bksec.net bksec.net

BKSEC.NET

my5t3ry

记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。

http://www.bksec.net/

WEBSITE DETAILS
SEO
PAGES
SIMILAR SITES

TRAFFIC RANK FOR BKSEC.NET

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

May

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Thursday

TRAFFIC BY CITY

CUSTOMER REVIEWS

Average Rating: 3.6 out of 5 with 12 reviews
5 star
2
4 star
5
3 star
4
2 star
0
1 star
1

Hey there! Start your review of bksec.net

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

Desktop Preview Tablet Preview Mobile Preview

LOAD TIME

4.4 seconds

FAVICON PREVIEW

  • bksec.net

    16x16

  • bksec.net

    32x32

  • bksec.net

    64x64

  • bksec.net

    128x128

  • bksec.net

    160x160

  • bksec.net

    192x192

CONTACTS AT BKSEC.NET

Hu Jie

Hu Jie

Pan●●● qu

Gua●●●hou , Guangdong, 510000

China

86.01●●●●●81111
86.01●●●●●81111
ev●●●●●●●●●@gmail.com

View this contact

Hu Jie

Hu Jie

Pan●●● qu

Gua●●●hou , Guangdong, 510000

China

86.01●●●●●81111
86.01●●●●●81111
ev●●●●●●●●●@gmail.com

View this contact

Hu Jie

Hu Jie

Pan●●● qu

Gua●●●hou , Guangdong, 510000

China

86.01●●●●●81111
86.01●●●●●81111
ev●●●●●●●●●@gmail.com

View this contact

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

DOMAIN REGISTRATION INFORMATION

REGISTERED
2010 February 09
UPDATED
2014 January 31
EXPIRATION
EXPIRED REGISTER THIS DOMAIN

BUY YOUR DOMAIN

Network Solutions®

DOMAIN AGE

  • 15

    YEARS

  • 5

    MONTHS

  • 12

    DAYS

NAME SERVERS

1
ns15.xincache.com
2
ns16.xincache.com

REGISTRAR

XIN NET TECHNOLOGY CORPORATION

XIN NET TECHNOLOGY CORPORATION

WHOIS : whois.paycenter.com.cn

REFERRED : http://www.xinnet.com

CONTENT

SCORE

6.2

PAGE TITLE
my5t3ry | bksec.net Reviews
<META>
DESCRIPTION
记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。
<META>
KEYWORDS
1 网络安全
2 代码审计
3 信息安全
4 漏洞挖掘
5  渗透测试
6 php
7 mysql
8 oracle
9 python
10
CONTENT
Page content here
KEYWORDS ON
PAGE
搜索关键字,archives,exploit,links,wordpress插件wp statistics sql注入漏洞分析,分类 web,文章在7月16号首发threathunter社区,自己博客存个档,wordpress具有插件架构和模板系统,本文简单分析该漏洞,漏洞位于/includes/functions/functions php中的,阅读剩余部分,新的开始,分类 archives,删了开了几年的博客,几年来也没写下什么=,希望新的博客有一个新的开始,最新文章,最近回复
SERVER
nginx
CONTENT-TYPE
utf-8
GOOGLE PREVIEW

my5t3ry | bksec.net Reviews

https://bksec.net

记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。

INTERNAL PAGES

bksec.net bksec.net
1

php 反射实例应用-快速定位函数或类所在的位置 - my5t3ry's blog

https://www.bksec.net/archives/PHP-Reflection.html

在 zend studio 这样的 IDE 中自是可以自动提示到,但当没有安装这样的开发工具时,可以用下面的代码. Php function custom() class custom{ public function index() } print r(get define position('custom') ; /* * / * @param string $name 函数名或者类名 * @return array */ function get define position($name){ $info = array(); if(class exists($name) { $ob = new ReflectionClass($name); $info['class '.$name]= array('file'= $ob- getFileName(),'line'= $ob- getStartLine() ; } if(function exists($name) { $ob = new ReflectionFunction($name); $info['function '.$...

