current location:Home > Technical Articles > Operation and Maintenance > Safety

  • How to analyze the latest RCE vulnerability in Apache Solr
    How to analyze the latest RCE vulnerability in Apache Solr
    Introduction: The RCE0day vulnerability was discovered in ApacheSolr (the vulnerability number is not given). Here we simply reproduce the object and analyze the entire RCE process for your reference. Vulnerability recurrence and recurrence version: 8.1.1 To implement RCE, two steps are required. First, confirm that the application has enabled a certain core (can be viewed in CoreAdmin). In the instance, the application has enabled mycore, and then first send the following to its config interface. json data, {"update-queryresponsewriter":{"startup":"lazy",&quot
    Safety 1541 2023-05-25 18:58:30
  • Example Analysis of Wireless Network Security in Big Data
    Example Analysis of Wireless Network Security in Big Data
    There are many important IT resources within the enterprise network, such as OA servers, ERP servers, etc. Once these business hosts stop working or are attacked, they will directly affect the normal operation of the business and cause heavy losses. In the case of wired networks, security is relatively reliable. At this stage, most companies provide wireless Internet access; as long as the client knows the wireless password, it can access the company's LAN, causing security risks. The key point is that your wireless password is not secure: software such as aircrack can brute force the wireless password. Once an employee installs software such as a wifi key, your wireless connection is public. The way guest and office networks are separated does not prevent guests from connecting to the office network.
    Safety 1222 2023-05-25 17:46:25
  • How to configure and verify network equipment Telnet
    How to configure and verify network equipment Telnet
    In normal work and maintenance, we often use common remote connection methods such as Telnet or SSL. Today I want to write about the configuration and verification of Telnet. First of all, we need to understand what Telnet is. Telnet is a way to access devices remotely through an IP network. It has three verification methods: no password verification, password verification, local username and password verification. Its port is TCP/23 port. Next we configure Telnet: The network topology is as shown in the figure below. 1. First set the IP address of the PC to 192.168.100.1/24, as shown in the figure below. 2. Configure the IP address of the port connected to the network on the router [RT1]intg0
    Safety 3318 2023-05-25 16:58:21
  • Example analysis of Samba security vulnerabilities
    Example analysis of Samba security vulnerabilities
    Today, Samba reported another major vulnerability. The vulnerability is currently numbered CVE-2015-0240. An uninitialized pointer in the Samba daemon smbd can be exploited remotely. She can allow a malicious Samba client to send a specific netlogon packet to thereby Obtain the permission to run smbd, and the default permission of smbd is still the root super administrator. This vulnerability affects Samba3.5 and higher versions. Most current GNU/Linux distributions will be affected. The vulnerability analysis report of RedHatSecurityTeam has been released. The current solution to temporarily reduce the risk: add: r in /etc/samba/smb.conf
    Safety 994 2023-05-25 16:40:06
  • How are websites hijacked?
    How are websites hijacked?
    Network security is becoming increasingly severe. Webmaster friends have more or less encountered the experience of being hacked and hijacked. For friends who are honest and conscientious about their website, they have finally made some achievements, but they will be hijacked. It’s back to before liberation. In this issue, let’s discuss what are the common ways for websites to be hacked and hijacked? How to prevent and repair these risks? Turn on iis7 website monitoring to detect whether the website has been hijacked, DNS pollution, and whether the website has been hacked. , being attacked, having the title changed, and being linked to black links are also directions that we need to check. 1. Traffic hijacking 1.1 Whole site redirection This type of hijacking is relatively direct and easy to detect. Usually, this type of hijacker will achieve full success by loading js into the page or implanting code into the web server.
    Safety 1862 2023-05-25 14:57:26
  • How to display URL after link using CSS
    How to display URL after link using CSS
    Use CSS to display the URL after the link:after{content:"("attr(href)")";} What is cssscss is a computer language used to express file styles such as HTML or XML, mainly used to design web pages Style to make the web page more beautifying. It is also a language for defining style structures such as fonts, colors, positions, etc., and CSS styles can be stored directly in HTML web pages or separate style files, and the priority of style rules is determined by CSS based on this hierarchical structure, thus achieving Cascading effect, developed to this day, CSS can not only decorate web pages, but also format web pages with various scripts.
    Safety 1103 2023-05-25 12:25:21
  • How to set up mesh networking
    How to set up mesh networking
    Method for mesh networking settings 1. Turn on the mesh network device. 2. Click "Add" above. 3. Wait for the system to search by itself. 4. Select the mesh node routing, and then select the location you want to place it. 5. Just wait for the system to operate on its own.
    Safety 5165 2023-05-25 11:49:05
  • Example analysis of web file upload vulnerabilities
    Example analysis of web file upload vulnerabilities
    File upload function module The file upload function is an essential function for most WEB applications. Websites allow users to upload their own avatars, some social networking sites allow users to upload photos, some service websites require users to upload electronic files of supporting materials, and e-commerce websites Allow users to upload pictures to display product conditions, etc. However, the seemingly inconspicuous file upload function can pose huge security risks if security protection measures are not taken. Principle of the file upload vulnerability: When a user uploads a file in the file upload function module, if the WEB application does not effectively verify the security of the file during the file upload process, the attacker can attack the server by uploading malicious files such as WEBshell. Attack, in this case it is believed that the system has a file upload vulnerability.
