Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

将Firefox打造成一个渗透测试平台工具

其实发现这个漏洞已经有好些日子了，本来我是不想公开的，前些天两次给一流信息监控的人发邮件提醒他们，但他们就是没认真考虑我说的问题，还说一流信 息系统可以把经过编码的注入字符也加到过滤清单中，不知道他们是怎么想的，他是觉得再加一条sele%ect过滤规则就可以了？那sele%%ct呢，也 加上？那sele%%%ct呢？？鉴于一流这种无所谓的态度我就公开此漏洞，希望他们能以此为鉴。