2

my5t3ry's blog

https://www.bksec.net/page/1

文/meao 昨天在检测一个外国PHP网站时 在id=255后加’出现forbidden 于是我and 1=1正常 and 1=2出错 说明肯定有注入 接着我order by猜出字段 然后union select 1,2,3,4 / 悲剧的又出现了forbidden 肯定是做了过滤了 后来构造了语句id=-255 union /*! Select*/ 1,2,3,4. 文/xuser 一般注入多用于在mssql和mysql两类数据库中,如mssql asp、 mysql php则是最为常见的搭配环境。 关于PostgreSQL PostgreSQL是一种特性非常齐全的自由软件的对象-关系型数据库管理系统 ORDBMS ,可以说是目前世界上最先进,功能最强大的自由数据库管理系统。 解决VMWare的VMware USB Arbitration Service服务与索爱驱动冲突的问题. 原创 解决VMWare的VMware USB Arbitration Service服务与索爱手机驱动冲突的问题 收藏 现象 VMWare内不能识别USB设备。 如 Router(Config)#Access-list 1 ...

3

my5t3ry's blog

https://www.bksec.net/page/4

这个漏洞是上次那个代码执行漏洞的再次利用 /include/dedesql.class.php. 当查找支持IPSec的设备时,你要寻找主机上开放的UDP 500或4500端口以及对49号 认证头 或50号 安全载荷封装 协议的支持。 不过,正如你可能知道的那样,UDP端口扫描不如你希望的那样可靠,ICMP type 3 code 2通常会被中间路由器阻塞。 Author:jackal member guestbook action.php $title = cn substr(html2text($title),60); $msg = cn substr(stripslashes($msg),2048); if($cfg ml- M UserName! Cfg ml- M ID! Uidnum) $gid = $cfg ml- M UserName; else $gid = ' ; $inquery = " INSER. DEDECMS v5.5 GBK Final 的一个鸡肋漏洞. Sablog-X 2.0 后台管理权限欺骗漏洞. Cityid=2&m=1" -v 1 - sql-shell / 执...

4

my5t3ry's blog

https://www.bksec.net/page/2

Methods of quick exploitation of blind SQL Injection. Http:/ www.packetstormsecurity.org/papers/database/PT-devteev-FAST-blind-SQL-Injection.txt. Dvbbs php 2.0 几处0day. By:T00ls 核心成员 Xhm1n9 2010.8.19 1,joinvipgroup.php / 注入 function up vipuser(){ global $lang,$db,$dv,$userid,$userinfo,$vipgroupuser; $groupid=$ POST['vipgroupid']; $btype=$ POST['Btype']; $vipmoney=$ POST['vipmoney']; $vipticket=$ POST['vipticket']; if($groupid= 0 or $vipmoney 0 or $. Dedecms = V5.6 Final模板执行漏洞. My5t3ry 网上转的,记录一下 serialize(...

5

my5t3ry 发布的文章 - my5t3ry's blog

https://www.bksec.net/author/1

文/meao 昨天在检测一个外国PHP网站时 在id=255后加’出现forbidden 于是我and 1=1正常 and 1=2出错 说明肯定有注入 接着我order by猜出字段 然后union select 1,2,3,4 / 悲剧的又出现了forbidden 肯定是做了过滤了 后来构造了语句id=-255 union /*! Select*/ 1,2,3,4. 文/xuser 一般注入多用于在mssql和mysql两类数据库中,如mssql asp、 mysql php则是最为常见的搭配环境。 关于PostgreSQL PostgreSQL是一种特性非常齐全的自由软件的对象-关系型数据库管理系统 ORDBMS ,可以说是目前世界上最先进,功能最强大的自由数据库管理系统。 解决VMWare的VMware USB Arbitration Service服务与索爱驱动冲突的问题. 原创 解决VMWare的VMware USB Arbitration Service服务与索爱手机驱动冲突的问题 收藏 现象 VMWare内不能识别USB设备。 如 Router(Config)#Access-list 1 ...

