摘要:
php://filter/read=convert.base64-encode/resource=index.php
阅读全文
posted @ 2019-06-11 13:55
我超怕的
阅读(1754)
推荐(0)
摘要:
https://www.cnblogs.com/iAmSoScArEd/ Affected product:WampServer 3.1.4-3.1.8Offiical description:"WampServer is a Windows web development environment.
阅读全文
posted @ 2019-06-11 12:42
我超怕的
阅读(477)
推荐(0)
摘要:
https://www.cnblogs.com/iAmSoScArEd/ SEC Consult Vulnerability Lab Security Advisory < 20190515-0 > title: Authorization Bypass product: RSA NetWitnes
阅读全文
posted @ 2019-06-10 11:42
我超怕的
阅读(348)
推荐(0)
摘要:
MacOS X GateKeeper BypassOVERVIEWOn MacOS X version <= 10.14.5 (at time of writing) is it possible to easily bypass Gatekeeper in order toexecute untr
阅读全文
posted @ 2019-06-10 11:36
我超怕的
阅读(418)
推荐(0)
摘要:
这样的问题,多半是PHP配置问题。 修改php配置文件 1、在php(版本:php-7.2.7-Win32-VC15-x64)文件夹中一开始不会看到php.ini,而是php.ini-development和php.ini-production,我没有仔细对比过两者差别,直接使用第一个配置创建php
阅读全文
posted @ 2019-06-10 10:44
我超怕的
阅读(1904)
推荐(0)
摘要:
CVE-2019-11604 Quest KACE Systems Management Appliance CVE-2019-11604 Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD R
阅读全文
posted @ 2019-06-10 10:18
我超怕的
阅读(396)
推荐(0)
摘要:
PHP原生EXCEL导出 经测试 带样式 无插件 无乱码,不需要引入任何插件,不需要修改任何编码 (使用时只需要修改引入php数据库配置文件、修改thead tbody中的数据即可、根据自己的需要去接收数据和生成数据。) 代码如下:
阅读全文
posted @ 2019-06-05 20:27
我超怕的
阅读(693)
推荐(0)
摘要:
https://www.cnblogs.com/iAmSoScArEd/ 时间格式说明: 1、PHP基本常用的时间函数 date(): 把时间戳格式化为更易读的日期和时间 time(): 获取当前 Unix 时间戳 strtotime(): 将表示时间和日期的字符串转化为相应的时间戳 mktime(
阅读全文
posted @ 2019-05-19 01:11
我超怕的
阅读(547)
推荐(0)
摘要:
$res=array();$str="你好aaaaa啊" preg_match_all("/[\x{4e00}-\x{9fa5}]+/u",$str,$res); var_dump($res); //输出//array(1) { [0]=> array(2) { [0]=> string(6) "你好" [1]=> string(3) "啊" } }
阅读全文
posted @ 2019-05-19 00:58
我超怕的
阅读(7155)
推荐(0)
摘要:
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-
阅读全文
posted @ 2019-05-08 11:09
我超怕的
阅读(300)
推荐(0)
摘要:
For the anniversary of the discovery of CVE-2018-2879 by Sec Consult (https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/)
阅读全文
posted @ 2019-05-08 11:07
我超怕的
阅读(358)
推荐(0)
摘要:
CVE-2019-0214: Apache Archiva arbitrary file write and delete on the serverSeverity: MediumVendor:The Apache Software FoundationVersions Affected: Apa
阅读全文
posted @ 2019-05-08 11:05
我超怕的
阅读(356)
推荐(0)
摘要:
CVE-2019-0213: Apache Archiva Stored XSSSeverity: LowVendor:The Apache Software FoundationVersions Affected: Apache Archiva 2.0.0 - 2.2.3 The unsuppor
阅读全文
posted @ 2019-05-08 11:04
我超怕的
阅读(327)
推荐(0)
摘要:
# Exploit Title: Contact Form Builder [CSRF → LFI]# Date: 2019-03-17# Exploit Author: Panagiotis Vagenas# Vendor Homepage: http://web-dorado.com/# Sof
阅读全文
