关于shell中的eval 对于命令注入后,一条命令可能需要的字符大概有这几个吧 $ ' " ; && || [ ] ` > <; 可以看到是很多的,所以黑名单过滤的方法肯定是有问题的,因为是肯可能绕过去的。 加入对所有GET, POST的参数都用了htmlspecialchars做了处理,那么所有的< > 都会被转义成html字符 那么就没办法使用重定向符号了吗? 参考下下面的利用eval来使用管道符号 The shell takes care of pipes and I/O redirection before variable substitution, so it never recognizes the pipe symbol inside pipe. The result is that the three arguments |, wc, and -l are passed to ls as arguments. ...
ubuntu下去除开机的服务,如果安装了apache,mysql开发用,可以去掉,使用的时候再打开。 find /etc/rc*.d/ -name \*apache2 -exec rm {} \; #Or: sudo update-rc.d -f apache2 remove
在100个最佳网络安全工具里找了下,排12的是个Nikto,也是[10个最佳web扫描器](http://sectools.org/web- scanners.html)里排第一个的,装了试一下,挺不错 wang@wang-laptop:~$ sudo apt install nokto wang@wang-laptop:~$ nikto -Help Options: -config+ use this config file -Cgidirs+ scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/" -Display+ turn on/off display outputs: 1 Show redirects 2 Show cookies received 3 Show all 200/OK responses 4 Show URLs which require authentication D Debug Output V Verbose Output -dbcheck check database and other key files for syntax errors (cannot be abbreviated) -evasion+ ids evasion technique: 1 Random URI encoding (non-UTF8) 2 Directory self-reference (/./) 3 Premature URL ending 4 Prepend long random string 5 Fake parameter 6 TAB as request spacer 7 Change the case of the URL 8 Use Windows directory separator (\) -findonly find http(s) ports only, don't perform a full scan -Format+ save file (-o) format: htm HTML Format csv Comma-separated-value txt Plain text (default if not specified) xml XML Format -host+ target host -Help Extended help information -id+ host authentication to use, format is userid:password -mutate+ Guess additional file names: 1 Test all files with all root directories 2 Guess for password file names 3 Enumerate user names via Apache (/~user type requests) 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) -nolookup skip name lookup -output+ write output to this file -port+ port to use (default 80) -Pause+ pause between tests (seconds) -root+ prepend root value to all requests, format is /directory -ssl force ssl mode on port -Single Single request mode -timeout+ timeout (default 2 seconds) -Tuning+ scan tuning: 0 File Upload 1 Interesting File / Seen in logs 2 Misconfiguration / Default File 3 Information Disclosure 4 Injection (XSS/Script/HTML) 5 Remote File Retrieval - Inside Web Root 6 Denial of Service 7 Remote File Retrieval - Server Wide 8 Command Execution / Remote Shell 9 SQL Injection a Authentication Bypass b Software Identification c Remote Source Inclusion x Reverse Tuning Options (i.e., include all except specified) -useproxy use the proxy defined in config.txt -update update databases and plugins from cirt.net (cannot be abbreviated) -Version print plugin and database versions -vhost+ virtual host (for Host header) + requires a value 试着扫了下自己的笔记本,发现还是扫到很有意思的东西 环境: ubuntu9.10 + apache2(默认配置) 居然有这么个地址 http://localhost/server-status 记录的是apache运行状态。 ...
ubuntu下安装chrome浏览器 编辑/etc/apt/sources.list Ubuntu 9.04 (Jaunty) 添加这个源 deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu jaunty main deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu jaunty main ubuntu 9.10 (Karmic) 添加这个源 deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main 然后运行 sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xfbef0d696de1c72ba5a835fe5a9bf3bb4e5e17b5 之后就可以安装了 sudo apt-get update && sudo apt-get install chromium-browser -y
转一篇文章,我遇到的问题和下面的一样,连看的视频都一样,解决方式当然也一样 原文在这里 电脑里有《老友记》还是mkv格式的,mplayer播放出现声音图像不同步,快进有抖音。总不能老重启回xp去看吧。捣鼓了N久,解决同步问题,但是快进还有点小瑕疵,有时会有点破音,再按下空格快进就OK了。 ...