little paper in some site please put the source and the author, this paper have copyright.
Well I was looking my Blogspot and I saw something very bad, all the post sucks there is no a good one, so I make the decision to make a good one. First sorry if my English is not good I'm constantly practice. Ok let's start with this little paper,
Tags: , , ,

OBlog Sql Injection Vulnerability

  [晴 April 26, 2008 14:24 | by ]
官方已经修正该漏洞
#Author: Whytt & Tr4c3[at]126[dot]com
#版权所有:http://www.nspcn.org & [BK瞬间群] & Whytt
#漏洞文件tags.asp
#影响版本:
3.13-20060429 [access & mssql]

phpcms injection 0day

  [晴 March 9, 2008 12:42 | by ]
来源:鬼仔'Blog
影响版本:2007SP5 SP6
漏洞文件:/formguide/include/tag.func.php
Author:backerhack 小蟑螂
信息来源:零客网安 www.0kee.com

PHP ZLink 0.3 (go.php) Remote SQL Injection Exploit

  [多云 December 24, 2007 09:54 | by ]
#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
Tags: , , , , ,

zBlog 1.2 Remote SQL Injection Vulnerability

  [阴 December 23, 2007 10:08 | by ]
#########################################################################
            zBlog v1.2  Remote SQL Injection Exploit
#########################################################################
Tags: , ,

WordPress Charset SQL Injection Vulnerability

  [雨 December 12, 2007 11:04 | by ]
Release date: 2007-12-10
Last modified: 2007-12-12
Source: Abel Cheung
Affected version: WordPress <= 2.3.1
Tags: , ,

Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection

  [多云 November 24, 2007 11:07 | by ]
Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection
Tags: , ,

一次简单的html injection导致的Gmail 0day

  [晴 November 7, 2007 11:13 | by ]
#From http://www.loveshell.net
#剑心
这个漏洞在国庆前就已经发现,后来国庆回来发现google改版了,这个漏洞就被google意外修复了,就没有发布漏洞细节,但是最近发现google再次改版就又改回来了,正好我上次提到html injection(http://www.loveshell.net/blog/blogview.asp?logID=246),而这个漏洞正好是个例子,于是就拿出来讨论下,顺便对html injection造成的影响也做下简单的介绍,看看这种Xss到底能做什么:)
Tags: , , ,
Pages: 2/2 First page Previous page 1 2 Final page [ View by Articles | List ]