Router hacking相关资料

Papers:JTAG SlidesHow to hack millions of routersHacking cisco routersRouter ExploitationFrom SQLi to MIPS OverflowsFlashing & Attacking WiFi RoutersSANS: Exploiting embedded devicesHacking routers for fun and profitRemote Attacks Against SOHO Ro

阅读全文»

dlink路由器固件-qemu调试环境搭建

qemu安装git clone git://git.qemu.org/qemu.git cd qemu git submodule init git submodule update --recursive sudo apt install libglib2.0 libglib2.0-dev sudo apt install autoco

阅读全文»

binwalk工具的安装

binwalk工具完整安装方式的整理,以python 2.7的安装为例1.最懒的方式,自动安装依赖库和组件工具。    $ sudo apt-get update       $ sudo apt-get install build-essential autoconf git   &

阅读全文»

路由器漏洞挖掘之固件提取

路由器漏洞挖掘之固件提取环境需求kali linuxbinwalkfirmware-mod-kit D-Link DIT-815固件工具介绍firmware-mod-kit工具的安装firmware-mod-kit工具的功能和binwalk工具的类似,其实firmware-mod-kit工具在功能上有调用binwalk工具提供的功能以及其他的固件解包工具的整合。在KALI 系统上安装firmware-mod-kit工具之前需要先安装需要的依赖库文件$ sudo apt-ge

阅读全文»

Cross-site scripting vulnerability in moodle 3.2

There is a xss vulnerability in moodle 3.2 latestIn admin page Add a new course ,Course summary filter have xss vulnerability payload :<svg onload="alert('Coursesummary')"></svg>save and display  when we viste

阅读全文»

XSS攻击另类玩法

XSS攻击另类玩法 今天就来讲一下大家都熟悉的 xss漏洞的攻击利用。相信大家对xss已经很熟悉了,但是很多安全人员的意识里 xss漏洞危害只有弹窗或者窃取cookie。但是xss还有更多的花式玩法,今天将介绍几种。1.  xss攻击添加管理员后台触发存储型XSS,网站设置http-only,窃取的cookie无效。那么如何在这种情况下利用xss漏洞。无法获取cookie,但是我们可以利用xss漏洞,以管理员的权限,添加一个新的管理员。没错,就是让管理员给我们加一个高权限账号

阅读全文»

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-23

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16 in adminpageUse this vulnerabilitie must be login admin page " _src="http://localhost/admin/modules/bibliography/checkout_item.php?keywords="˃"˃http://local

阅读全文»

Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3

There is a Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3 When i use Wordpress plugin WP Markdown Editor  add new post or edit post i fund a store xss vulnerabilitypost in content input the xss payload <img src=x

阅读全文»

Cross-site scripting vulnerability in CMS Made Simple 2.1.6

 CMS Made Simple in adminpage > sitesetting > General Settings > globalmetadata filed has xss vulnerabilitythen visite any page has Cross-site scripting vulnerability

阅读全文»

Cross-site scripting (XSS) vulnerability in CMS Made Simple 2.1.6

in adminpage > Design Manager > Categories options  Create a new Category Desciption filed  has xss vulnerability  first create a new catagory and in Description write the payload </textarea><svg/onload=alert(0)> and

阅读全文»