UPGRADE TO PREMIUM TO VIEW 14 MORE

TOTAL PAGES IN THIS WEBSITE

19

LINKS TO THIS WEBSITE

imbeee.github.io imbeee.github.io

ALICTF 2015 初赛Writeup | Beeeの零碎事

http://imbeee.github.io/2015/03/30/ALICTF-2015-Writeup

Check()方法中定义了一个长度为16的字符串,将字符串的第i与 bobdylan 的第 i % 8位进行异或,即得key。 初步测试了一下,过了. ‘()=等,而且题目指定用chrome测试,遂先后尝试了HTML imports,. 089d9b2b0de6a319.alictf.com/xss.php? Name= svg script %26. D9b2b0de6a319.alictf.com/zhedaotimu tebiemeiyouyingyang.php? 相关资料 http:/ segmentfault.com/q/1010000002391106. 该题目为一个swf文件,用 http:/ www.showmycode.com/. Local1:* = root.loaderInfo.parameters;. Local2:* = root.loaderInfo.url.indexOf( "? ParseStr(root.loaderInfo.url.substr( local2 1. ExternalInterface.call( "console.debug". SELECT *...

imbeee.github.io imbeee.github.io

DUTCTF热身赛Writeup | Beeeの零碎事

http://imbeee.github.io/2015/04/15/dutctf-writeup

A href=cc5daf26edcf4540ef4306619d42ee4c/56b0edd36cdb68dd183db2a2eae47dd2.php /a. 于是访问 http:/ challenge.dutsec.cn/cc5daf26edcf4540ef4306619d42ee4c/56b0edd36cdb68dd183db2a2eae47dd2.php. Location.href= "4b7be5a6ec9cd077e1ac96bbae61c4e2/e254591688c224aca386ae1a5fd9b8af.php". 于是直接访问 http:/ challenge.dutsec.cn/4b7be5a6ec9cd077e1ac96bbae61c4e2/e254591688c224aca386ae1a5fd9b8af.php. 先尝试访问 http:/ blog.dutsec.cn. 得到一个个人网站,再尝试访问blog二级域名 http:/ blog.ikow.cn. Id=7 and 1=1 / 正常. Id=7 and 1=2 / 不正常. Hello ,I am Beee.

imbeee.github.io imbeee.github.io

某些情况下WebLogic可用的菜刀 | Beeeの零碎事

http://imbeee.github.io/2016/01/03/WebLogic-caidao-fixed

String s=request.getSession().getServletContext().getRealPath(/);. 在weblogic 11g上 this.getServletContext().getRealPath( / )为null的原因及解决方法. Javaio.*,java.util.*,java.net.*,java.sql.*,java.text.*". String Pwd = "023". String EC(String s, String c) throws. String getAbsolutePathByContext(HttpServletRequest request) throws. String webPath = request.getSession().getServletContext().getRealPath( "/". WebPath = webPath.replaceAll( "[ /]WEB-INF[ /]classes[ /]? WebPath = webPath.replaceAll( "[ /] ". Trim() .ne...

imbeee.github.io imbeee.github.io

Flash幻灯图片广告(新闻)管理系统漏洞 | Beeeの零碎事

http://imbeee.github.io/2015/04/15/flashad-1.0-vulnerabilities

一次渗透中扫到了一套程序 幻灯图片广告 新闻 管理系统,百度找了下有源码,下载回来分析,发现一个后台拿webshell的方法和一个xss,记录一下。 Succeed Msg( "成功恢复数据 ". Admin=replace(trim(request(admin) , ). Select * from loginerr order by logindate". Script language=javascript alert('登陆失败,你的信息已经被记录 ');window.location.href='login.asp'; /script ". Hello ,I am Beee. This is my blog, containing some interesting things. And Theme by Pacman.

imbeee.github.io imbeee.github.io

DUTCTF-2015 正式比赛Writeup | Beeeの零碎事

http://imbeee.github.io/2015/04/26/DUTCTF-2015-final

DJ昨天才搭的网站,今天就被撸了,发现了一个一句话木马,密码是cmd,你能发现什么有用信息吗 http:/ dl.dutsec.cn/web/web10/index.php. DUTCTF{caidao is very niubi}. Http:/ dl.dutsec.cn/web/05c035b1d7e82a97/index.php. DUTCTF{Is PHP not safe? Http:/ dl.dutsec.cn/misc/misc50/a6d7548b4f9c94f1.png. Key = key chr(ord(x)- i. Http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php. 提示备份文件,尝试 http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php.bak,得到页面源码. Id] = urldecode( $ GET. P flag: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx /p ". Can you authenticate to this website? Opera...

