最新IE 0day

WebCruiser - Web Vulnerability Scanner V1.3.1.0306

(source code and binaries are available)

Acunetix Web Vulnerability Scanner 6.5 Build 2010_02_10 Enterprise Version & Crack Patch

Although pass-the-hash attacks have been around for a little over thirteen years,the knowledge of its existence is still poor.This paper tries to fill a gap in the knowledge of this attack through the testing of the freely available tools that facilitate the attack.While other papers and resources focus primarily on running the tools and sometimes comparing them, this paper offers an in-depth, systematic comparison of the tools across the various Windows platforms,including AV detection rates. It also provides exte...

Exploiting SQL Injection from Web Applications

Sablog-X v2.x 任意变量覆盖漏洞

author: 80vul-B
team:http://www.80vul.com
 

#Trace: 今天在Pst聚合上看到一个Acunetix Web Vulnerability Scanner v6.5 build 20100210的补丁，在网上没找到安装包，问了几个人也没问到，找到一个便携版的，在vmware里试了下，可以升级。源地址被墙，已经上传到Rapidshare上。

containing a large categorized list of useful expressions to inject in
his day to day duties . Those expressions come from guys like Ferruh
Mavituna, Hack.ers, etc (all credited in the sources) and personal
experience.

是学习wmi的练手作品，专门为管理员身份下运行设计的，普通的IISUSER身份下无法正常运行。如果你提权加上了用户，却因为种种原因，暂时进不了终 端什么的，可以传这个shell到服务器上，做一些猥琐的事。有的时候在shell下操作也是很方便的哦

你可能会问了，这个跟海洋的以管理员身份登陆有什么区别？海洋毕竟不是专门为这种环境设计的。而且熟悉IIS权限机制的同学都应该知道，普通的 webshell，就算用管理员身份登陆了，执行命令还是应用程序池的身份。而这个shell，无论任何操作，包括运行程序，都是以你登陆用户的身份

前段时间研究DB2、SYBASE、ORACLE，某些特定情况需要ASP来连接。写了一个ASP。来连接数据库。而且还可以根据查询语句做相应输出。对于某些“商业间谍”来说。简直就是居家旅行必备。只不过效率太低了。查询几百万条的数据。那个慢啊。要是碰到多表关联的。很容易超时。所以查询之前根据语句先建立个索引。可以极大提高效率。然后再分页输出。然后再XXXXX。

为了更好的促进OWASP中国各区域的沙龙、活动能够持续、稳定的进行，OWASP中国特成立的各区域小 组，主要为了促进小范围内的交流和分享。同 时，也非常欢迎大家自荐成为自己所在区域的负责人。OWASP中国项目研究组以目前OWASP的开源项目为基础，深入研究各类应用安全技术，并输出相关中 文资料、培训文档、安全工具等。同时，也会不定期的在各区域的活动上做相关培训。 OWASP中国QQ交流群 78238096

Dirty Tricks

Author: My5t3ry
Official site: http://www.qingtiandy.cn/
vulnerable: /look/template/wmv.asp

OWASP Code Crawler is a .NET Windows Forms application built using Microsoft .NET C#, XML, Linq and few third parties open source components. Its development started in fall 2007 as a very simple prototype from a mail conversation between me (Alessio Marziali) and Eoin Keary (Code Review Project Leader and Board Member). Eoin spotted the hidden power of this tool and asked me if I could be interested in converting it to open source. Thrilled by the idea of joining OWASP, few months later Code Crawler became an official OWASP Project.