
BKSEC.NET
my5t3ry记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。
http://www.bksec.net/
记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。
http://www.bksec.net/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Thursday
LOAD TIME
4.4 seconds
16x16
32x32
64x64
128x128
160x160
192x192
Hu Jie
Hu Jie
Pan●●● qu
Gua●●●hou , Guangdong, 510000
China
View this contact
Hu Jie
Hu Jie
Pan●●● qu
Gua●●●hou , Guangdong, 510000
China
View this contact
Hu Jie
Hu Jie
Pan●●● qu
Gua●●●hou , Guangdong, 510000
China
View this contact
15
YEARS
5
MONTHS
12
DAYS
XIN NET TECHNOLOGY CORPORATION
WHOIS : whois.paycenter.com.cn
REFERRED : http://www.xinnet.com
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
38
SITE IP
103.238.225.177
LOAD TIME
4.352 sec
SCORE
6.2
my5t3ry | bksec.net Reviews
https://bksec.net
记录分享生活点滴,中间很长一段时间用为知笔记,blog也挂了好久了。。
php 反射实例应用-快速定位函数或类所在的位置 - my5t3ry's blog
https://www.bksec.net/archives/PHP-Reflection.html
在 zend studio 这样的 IDE 中自是可以自动提示到,但当没有安装这样的开发工具时,可以用下面的代码. Php function custom() class custom{ public function index() } print r(get define position('custom') ; /* * / * @param string $name 函数名或者类名 * @return array */ function get define position($name){ $info = array(); if(class exists($name) { $ob = new ReflectionClass($name); $info['class '.$name]= array('file'= $ob- getFileName(),'line'= $ob- getStartLine() ; } if(function exists($name) { $ob = new ReflectionFunction($name); $info['function '.$...
my5t3ry's blog
https://www.bksec.net/page/1
文/meao 昨天在检测一个外国PHP网站时 在id=255后加’出现forbidden 于是我and 1=1正常 and 1=2出错 说明肯定有注入 接着我order by猜出字段 然后union select 1,2,3,4 / 悲剧的又出现了forbidden 肯定是做了过滤了 后来构造了语句id=-255 union /*! Select*/ 1,2,3,4. 文/xuser 一般注入多用于在mssql和mysql两类数据库中,如mssql asp、 mysql php则是最为常见的搭配环境。 关于PostgreSQL PostgreSQL是一种特性非常齐全的自由软件的对象-关系型数据库管理系统 ORDBMS ,可以说是目前世界上最先进,功能最强大的自由数据库管理系统。 解决VMWare的VMware USB Arbitration Service服务与索爱驱动冲突的问题. 原创 解决VMWare的VMware USB Arbitration Service服务与索爱手机驱动冲突的问题 收藏 现象 VMWare内不能识别USB设备。 如 Router(Config)#Access-list 1 ...
my5t3ry's blog
https://www.bksec.net/page/4
这个漏洞是上次那个代码执行漏洞的再次利用 /include/dedesql.class.php. 当查找支持IPSec的设备时,你要寻找主机上开放的UDP 500或4500端口以及对49号 认证头 或50号 安全载荷封装 协议的支持。 不过,正如你可能知道的那样,UDP端口扫描不如你希望的那样可靠,ICMP type 3 code 2通常会被中间路由器阻塞。 Author:jackal member guestbook action.php $title = cn substr(html2text($title),60); $msg = cn substr(stripslashes($msg),2048); if($cfg ml- M UserName! Cfg ml- M ID! Uidnum) $gid = $cfg ml- M UserName; else $gid = ' ; $inquery = " INSER. DEDECMS v5.5 GBK Final 的一个鸡肋漏洞. Sablog-X 2.0 后台管理权限欺骗漏洞. Cityid=2&m=1" -v 1 - sql-shell / 执...
my5t3ry's blog
https://www.bksec.net/page/2
Methods of quick exploitation of blind SQL Injection. Http:/ www.packetstormsecurity.org/papers/database/PT-devteev-FAST-blind-SQL-Injection.txt. Dvbbs php 2.0 几处0day. By:T00ls 核心成员 Xhm1n9 2010.8.19 1,joinvipgroup.php / 注入 function up vipuser(){ global $lang,$db,$dv,$userid,$userinfo,$vipgroupuser; $groupid=$ POST['vipgroupid']; $btype=$ POST['Btype']; $vipmoney=$ POST['vipmoney']; $vipticket=$ POST['vipticket']; if($groupid= 0 or $vipmoney 0 or $. Dedecms = V5.6 Final模板执行漏洞. My5t3ry 网上转的,记录一下 serialize(...