posted @ 2019-04-29 08:39
我超怕的
阅读(277)
推荐(0)
摘要:
本文章来自https://www.cnblogs.com/iAmSoScArEd/p/10780242.html 未经允许不得转载! 1.MISC-签到 下载附件后,看到readme.txt打开后提示会有摄像头,一开始丢winhex,ida里啥也没发现,于是就选择直接打开qiandao.exe,当自
阅读全文
posted @ 2019-04-27 20:43
我超怕的
阅读(1815)
推荐(1)
摘要:
1.DVWA 作为新手,通常第一个听说的靶场应该就是DVWA,部署简单安装完对应版本的PAM(PHP-Apache-MySQL),简单配置后就可以使用。 1、DVWA靶场可测试漏洞:暴力破解(Brute Force)、命令注入(Command Injection)、跨站请求伪造(CSRF)、文件包含
阅读全文
posted @ 2019-04-24 13:39
我超怕的
阅读(8698)
推荐(3)
摘要:
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-
阅读全文
posted @ 2019-04-14 21:23
我超怕的
阅读(373)
推荐(0)
摘要:
CVE ID : CVE-2019-7727 JMX/RMI Nice ENGAGE <= 6.5 Remote Command Execution description NICE Engage is an interaction recording platform. The default c
阅读全文
posted @ 2019-04-10 16:39
我超怕的
阅读(175)
推荐(0)
摘要:
# Exploit Title: Contact Form by WD [CSRF → LFI]# Date: 2019-03-17# Exploit Author: Panagiotis Vagenas# Vendor Homepage: http://web-dorado.com/# Softw
阅读全文
posted @ 2019-04-10 16:19
我超怕的
阅读(375)
推荐(0)
摘要:
# Title: Form Maker by WD [CSRF → LFI]# Date: 2019-03-17# Exploit Author: Panagiotis Vagenas# Vendor Homepage: http://web-dorado.com/# Software Link:
阅读全文
posted @ 2019-04-10 16:13
我超怕的
阅读(328)
推荐(0)
摘要:
Debian Security Advisory DSA-4421-1 chromium security update Package : chromiumCVE ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-20
阅读全文
posted @ 2019-04-10 13:49
我超怕的
阅读(190)
推荐(0)
摘要:
Package : twigCVE ID : CVE-2019-9942Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could
阅读全文
posted @ 2019-04-10 13:26
我超怕的
阅读(152)
推荐(0)
摘要:
APPLE-SA-2019-3-27-1 watchOS 5.2watchOS 5.2 is now available and addresses the following:CFStringAvailable for: Apple Watch Series 1 and laterImpact:
阅读全文
posted @ 2019-04-10 13:21
我超怕的
阅读(362)
推荐(0)
摘要:
Web常见漏洞描述及修复建议(Description of common Web vulnerabilities and Suggestions for fixing them)-来自:https://www.cnblogs.com/iAmSoScArEd/p/10651947.html-我超怕的
阅读全文
posted @ 2019-04-03 22:15
我超怕的
阅读(110703)
推荐(43)
摘要:
作此记录仅提供渗透思路 来自:我超怕的 https://www.cnblogs.com/iAmSoScArEd/p/10624756.html。 一、信息搜集阶段 1、使用kali 的whatweb对网站大概框架进行收集。得知80端口为asp.net 4、IIS 7.5并且得到IP 2、访问ip返回
阅读全文
posted @ 2019-03-29 23:06
我超怕的
阅读(740)
推荐(1)
摘要:
Advisory: Cisco RV320 Command InjectionRedTeam Pentesting discovered a command injection vulnerability in theweb-based certificate generator feature o
阅读全文
posted @ 2019-03-27 19:38
我超怕的
阅读(309)
推荐(0)
摘要:
Advisory: Cisco RV320 Unauthenticated Configuration ExportRedTeam Pentesting discovered that the configuration of a Cisco RV320router can still be exp
阅读全文
posted @ 2019-03-27 19:37
我超怕的
阅读(342)
推荐(0)
摘要:
