Tag:Loophole
-
Time:2021-6-8
Cross-site request forgery (CSRF) In this section, we’ll explain what cross site request forgery is and describe some common featuresCSRFVulnerability examples, and how to defendCSRFAttack. What is CSRF Cross Site Request Forgery(CSRF)Is a web security vulnerability that allows attackers to trick users into performing operations they don’t want to perform. AttackersCSRFIt can partly avoid the […]
-
Time:2021-5-14
Haobor2.2.1 configuration (trivy scanner, image signature) Docker compose Download https://github.com/docker/compose/releases install cp docker-compose /usr/local/bin chmod +x /usr/local/bin/docker-compose Harbor Download https://github.com/goharbor/harbor/releases decompression tar xf xxx.tgx Configure harbor Create under the root: MKDIR / data cd harbor/ mkdir certs cd certs/ Generate certificate and private key openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout registry.key […]
-
Time:2021-5-11
Container has become very popular in recent years. When we talk about container, we have to mention image. If container is one of the core contents of cloud computing era, image is the soul of container. So the security of the image is particularly important.But from the following data, we can see that the security […]
-
Time:2021-5-3
Problem description SSL / TLS protocol information disclosure vulnerability (cve-2016-2183) TLS is a secure transport layer protocol used to provide confidentiality and data integrity between two communication applications.DES and triple des passwords used in TLS, SSH, IPSec negotiation and other products have a birthday boundary of about 4 billion blocks, which enables remote attackers to […]
-
Time:2021-4-29
The data stack is a cloud native one-stop data platform PAAS. We have an interesting open source project on GitHub and gitee: flinkx. Remember to give us a star! star! star! Gitee open source project:https://gitee.com/dtstack_dev… GitHub open source project:https://github.com/DTStack/fl… Flinkx is a Flink based batch flow unified data synchronization tool, which can collect both static […]
-
Time:2021-4-28
preface Recently, the company has provided a list of high-risk vulnerabilities in the application, includingfastjsonAnd Jackson, because I have known about the deserialization problem caused by polymorphism in fastjson before, so I plan to do a simple analysis. Vulnerability Brief On August 27, 2020, 360cert monitoring found that Jackson databind released the risk notice of […]
-
Time:2021-4-3
A few days ago, Tencent Royal Threat Intelligence Center reported an invasion case of h2miner Gang using saltstack vulnerability to control server mining. It is reported that Tencent Security Threat Intelligence Center detected h2miner Trojan horse using saltstack remote command execution vulnerability (cve-2020-11651, cve-2020-11652) to invade enterprise host for mining on May 3, 2020. Through […]
-
Time:2021-4-2
Please go to the end of the article to add wechat Editor’s note: This week, we will learn about new research on web assembly from academia. They ask: is webassembly secure enough? The answer may surprise you! We see more about the adoption of webassembly in the back end system. Also this week, rust is […]
-
Time:2021-3-30
Server-side template injection In this section, we will introduce what is server-side template injection, outline the basic methods to exploit this vulnerability, and also provide some suggestions to avoid this vulnerability. What is server side template injection Server side template injection means that the attacker can inject malicious load into the template by using the […]
-
Time:2021-3-26
Introduction of Windows operating system version 1. Micorsoft Windows XP ·Microsoft official release time and service termination time: 2001.10.25-2014.4.8 vulnerability: ms08-067 (remote code execution), ms12-020 (Remote Desktop), ms17-010 (Eternal Blue blackmail virus), cve-2019-0708 (Remote Desktop) · learn more:https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490858(v=technet.10) 2. Micorsoft Windows Win7 ·Microsoft official release time and service termination time: 2009.10.22-2020.1.14 features: power shell ·Learn more: […]
-
Time:2021-3-19
Introduction and analysis of windows high risk vulnerabilities over the years 1、 Vulnerability introduction: 1. Vulnerability: <1> Vulnerability: an important factor affecting network security; <2> . vulnerability exploitation: become the most common means of malicious attacks; <3> Vulnerability attack: industrialization, low cost, means diversification, low threshold trend; <4> Information age: both individuals and enterprises are […]
-
Time:2021-3-11
Log analysis of nginx and JBoss 1、 Analyzing nginx logs using e.l.k security 1. Introduction to nginx log: Nginx is a high-performance, lightweight web, reverse proxy and e-mail proxy server, which is the second most visited by Russia Rambler.ru Site development; NGX, for short, is widely used in high concurrency application systems because of its […]