my5t3ry 发布的文章 - my5t3ry's blog
https://www.bksec.net/author/1
文/meao 昨天在检测一个外国PHP网站时 在id=255后加’出现forbidden 于是我and 1=1正常 and 1=2出错 说明肯定有注入 接着我order by猜出字段 然后union select 1,2,3,4 / 悲剧的又出现了forbidden 肯定是做了过滤了 后来构造了语句id=-255 union /*! Select*/ 1,2,3,4. 文/xuser 一般注入多用于在mssql和mysql两类数据库中,如mssql asp、 mysql php则是最为常见的搭配环境。 关于PostgreSQL PostgreSQL是一种特性非常齐全的自由软件的对象-关系型数据库管理系统 ORDBMS ,可以说是目前世界上最先进,功能最强大的自由数据库管理系统。 解决VMWare的VMware USB Arbitration Service服务与索爱驱动冲突的问题. 原创 解决VMWare的VMware USB Arbitration Service服务与索爱手机驱动冲突的问题 收藏 现象 VMWare内不能识别USB设备。 如 Router(Config)#Access-list 1 ...
TOTAL PAGES IN THIS WEBSITE
19
ALICTF 2015 初赛Writeup | Beeeの零碎事
http://imbeee.github.io/2015/03/30/ALICTF-2015-Writeup
Check()方法中定义了一个长度为16的字符串,将字符串的第i与 bobdylan 的第 i % 8位进行异或,即得key。 初步测试了一下,过了. ‘()=等,而且题目指定用chrome测试,遂先后尝试了HTML imports,. 089d9b2b0de6a319.alictf.com/xss.php? Name= svg script %26. D9b2b0de6a319.alictf.com/zhedaotimu tebiemeiyouyingyang.php? 相关资料 http:/ segmentfault.com/q/1010000002391106. 该题目为一个swf文件,用 http:/ www.showmycode.com/. Local1:* = root.loaderInfo.parameters;. Local2:* = root.loaderInfo.url.indexOf( "? ParseStr(root.loaderInfo.url.substr( local2 1. ExternalInterface.call( "console.debug". SELECT *...
DUTCTF热身赛Writeup | Beeeの零碎事
http://imbeee.github.io/2015/04/15/dutctf-writeup
A href=cc5daf26edcf4540ef4306619d42ee4c/56b0edd36cdb68dd183db2a2eae47dd2.php /a. 于是访问 http:/ challenge.dutsec.cn/cc5daf26edcf4540ef4306619d42ee4c/56b0edd36cdb68dd183db2a2eae47dd2.php. Location.href= "4b7be5a6ec9cd077e1ac96bbae61c4e2/e254591688c224aca386ae1a5fd9b8af.php". 于是直接访问 http:/ challenge.dutsec.cn/4b7be5a6ec9cd077e1ac96bbae61c4e2/e254591688c224aca386ae1a5fd9b8af.php. 先尝试访问 http:/ blog.dutsec.cn. 得到一个个人网站,再尝试访问blog二级域名 http:/ blog.ikow.cn. Id=7 and 1=1 / 正常. Id=7 and 1=2 / 不正常. Hello ,I am Beee.
某些情况下WebLogic可用的菜刀 | Beeeの零碎事
http://imbeee.github.io/2016/01/03/WebLogic-caidao-fixed
String s=request.getSession().getServletContext().getRealPath(/);. 在weblogic 11g上 this.getServletContext().getRealPath( / )为null的原因及解决方法. Javaio.*,java.util.*,java.net.*,java.sql.*,java.text.*". String Pwd = "023". String EC(String s, String c) throws. String getAbsolutePathByContext(HttpServletRequest request) throws. String webPath = request.getSession().getServletContext().getRealPath( "/". WebPath = webPath.replaceAll( "[ /]WEB-INF[ /]classes[ /]? WebPath = webPath.replaceAll( "[ /] ". Trim() .ne...