    Safety 1443 2023-05-25 10:49:37
  • How to perform ipsec instructions and tunnel case analysis
    How to perform ipsec instructions and tunnel case analysis
    1. Introduction to IPSEC IPSec includes security protocol (SecurityProtocol) and key exchange protocol (IKE). It was developed by IETF (Internet Engineering Task Force) and can provide access control, connectionless integrity, and data source for both communicating parties. A general term for a series of network security protocols that provide services such as authentication, anti-replay, encryption, and data flow classification and encryption. The security protocols include AH (Header Authentication Protocol) and ESP (Security Encapsulation Payload); and IKE is a network security protocol based on ISAKMP. (InternetSecurityAssociationandKeyMana
    Safety 1034 2023-05-25 09:50:40
  • How to do URL filtering
    How to do URL filtering
    URL filtering 1 creates a class-map (class map) to identify transmission traffic. First, the network segment of the intranet. Second, define a regular expression to determine the (domain name) keyword contained in the URL. Third, check the IP message header to see if it is http traffic. 2 Create a policy-map (policy map) and associate class- map either allows the connection or drops the connection. Usually the policy is applied to the inside (inbound) interface. Only one policy map can be applied to an interface. 3. Apply class-map to the interface. -------------------------------------------------- ------------------
    Safety 2083 2023-05-25 08:55:05
  • How to reasonably use DNSLOG to conduct echo-free security testing
    How to reasonably use DNSLOG to conduct echo-free security testing
    When actually testing the security issues of some websites, there is no response after execution of some test commands. We can write scripts to perform blind injection, but some websites will block our IP address, so we can set up an IP proxy Pool solution, but blind injection is often very inefficient, so DNSlog injection is produced. Before using dnslog, we need to understand the backtick symbol: Symbol: `Name: backtick, upper delimiter position: backtick, this character is generally in the upper left corner of the keyboard, to the left of the number 1, do not confuse it with single quotes Function: The string enclosed in backticks is interpreted by the shell as a command line. When executed, the shell first executes the command line and replaces the entire backticks with its standard output result.
    Safety 1902 2023-05-25 08:04:29
  • How to get started quickly with Nmap
    How to get started quickly with Nmap
    1. Install https://nmap.org/ without going into too much detail. 2. Target machine construction. The target machine used in this article is OWASPBrokenWebApplicationsProject https://sourceforge.net/projects/owaspbwa/ Target machine address 1: 192.168.154.128 target machine address 2: 192.168.3.73. Command line C:\Users\Torjan>nmap--helpNmap7.80(https://nmap.org)Usage:nmap[ScanType(s)][Options]{tar
    Safety 1185 2023-05-24 23:37:14
  • Example analysis of discovering Google Cloud Platform vulnerabilities and receiving bounty
    Example analysis of discovering Google Cloud Platform vulnerabilities and receiving bounty
    The following tells the story of a 17-year-old Uruguayan high school student who was interested in information security. Through study and research, he independently discovered a vulnerability in the Google Cloud Platform and received $7,500 (previously, he had discovered a Google host header leak vulnerability worth $10,000). Before talking about the specific details of this vulnerability, I hope readers have some understanding of Google Cloud services and API mechanisms, and can first familiarize themselves with several related concepts. Leading Concept Google runs a management service called Google Service Management, through which Google manages the internal and external interfaces of various application Google systems and cloud services created by users. Under GoogleServiceManagement, users can
    Safety 1124 2023-05-24 22:07:40
  • What are the steps for computer network troubleshooting?
    What are the steps for computer network troubleshooting?
    (1.) Ping127.0.0.1 (If it fails, it means there is a hardware problem. Check whether the network card is installed correctly.) (2.) Ping your local IP (If it fails, it means that TCP/IP is not set correctly. Check if the IP The settings are correct, and confirm that they are not blocked by the firewall) (3) Ping gateway (number) (unavailable, indicating that the main import and export routers in the network environment are faulty or have incorrect settings, causing packets to be unable to enter and exit, and thus unable to connect to other servers) ) (4) Ping the gateway (domain name) (cannot work, it may be a DNS problem) (5) Ping the other party’s IP or website (cannot work, it means there is a problem with the other party’s network server, it may be temporarily shut down or the server is faulty, the reason for the failure is with you irrelevant)
    Safety 1104 2023-05-24 21:46:04
  • How to build SOAR
    How to build SOAR
    Companies considering purchasing a security orchestration, automation, and response (SOAR) solution often worry that their existing incident response programs are not yet mature enough to implement a comprehensive platform with automation and orchestration capabilities. Starting from scratch can seem overwhelming when you have almost no foundation, especially if no one on the team has experience with incident response or security orchestration solutions. Although no one wants to just add automation to an inefficient process, it is obviously unscientific to further consolidate this old way of handling security incidents if the old method itself is no longer good enough. If you want to improve your company's security operations but don't know where to start, the following steps may help you prepare to move to a SOAR platform. 1. Take stock of the current operating conditions and think that you do not
    Safety 959 2023-05-24 20:06:17

