An Analysis of the vBulletin 5.x Remote Code Execution Exploit

vBulletin is a commercial Internet forum software package, boasting tens of thousands of users which are growing rapidly worldwide. It is written in the PHP web language and uses the MySQL database. Owing to its large user base, vBulletin is frequently reported to have vulnerabilities. In NSFOCUS Vulnerability Database (NSVD), there are 49 entries related to vBulletin, most of which are SQL injection vulnerabilities. The vulnerability disclosed this time is of a relatively high risk level, known as remote code execution (RCE). Theoretically, an attacker can exploit this vulnerability to execute arbitrary code or even take complete control of a forum that uses this program.

vBulletin5远程代码执行漏洞分析

vBulletin 是一个商用的论坛程序套件,在全球拥有数万用户且增长速度很快。该论坛采用PHP Web语言及MySQL数据库。正是由于其用户较多,其漏洞出现频率较高,在绿盟科技漏洞库(NSVD)中共有[49条记录][1],大部分是SQL注入漏洞。此次漏洞等级较高,为远程代码执行漏洞(RCE),理论上说攻击者可执行任意代码,甚至完全控制论坛 。

Attack Chain-based Threat Aware System

With the network threat forms becoming more and more diversified and complex and challenges from advanced persistent threat (APT) attacks, new-generation threats spread more quickly on a larger scale, covering mobile devices, desktops, networks, web, applications, and social networks. In the new normal situation, it is far from enough for customers to obtain threat information only from traditional network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) devices, and professional, systematical, and intelligent devices are becoming really crucial. In particular, with the development of the Internet and improvement of user experience requirements, network threat behaviors should be detected through big data analysis to show customers the entire dynamic attack process intuitively.

XcodeGhost检测结果

XcodeGhost危害国内苹果应用市场

据称,苹果公司官方发言人表示,苹果公司已经开始清查下架相关应用,并且正与开发者积极沟通,确保他们使用官方版本的Xcode重建应用,并建议开发者在下载Xcode的时候,开启Gatekeeper功能。那么事情就这么结束了吗?

绿盟云

绿盟云:XcodeGhost分析及在线检测

什么是Xcode

Xcode 是苹果公司开发的编程软件,是开发人员进行苹果电脑及手机程序开发的工具。根据斯诺登提供的资料,美国政府研究人员创建了一个特殊版本的Xcode,希望借此将监控后门植入到手机应用程序APP中,并通过苹果应用商店App Store散发。(该信息引自百度百科等词条)

SYNful Knock, a New Backdoor Targeting Cisco Routers

How many people and companies use Cisco routers? You do not need to be a system integration engineer to know the specific figure. Baidu will tell you the answer. Do you panic when knowing that a backdoor targeting Cisco routers may affect most models? An experienced network administrator knows that the firmware of routers is not frequently upgraded. Once an attacker gets the knack of exploiting such backdoors, he or she can use them against those routers in a long time. Are you scared of that?

思科

新型思科路由器后门SYNful Knock

新型思科路由器后门SYNful Knock

思科路由器在国内有多大的使用量?做过系统集成的知道,在百度搜索中也可以知道,那思科路由器出现后门,可能影响其大多数型号,你惊慌吗?做过网络管理的都知道,路由器可能很长时间都不会升级其系统固件,攻击者拿到这些后门利用方法,就可以长期使用,你害怕吗?

django执行任意代码漏洞

Django任意代码执行漏洞分析

从Django的SECTET_KEY到代码执行

Django是一个可以用于快速搭建高性能,优雅的网站的平台,由Python写成。采用了MVC的软件设计模式,即模型M,视图V和控制器C。它最初是被开发来用于管理劳伦斯出版集团旗下的一些以新闻内容为主的网站的,即是CMS(内容管理系统)软件。并于2005年7月在BSD许可证下发布。

最近在进行网站代码审查的过程中,发现某些产品由于session使用不当,导致可能被攻击者利用,执行任意代码。这些产品在登录的JS代码中,泄露了SECRET_KEY,将该值作为密码加密的盐,这样就暴露了加密salt不太好吧,更重要的是对django的安全造成了极大的威胁。

分析及防护:Win10 执行流保护绕过问题

分析及防护:Win10 执行流保护绕过问题

Black Hat USA 2015正在进行,在微软安全响应中心公布的最新贡献榜单中,绿盟科技安全研究员张云海位列第6位,绿盟科技安全团队(NSFST)位列28位,绿盟科技安全团队(NSFST)常年致力于发现并解决计算机以及网络系统中存在的各种安全缺陷。这篇《Windows 10执行流保护绕过问题及修复》是团队在此次大会上分享的主要内容