对某款国家级内容过滤系统Dos安全缺陷分析

日期: 2010/01/07 分类: 技术杂文 标签: , 添加回复

Author: jianxin [80sec]
EMail: jianxin#80sec.com
Site: http://www.80sec.com
Date: 2009-1-2
From: http://www.80sec.com/release/dos-with-XXX.txt

[ 目录 ]

0×00 前言
0×01 know it,了解这款内容过滤系统
0×02 Hack it,对防火墙类ids的一些安全研究
0×03 后话

阅读全文

Core FTP Server 1.0 Build 319 Denial of Service

日期: 2009/12/05 分类: 技术杂文 标签: , 添加回复

FROM:exploit-db

# Title: Core FTP Server 1.0 Build 319 Denial of Service
# EDB-ID: 10303
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Mert SARICA
# Published: 2009-12-04
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send “USER test\r\n” and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.

阅读全文

Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service

日期: 2009/09/05 分类: 技术杂文 标签: , , , 添加回复 
***** MS IIS FTPD DoS ZER0DAY *****

There is a DoS vulnerability in the globbing functionality of IIS FTPD.
Anonymous users can exploit this if they have read access to a directory!!!
Normal users can exploit this too if they can read a directory.

Example session where the anonymous user has read access to the folder "pub":

C:\Users\Nikolaos>ftp 192.168.2.102
Verbindung mit 192.168.2.102 wurde hergestellt. 

阅读全文

server limit dos利用随想

日期: 2009/04/22 分类: 技术杂文 标签: , , 添加回复

From:空虚浪子

看了墨西哥同学(其实看不懂,刺帮忙翻译的)和刺的文章,不过我们主要关心该技术的利用。

sirdarckcat说,HTTP头的长度,在APACHEweb服务器是有一定的要求的,如果超出一定长度,会产生服务器错误。HTTP头里面,有cookie,有location,有host。。。如果我们可以控制其中一个(例如cookie),给用户植入大长度的cookie,就会出现用户访问该域下所有的请求,都带上大长度cookie,导致用户不管访问域名下的哪个文件,都会产生服务器错误,造成客户端无法访问

HTTP头有很多字段,为什么非要提COOKIE插入大字段呢?

阅读全文