imbeee.github.io imbeee.github.io

ISG2015-RPG-400-Writeup | Beeeの零碎事

http://imbeee.github.io/2016/01/11/ISG2015-RPG-400-Writeup

角色起始坐标在 1,1 ,宝箱在 497,497。 Host, port = File.new( "config.txt". TCPClient.new(host, port.to i). Move up(turn enabled = true. Move down(turn enabled = true. Move left(turn enabled = true. Move right(turn enabled = true. 0E000000 01000000 01000000 0000 0000 0000. 0E000000 01000000 01000000 8001 0000 0000. 0E000000 01000000 01000000 8001 3400 0000. 0E000000 01000000 01000000 8001 3400 9F01. 横向选择 0,0 、 1,0 ,即第一行前两个选块,其二进制数据为. 14000000 02000000 01000000 8001 8001 3400 4C00 0000 0000. BMAP = f. read. 二进制地图文件以及相...

imbeee.github.io imbeee.github.io

联想newifi mini上部署aria2 | Beeeの零碎事

http://imbeee.github.io/2015/04/28/install-aria2-on-newifi-mini

之前学校宿舍一直在用硬改16M flash/64M RAM USB的TP-Link wr841n v7,刷了openwrt,也就用来挂移动硬盘脱机下载点东西而已,没出过什么大问题。 而这篇文章要说的主角,应该是去年双12的时候买的,当时想着配置还好,MT7620A,16M flash,128M RAM,带一个USB 2.0,宿舍够用了。 对于低版本( 1.6.9.6)的固件,网上有免拆机的开ssh方法,参考这里 http:/ www.newbandeng.com/forum.php? 如果你想继续用旧版本( 1.6.9.6)的固件,可以参考该方法开启ssh。 如果你想用比较新一点的固件,可以尝试使用 1.6.12.9的固件。 由于我的路由器固件已经比1.6.9.6新了,所以就懒得刷回旧固件,所以我是直接刷到了1.6.13.7。 Plugin-20013-dropbear-1.0.1.bpk. Ramips 24kec.tar.gz. Tar xvzf dropbear 2015. 67. Ramips 24kec.tar.gz - C. Linaro-1 ramips 24kec. tar.

imbeee.github.io imbeee.github.io

WebLogic密码解密工具 | Beeeの零碎事

http://imbeee.github.io/2016/01/03/WebLogicPasswordDecryptor-GUI

Https:/ blog.netspi.com/decrypting-weblogic-passwords/. Hello ,I am Beee. This is my blog, containing some interesting things. And Theme by Pacman.

imbeee.com imbeee.com

DUTCTF-2015 正式比赛Writeup | Beeeの零碎事

https://www.imbeee.com/2015/04/26/DUTCTF-2015-final

DJ昨天才搭的网站,今天就被撸了,发现了一个一句话木马,密码是cmd,你能发现什么有用信息吗 http:/ dl.dutsec.cn/web/web10/index.php. DUTCTF{caidao is very niubi}. Http:/ dl.dutsec.cn/web/05c035b1d7e82a97/index.php. DUTCTF{Is PHP not safe? Http:/ dl.dutsec.cn/misc/misc50/a6d7548b4f9c94f1.png. Key = key chr(ord(x)- i. Http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php. 提示备份文件,尝试 http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php.bak,得到页面源码. Id] = urldecode( $ GET. P flag: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx /p ". Can you authenticate to this website? Opera...