Advisory: Cisco RV320 Unauthenticated Diagnostic Data RetrievalRedTeam Pentesting discovered that the Cisco RV320 router still exposessensitive diagno
阅读全文
posted @ 2019-03-27 19:37
我超怕的
阅读(428)
推荐(0)
摘要:
Advisory: Code Execution via Insecure Shell Function getopt_simpleRedTeam Pentesting discovered that the shell function "getopt_simple",as presented i
阅读全文
posted @ 2019-03-27 19:36
我超怕的
阅读(232)
推荐(0)
摘要:
APPLE-SA-2019-3-25-1 iOS 12.2iOS 12.2 is now available and addresses the following:CFStringAvailable for: iPhone 5s and later, iPad Air and later, and
阅读全文
posted @ 2019-03-26 22:02
我超怕的
阅读(291)
推荐(0)
摘要:
APPLE-SA-2019-3-25-5 iTunes 12.9.4 for WindowsiTunes 12.9.4 for Windows is now available and addresses thefollowing:CoreCryptoAvailable for: Windows 7
阅读全文
posted @ 2019-03-26 22:02
我超怕的
阅读(331)
推荐(0)
摘要:
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11iCloud for Windows 7.11 is now available and addresses the following:CoreCryptoAvailable for: Windows 7 an
阅读全文
posted @ 2019-03-26 22:01
我超怕的
阅读(342)
推荐(0)
摘要:
APPLE-SA-2019-3-25-4 Safari 12.1Safari 12.1 is now available and addresses the following:Safari ReaderAvailable for: macOS Sierra 10.12.6, macOS High
阅读全文
posted @ 2019-03-26 22:00
我超怕的
阅读(357)
推荐(0)
摘要:
APPLE-SA-2019-3-25-3 tvOS 12.2tvOS 12.2 is now available and addresses the following:CFStringAvailable for: Apple TV 4K and Apple TV (4th generation)I
阅读全文
posted @ 2019-03-26 21:59
我超怕的
阅读(249)
推荐(0)
摘要:
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update2019-002 High Sierra, Security Update 2019-002 SierramacOS Mojave 10.14.4, Security Update 2
阅读全文
posted @ 2019-03-26 21:58
我超怕的
阅读(371)
推荐(0)
摘要:
APPLE-SA-2019-3-25-7 Xcode 10.2Xcode 10.2 is now available and addresses the following:KernelAvailable for: macOS 10.13.6 or laterImpact: An applicati
阅读全文
posted @ 2019-03-26 21:58
我超怕的
阅读(203)
推荐(0)
摘要:
Product: article2pdf (Wordpress plug-in)Product Website: https://wordpress.org/plugins/article2pdf/Affected Versions: 0.24 and greaterThe following vu
阅读全文
posted @ 2019-03-26 21:55
我超怕的
阅读(849)
推荐(0)
摘要:
CVE-2019-9974: diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to infor
阅读全文
posted @ 2019-03-26 21:54
我超怕的
阅读(275)
推荐(0)
摘要:
https://www.cnblogs.com/iAmSoScArEd/ This problem refers to the advisory found at https://confluence.atlassian.com/display/DOC/Confluence+Security+Adv
阅读全文
posted @ 2019-03-26 20:16
我超怕的
阅读(389)
推荐(0)
摘要:
Debian Security Advisory(Debian安全报告) DSA-4416-1 wireshark security update Package:wireshark CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-201
阅读全文
posted @ 2019-03-26 13:33
我超怕的
阅读(194)
推荐(0)
浙公网安备 33010602011771号