欢迎信息安全界的朋友!黑站、挂马的勿扰!只做基础理论研究。交流IDS、IPS、buffer overflow、内核编程 、sniffer,技术共享!

                                                 
              .                 .    . . .                  
             .                        .        .            
         'BBNNNN                        .  .                
          N                      .       .     .            
         N                         .   .   .                
         N.  .                        .                     
        N  .   .                  .  N   .  NN              
        B   .                       NN.     NN              
       NN                  .  .     BN      NN              
       N .  . .           .      .  ND.     NN              
       N. .                ..  .    NN .    NN              
       N    ..                   .  NB      NN              
       N                 B. .       NN.     NN                    
       N  .               NN        NB .    NN              
       NNNBNNNN            B     .  N.      NN            
       N  .                        .N       NN              
 .     N                 .          N.      NN              
      .N   .            .   .    .  N  .  . BN  ..          
  ..  .B .   .     ..     .       . N       NN     .  .     
       N       NNN.  B.    .  .     N   NNNNNN NNN          
    .. N       N N  N  .NNNB    NNN.B. BN. NBN   B. B.      
      .B .   .   N NN . N N  . NB NBN .N    NN   N  N  .    
     .NN   .    N NN   .  B   .B .  N  N. . B    N.BN.      
  .   N         N N  .    NN   N  ..B. N .  N   .B NN       
      N         NN       NNN   N  NNN  N   NB   NNNN        
  . . B.        BN       NN  .  NNN NN NNNNNN. .NB N  .     
      N         N  . .              . . NN . N.  . N        
   .  N          .                        . .  .  .B   .    
    . D.        .    .      .    .     .      .    N.       
      N          .      .  '    .            .     N  .     
      N          .  .     .       .       .        N  .     
  .             .               .             .   NN .      
                                    . .           N   .     
                                  .        .   .  N .       
                                         .  .     N. ..     
                                    .     .      NN    .    
                                .     . .    NNBNB. '       
                                 . .  BNBNNNNN         .    
                                . .   . . .           .     
                                 .    .      .                                                                                                                

预览模式: 普通 | 列表

与时俱进--解读09年新刑法修正案

一、背景

十一届全国人大常委会,第七次会议 2月28日上午,十一届全国人大常委会第七次会议在北京人民大会堂举行闭幕会,以161票赞成、4票弃权表决通过《中华人民共和国刑法修正案(七)》。

查看更多...

分类:水谭 | 固定链接 | 评论: 0 | 引用: 0 | 查看次数: 4134

PDF攻击中运行Javascript

Microsoft IE CFunctionPointer函数内存破坏漏洞(MS09-002)
发布时间:2009-02-10
影响版本:
Microsoft Internet Explorer 7.0

查看更多...

分类:0day | 固定链接 | 评论: 3 | 引用: 0 | 查看次数: 37810

介绍几种国外的FUZZ


Gfuzz

Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.

查看更多...

分类:漏洞挖掘 | 固定链接 | 评论: 62 | 引用: 0 | 查看次数: 12842

Command execution with a MySQL UDF

Modern database management systems are powerful applications: they provide several instruments to interact with the underlying operating system.

On MySQL it is possible to create a User-Defined Function to execute commands on the underlying operating system. Marco Ivaldi demonstrated that some years ago. His raptor_udf2.c works well, but it has two limitations:

It is not MySQL 5.0+ compliant because it does not follow the new guidelines to create a proper UDF.

查看更多...

分类:漏洞公告 | 固定链接 | 评论: 28 | 引用: 0 | 查看次数: 9276

完美时空的网站有漏洞

大过年的,完美时空的网站有漏洞,麻烦敬业地解决下!

问题出在:
http://event11.wanmei.com/zhuxian/zxhitegg/index.jsp

查看更多...

分类:水谭 | 固定链接 | 评论: 4 | 引用: 0 | 查看次数: 4713

2009微软的第一个PATCH

http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx

SMB Buffer Overflow Remote Code Execution Vulnerability - CVE-2008-4834

An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system. Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible.

查看更多...

分类:水谭 | 固定链接 | 评论: 29 | 引用: 0 | 查看次数: 5038

我国安全研究界水平或将倒退10年

刑法修正案(七)草案增加规定:

“违反国家规定,侵入前款规定以外的其他计算机信息系统,获取计算机信息系统中存储、处理或者传输的数据,或者对计算机信息系统实施非法控制,情节严重的,处三年以下有期徒刑或者拘役,并处或者单处罚金;情节特别严重的,处三年以上七年以下有期徒刑,并处罚金.

提供专门用于侵入、非法控制计算机信息系统的程序、工具,或者明知他人实施侵入、非法控制计算机信息系统违法犯罪行为而为其提供程序、工具,情节严重的,依照前款规定处罚.”

查看更多...

分类:水谭 | 固定链接 | 评论: 5 | 引用: 0 | 查看次数: 4475