Tool Recommendations

jQuery enterprise message form contact code

jQuery enterprise message form contact code is a simple and practical enterprise message form and contact us introduction page code.
form button
2024-02-29

HTML5 MP3 music box playback effects

HTML5 MP3 music box playback special effect is an mp3 music player based on HTML5 css3 to create cute music box emoticons and click the switch button.

HTML5 cool particle animation navigation menu special effects

HTML5 cool particle animation navigation menu special effect is a special effect that changes color when the navigation menu is hovered by the mouse.
Menu navigation
2024-02-29

jQuery visual form drag and drop editing code

jQuery visual form drag and drop editing code is a visual form based on jQuery and bootstrap framework.
form button
2024-02-29

Organic fruit and vegetable supplier web template Bootstrap5

An organic fruit and vegetable supplier web template-Bootstrap5
Bootstrap template
2023-02-03

Bootstrap3 multifunctional data information background management responsive web page template-Novus

Bootstrap3 multifunctional data information background management responsive web page template-Novus
backend template
2023-02-02

Real estate resource service platform web page template Bootstrap5

Real estate resource service platform web page template Bootstrap5
Bootstrap template
2023-02-02

Simple resume information web template Bootstrap4

Simple resume information web template Bootstrap4
Bootstrap template
2023-02-02

Cute summer elements vector material (EPS PNG)

This is a cute summer element vector material, including the sun, sun hat, coconut tree, bikini, airplane, watermelon, ice cream, ice cream, cold drink, swimming ring, flip-flops, pineapple, conch, shell, starfish, crab, Lemons, sunscreen, sunglasses, etc., the materials are provided in EPS and PNG formats, including JPG previews.
PNG material
2024-05-09

Four red 2023 graduation badges vector material (AI EPS PNG)

This is a red 2023 graduation badge vector material, four in total, available in AI, EPS and PNG formats, including JPG preview.
PNG material
2024-02-29

Singing bird and cart filled with flowers design spring banner vector material (AI EPS)

This is a spring banner vector material designed with singing birds and a cart full of flowers. It is available in AI and EPS formats, including JPG preview.
banner picture
2024-02-29

Golden graduation cap vector material (EPS PNG)

This is a golden graduation cap vector material, available in EPS and PNG formats, including JPG preview.
PNG material
2024-02-27

Home Decor Cleaning and Repair Service Company Website Template

Home Decoration Cleaning and Maintenance Service Company Website Template is a website template download suitable for promotional websites that provide home decoration, cleaning, maintenance and other service organizations. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-05-09

Fresh color personal resume guide page template

Fresh color matching personal job application resume guide page template is a personal job search resume work display guide page web template download suitable for fresh color matching style. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-29

Designer Creative Job Resume Web Template

Designer Creative Job Resume Web Template is a downloadable web template for personal job resume display suitable for various designer positions. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28

Modern engineering construction company website template

The modern engineering and construction company website template is a downloadable website template suitable for promotion of the engineering and construction service industry. Tip: This template calls the Google font library, and the page may open slowly.
Front-end template
2024-02-28