Flash幻灯图片广告(新闻)管理系统漏洞 | Beeeの零碎事
http://imbeee.github.io/2015/04/15/flashad-1.0-vulnerabilities
一次渗透中扫到了一套程序 幻灯图片广告 新闻 管理系统,百度找了下有源码,下载回来分析,发现一个后台拿webshell的方法和一个xss,记录一下。 Succeed Msg( "成功恢复数据 ". Admin=replace(trim(request(admin) , ). Select * from loginerr order by logindate". Script language=javascript alert('登陆失败,你的信息已经被记录 ');window.location.href='login.asp'; /script ". Hello ,I am Beee. This is my blog, containing some interesting things. And Theme by Pacman.
DUTCTF-2015 正式比赛Writeup | Beeeの零碎事
http://imbeee.github.io/2015/04/26/DUTCTF-2015-final
DJ昨天才搭的网站,今天就被撸了,发现了一个一句话木马,密码是cmd,你能发现什么有用信息吗 http:/ dl.dutsec.cn/web/web10/index.php. DUTCTF{caidao is very niubi}. Http:/ dl.dutsec.cn/web/05c035b1d7e82a97/index.php. DUTCTF{Is PHP not safe? Http:/ dl.dutsec.cn/misc/misc50/a6d7548b4f9c94f1.png. Key = key chr(ord(x)- i. Http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php. 提示备份文件,尝试 http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php.bak,得到页面源码. Id] = urldecode( $ GET. P flag: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx /p ". Can you authenticate to this website? Opera...
ISG2015-RPG-400-Writeup | Beeeの零碎事
http://imbeee.github.io/2016/01/11/ISG2015-RPG-400-Writeup
角色起始坐标在 1,1 ,宝箱在 497,497。 Host, port = File.new( "config.txt". TCPClient.new(host, port.to i). Move up(turn enabled = true. Move down(turn enabled = true. Move left(turn enabled = true. Move right(turn enabled = true. 0E000000 01000000 01000000 0000 0000 0000. 0E000000 01000000 01000000 8001 0000 0000. 0E000000 01000000 01000000 8001 3400 0000. 0E000000 01000000 01000000 8001 3400 9F01. 横向选择 0,0 、 1,0 ,即第一行前两个选块,其二进制数据为. 14000000 02000000 01000000 8001 8001 3400 4C00 0000 0000. BMAP = f. read. 二进制地图文件以及相...
联想newifi mini上部署aria2 | Beeeの零碎事
http://imbeee.github.io/2015/04/28/install-aria2-on-newifi-mini
之前学校宿舍一直在用硬改16M flash/64M RAM USB的TP-Link wr841n v7,刷了openwrt,也就用来挂移动硬盘脱机下载点东西而已,没出过什么大问题。 而这篇文章要说的主角,应该是去年双12的时候买的,当时想着配置还好,MT7620A,16M flash,128M RAM,带一个USB 2.0,宿舍够用了。 对于低版本( 1.6.9.6)的固件,网上有免拆机的开ssh方法,参考这里 http:/ www.newbandeng.com/forum.php? 如果你想继续用旧版本( 1.6.9.6)的固件,可以参考该方法开启ssh。 如果你想用比较新一点的固件,可以尝试使用 1.6.12.9的固件。 由于我的路由器固件已经比1.6.9.6新了,所以就懒得刷回旧固件,所以我是直接刷到了1.6.13.7。 Plugin-20013-dropbear-1.0.1.bpk. Ramips 24kec.tar.gz. Tar xvzf dropbear 2015. 67. Ramips 24kec.tar.gz - C. Linaro-1 ramips 24kec. tar.
WebLogic密码解密工具 | Beeeの零碎事
http://imbeee.github.io/2016/01/03/WebLogicPasswordDecryptor-GUI
Https:/ blog.netspi.com/decrypting-weblogic-passwords/. Hello ,I am Beee. This is my blog, containing some interesting things. And Theme by Pacman.
DUTCTF-2015 正式比赛Writeup | Beeeの零碎事
https://www.imbeee.com/2015/04/26/DUTCTF-2015-final
DJ昨天才搭的网站,今天就被撸了,发现了一个一句话木马,密码是cmd,你能发现什么有用信息吗 http:/ dl.dutsec.cn/web/web10/index.php. DUTCTF{caidao is very niubi}. Http:/ dl.dutsec.cn/web/05c035b1d7e82a97/index.php. DUTCTF{Is PHP not safe? Http:/ dl.dutsec.cn/misc/misc50/a6d7548b4f9c94f1.png. Key = key chr(ord(x)- i. Http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php. 提示备份文件,尝试 http:/ dl.dutsec.cn/web/c66ba13ab15ac925/index.php.bak,得到页面源码. Id] = urldecode( $ GET. P flag: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx /p ". Can you authenticate to this website? Opera...
