1. XSS and HTMl injection Principle: Use some script scripts and html tags to inject into the system, and then invade. For example: <img onerror=”alert(1)” src=”aaa” /> <p><img src=1 onerror=alert(“xss”) /></p> <p><a href=”http://www.baidu.com:”>aaa</a></p> Processing method: 1. To escape, you can use the StringEscapeUtils.escapeHtml method in the Apache package to escape the string. s= StringEscapeUtils.escapeHtml4(s) 2. […]
Tag: unauthorized
Docker remote API unauthorized and Tenable scanning test
1. What is Docker API Docker API is a way to access Docker resources. All three types of Docker API use REST (reoresentational state transfer). What is presentation layer state transformation? (1) Presentation layer: refers to a form of expressing resources. A text, a picture, a movie, and a service are all resources on the […]
Analysis of Jenkins unauthorized access CVE-2017-100035323 from the code level
The first is the deployment of the Jenkins environment (it’s all rubbish, so I won’t write too much about it) wget https://repo.huaweicloud.com/jenkins/redhat-stable/jenkins-2.190.3-1.1.noarch.rpm rpm -ivh jenkins-2.190.3-1.1.noarch.rpm Start the jenkins service systemctl start jenkins View jenkins status systemctl status jenkins Remember to turn off the firewall View password Insert image description here CVE-2017-1000353 (Jenkins remote code execution […]
Analysis of Jenkins unauthorized access CVE-2017-100035333 from the code level
The first is the deployment of the Jenkins environment (it’s all rubbish, so I won’t write too much about it) wget https://repo.huaweicloud.com/jenkins/redhat-stable/jenkins-2.190.3-1.1.noarch.rpm rpm -ivh jenkins-2.190.3-1.1.noarch.rpm Start the jenkins service systemctl start jenkins View jenkins status systemctl status jenkins Remember to turn off the firewall View password Insert image description here CVE-2017-1000353 (Jenkins remote code execution […]
Redis unauthorized access vulnerability
0x01 What is Redis? Redis is an open source log-type Key-Value database written in ANSI C language, supports network, can be memory-based and persistent, and provides APIs in multiple languages. Since March 15, 2010, the development of Redis has been hosted by VMware. Since May 2013, the development of Redis has been sponsored by Pivotal. […]
Analysis of Jenkins unauthorized access CVE-2017-1000353 from the code level
The first is the deployment of the Jenkins environment (it’s all rubbish, so I won’t write too much about it) wget https://repo.huaweicloud.com/jenkins/redhat-stable/jenkins-2.190.3-1.1.noarch.rpm rpm -ivh jenkins-2.190.3-1.1.noarch.rpm Start the jenkins service systemctl start jenkins View jenkins status systemctl status jenkins Remember to turn off the firewall View password Insert image description here CVE-2017-1000353 (Jenkins remote code execution […]
Unauthorized_client error login error handling in eShopOnContainer
After getting the eShopOnContainer environment ready and running, unfortunately, I encountered an error that prevented me from logging in. From the error message, you can see the contents of unauthorized_client. Why is this? From the eShopOnContainers Wiki, you can see this article: unauthorized_client error on Login Here are several reasons for this problem. One of […]
Vulnerability Recurrence: Unauthorized Access to Redis
Table of Contents Introduction to Redis Introduction to Redis commands Vulnerability principle Reproduction process Environment setup Install redis server on target machine Download redis-4.0.10 Unzip compile Turn off firewall Start service Turn off remote login protection Install the redis client (redis cli) on the attack machine Download redis-4.0.10 Unzip compile Test whether redis cli is […]
Analysis of Jenkins unauthorized access CVE-2017-1000353 from the code level
The first is the deployment of the Jenkins environment (it’s all rubbish, so I won’t write too much about it) wget https://repo.huaweicloud.com/jenkins/redhat-stable/jenkins-2.190.3-1.1.noarch.rpm rpm -ivh jenkins-2.190.3-1.1.noarch.rpm Start the jenkins service systemctl start jenkins View jenkins status systemctl status jenkins Remember to turn off the firewall View password Insert image description here CVE-2017-1000353 (Jenkins remote code execution […]
A brief discussion on redis unauthorized vulnerability
redis unauthorized vulnerability Conditions of use For higher versions of redis, you need to modify the redis configuration file, remove the # comment in front of bind, and change the protected-mode to no. Write to webshell config get dir #View redis database path config set dir web path# #Modify target machine Redis database path config […]