Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers

Introduction Analysis of the exploit Analysis of the CSRF payload Consequences of a malicious DNS server Prevalence of the exploit Recommendations to mitigate the problem Affected Devices References Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with several devices in parallel and also provides some protection against incoming attacks from the Internet.

Golismero使用说明【中英文对照】

usage: golismero.py [-h] [-f FILE] [--config FILE] [-p NAME] [--ui-mode MODE] [-v] [-q] [--color] [--no-color] [--audit-name NAME] [-db DATABASE] [-nd] [-i FILENAME] [-ni] [-o FILENAME] [-no] [--full] [--brief] [--max-connections MAX_CONNECTIONS] [--allow-subdomains] [--forbid-subdomains] [-r DEPTH] [-l MAX_LINKS] [--follow-redirects] [--no-follow-redirects] [--follow-first] [--no-follow-first] [-pu USER] [-pp PASS] [-pa ADDRESS:PORT] [--cookie COOKIE] [--cookie-file FILE] [--persistent-cache] [--volatile-cache] [-a PLUGIN:KEY=VALUE] [-e PLUGIN] [-d PLUGIN] [--max-concurrent N] [--plugins-folder PATH] COMMAND [TARGET [TARGET ...]] available commands: 可用

Zabbix Authenticated Remote Command Execution, zabbix远程命令执行

zabbix 远程命令执行。 妈妈说再也不担心wb不够了 http://www.wooyun.org/searchbug.php?q=Zabbix+ 刷起来哈哈 # # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => 'Zabbix Authenticated Remote Command Execution', 'Description' => %q{ ZABBIX allows an administrator to create scripts