TOTAL LINKS TO THIS WEBSITE
38
BK Sealcoating & Striping - Home
BK Sealcoating and Striping, LLC. Is a Florida corporation and has been in business since 1988. Our main office is on the West Coast of Florida and offer services throughout the State of. Our team has established an outstanding reputation in business ethics and quality service working to the highest standards in the industry. We work for all types of commercial and industrial companies as well as apartment and condominium associations. ADA updates, Asphalt Repairs,. Speed Bumps, and Car Stops. Is a 100% ...
BK Seamless Gutters LLC | Gutter & Roofing Contractors Raleigh & Cary, NC
CALL FOR YOUR FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. Our Customers Are Our Neighbors. GET A FREE ESTIMATE. BK Roofing and Seamless Gutters LLC serving Raleigh and Cary, NC. The Area's Trusted Roofing and Gutter Contractors. A Note From The Owner:. Thank you for stopping by! Our mission is simple. At BK, we remain dedicated to client satisfaction. You’re going to be thrilled with our work. We take great pride in assisting ...
BKSearch
How to make it the home page for different browsers. Make This My Home Page. Make This My Home Page.
BK Seasoning - Gourmet All Purpose Seasoning
B and K Specialties. Willow Springs, MO. B&K GOURMET ALL PURPOSE SEASONING! B and K GOURMET renders itself superbly to. A wide variety of foods including:. Images Slideshow In HTML by WOWSlider.com v2.0. B and K GOURMET is a superb seasoning for Tri-Tip and other BBQued meats. It is a delectable all-in-one seasoning for mouthwatering roasts. With recipes use B and K GOURMET in place of basic spices. B and K GOURMET is NOT adulterated with sugar and what we deem. An excessive amount of salt.
B&K Securities
CityIce Bldg, 298 Perin Nariman Street, Fort, Mumbai 400001, India. Mon Fri 9.00 am to 6.00 pm IST. Awards & Accolades. Equities: Advisory, Research & Execution. MF: Analysis and Distribution. Insurance: Advisory & Broking. Art & Collectibles: Advisory. Careers @ B&K. Life @ B&K. Awards & Accolades. Equities: Advisory, Research & Execution. MF: Analysis and Distribution. Insurance: Advisory & Broking. Art & Collectibles: Advisory. Careers @ B&K. Life @ B&K. Mon Fri 9.00 am to 6.00 pm IST. 60,000 Cr Assets.
my5t3ry
July 23, 2017. WP Statistics是一个功能非常强大的WordPress实时统计分析插件,根据WordPress.org的统计数据,超过30万站点使用了该插件。 近日,WP Statistics发布了WP Statistics 12.0.8,主要修复了一个SQL注入漏洞,漏洞影响. WP Statistics = 12.0.7. Wp statistics searchengine query(). If ( strtolower( $search engine ) = 'all' ) { / For all of them? July 23, 2017.
B & K Second Hand Roof Tiles
B and K Second Hand Roof Tiles. Large selection of other cement Roof Tiles. Large selection of other Terra Cotta Tiles.
BkSecret.com is for Sale! @ DomainMarket.com, Maximize Your Brand Recognition with a Premium Domain
Ask About Special March Deals! What Are the Advantages of a Super Premium .Com Domain? 1 in Premium Domains. 300,000 of the World's Best .Com Domains. Available For Immediate Purchase. Safe and Secure Transactions. 24/7 Customer Support: 888-694-6735. Search For a Premium Domain. Or Click Here To Get Your Own Domains Appraised. Find more domains similar to BkSecret.com. We are constantly expanding our inventory to give you the best domains available for purchase! Domains Added in the Past Month. That wou...
BKsecret - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 3 Years. This deviant's full pageview. Last Visit: 66 weeks ago. This is the place where you can personalize your profile! Thanx fo...
bksecretleia.com - This website is for sale! - bksecretleia Resources and Information.
The domain bksecretleia.com. May be for sale by its owner! This page provided to the domain owner free. By Sedo's Domain Parking. Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.
This area is password protected [401]
This area is password protected. Please enter the password below.