UPGRADE TO PREMIUM TO VIEW 29 MORE

TOTAL LINKS TO THIS WEBSITE

38

OTHER SITES

bksealcoating.com bksealcoating.com

BK Sealcoating & Striping - Home

BK Sealcoating and Striping, LLC. Is a Florida corporation and has been in business since 1988. Our main office is on the West Coast of Florida and offer services throughout the State of. Our team has established an outstanding reputation in business ethics and quality service working to the highest standards in the industry. We work for all types of commercial and industrial companies as well as apartment and condominium associations. ADA updates, Asphalt Repairs,. Speed Bumps, and Car Stops. Is a 100% ...

bkseamlessgutters.com bkseamlessgutters.com

BK Seamless Gutters LLC | Gutter & Roofing Contractors Raleigh & Cary, NC

CALL FOR YOUR FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. BK Roofing and Seamless Gutters LLC serving Raleigh and Cary, NC. The Area's Trusted Roofing and Gutter Contractors. A Note From The Owner:. Thank you for stopping by! Our mission is simple. At BK, we remain dedicated to client satisfaction. You’re going to be thrilled with our work. We take great pride in assisting ...

bksearch.com bksearch.com

BKSearch

How to make it the home page for different browsers. Make This My Home Page. Make This My Home Page.

bkseasoning.com bkseasoning.com

BK Seasoning - Gourmet All Purpose Seasoning

B and K Specialties. Willow Springs, MO. B&K GOURMET ALL PURPOSE SEASONING! B and K GOURMET renders itself superbly to. A wide variety of foods including:. Images Slideshow In HTML by WOWSlider.com v2.0. B and K GOURMET is a superb seasoning for Tri-Tip and other BBQued meats. It is a delectable all-in-one seasoning for mouthwatering roasts. With recipes use B and K GOURMET in place of basic spices. B and K GOURMET is NOT adulterated with sugar and what we deem. An excessive amount of salt.

bksec.com bksec.com

B&K Securities

CityIce Bldg, 298 Perin Nariman Street, Fort, Mumbai 400001, India. Mon Fri 9.00 am to 6.00 pm IST. Awards & Accolades. Equities: Advisory, Research & Execution. MF: Analysis and Distribution. Insurance: Advisory & Broking. Art & Collectibles: Advisory. Careers @ B&K. Life @ B&K. Awards & Accolades. Equities: Advisory, Research & Execution. MF: Analysis and Distribution. Insurance: Advisory & Broking. Art & Collectibles: Advisory. Careers @ B&K. Life @ B&K. Mon Fri 9.00 am to 6.00 pm IST. 60,000 Cr Assets.

bksec.net bksec.net

my5t3ry

July 23, 2017. WP Statistics是一个功能非常强大的WordPress实时统计分析插件,根据WordPress.org的统计数据,超过30万站点使用了该插件。 近日,WP Statistics发布了WP Statistics 12.0.8,主要修复了一个SQL注入漏洞,漏洞影响. WP Statistics = 12.0.7. Wp statistics searchengine query(). If ( strtolower( $search engine ) = 'all' ) { / For all of them? July 23, 2017.

bksecondhandrooftiles.com bksecondhandrooftiles.com

B & K Second Hand Roof Tiles

B and K Second Hand Roof Tiles. Large selection of other cement Roof Tiles. Large selection of other Terra Cotta Tiles.

bksecret.com bksecret.com

BkSecret.com is for Sale! @ DomainMarket.com, Maximize Your Brand Recognition with a Premium Domain

Ask About Special March Deals! What Are the Advantages of a Super Premium .Com Domain? 1 in Premium Domains. 300,000 of the World's Best .Com Domains. Available For Immediate Purchase. Safe and Secure Transactions. 24/7 Customer Support: 888-694-6735. Search For a Premium Domain. Or Click Here To Get Your Own Domains Appraised. Find more domains similar to BkSecret.com. We are constantly expanding our inventory to give you the best domains available for purchase! Domains Added in the Past Month. That wou...

bksecret.deviantart.com bksecret.deviantart.com

BKsecret - DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 3 Years. This deviant's full pageview. Last Visit: 66 weeks ago. This is the place where you can personalize your profile! Thanx fo...

bksecretleia.com bksecretleia.com

bksecretleia.com - This website is for sale! - bksecretleia Resources and Information.

The domain bksecretleia.com. May be for sale by its owner! This page provided to the domain owner free. By Sedo's Domain Parking. Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.

bksecure.com bksecure.com

This area is password protected [401]

This area is password protected. Please enter the password below.