모의해킹 (WAPT)179 PHP Vulnerability Hunter All testing was performed on Windows XP and Vista using XAMPP. Each target application was installed, then a full scan was performed. Noteworthy log entries revealing exploitable faults are shown followed by the expoit proof of concepts and resulting advisories.Case Study 1: MODx Revolution 2.0.2-plReflected Cross-site Scripting Log EntryAlert Name: Reflected XSS GET /modx/manager/index.php?serv.. 2011. 11. 21. TimThumb vulnerability (WordPress plugins) Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerabilityan attacker can upload and excute a PHP file of hi.. 2011. 11. 11. Run POST Modules On All Sessions Jcran recently blogged about an easy way to run a post module on all sessions: http://blog.pentestify.com/simple-framework-domain-token-scanner msf> use post/windows/gather/enum_domain_tokens msf enum_domain_tokens> irb framework.sessions.count.each do |session| run_single("set SESSION #{session.first}") run_single("run") sleep 1 end You use the POST module, drop to IRB and run those 4 lines, an.. 2011. 11. 4. HTTP Parameter Pollution Vulnerabilities HTTP 매개변수 오염(Parameter Pollution) 취약점 이슈 발표자료 : 관련자료 : 2011. 10. 30. DoS Attack Tool Targeting SSL Servers A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers. A tool designed to launch denial of service attacks can bring down Secure Sockets Layer servers using just a laptop computer and a standard DSL connection. Developed by a German group called The Hacker's C.. 2011. 10. 27. 이전 1 ··· 14 15 16 17 18 19 20 ··· 36 다음 728x90
