你见过的最糟糕的安全漏洞是什么?为了保护罪犯,限制细节可能是个好主意。
不管怎样,这里有一个关于如果你发现了安全漏洞该怎么办的问题,还有一个关于如果公司(似乎)没有回应该怎么办的问题。
你见过的最糟糕的安全漏洞是什么?为了保护罪犯,限制细节可能是个好主意。
不管怎样,这里有一个关于如果你发现了安全漏洞该怎么办的问题,还有一个关于如果公司(似乎)没有回应该怎么办的问题。
当前回答
有一个云渲染库的许可证是2500美元,在注册之前有有限的工作时间(比如一分钟)。评估演示可以无限地运行。在exe内容中搜索单词“demo”会显示“[产品名称]demo”和附近的十六进制符号字符串。是的,那是登录名和密码。
其他回答
将用户名列表以明文形式发送给浏览器以供JavaScript自动补全,还可以通过使用唯一的用户id调整URL查询字符串来查看用户数据,这可以从自动补全功能中收集到。
我最近看到的最大安全漏洞是iOS 4 (iPhone)的锁屏漏洞,允许任何人立即访问任何iPhone(打电话、地址簿、通话记录、照片)。
http://www.pcworld.com/article/208813/ios_4_lock_screen_security_flaw_grants_access_to_contacts.html
XSS是我喜欢在网站上找到的东西。
下面是我的发现日志的链接:
所有:http://xssed.com/archive/author=Dr.Optix
只有特色菜:http://xssed.com/archive/special=1/author=Dr.Optix/
祝你浏览愉快!
About 3 years ago I built a site for a somewhat large non-profit organization in our state. When it came time to deploy the application to their web host server, I noticed an odd file named "cc.txt" or something obvious like that in their public site. It was under their web root, was getting served, and was a csv file of all their donor's names, addresses, credit card numbers, expiration dates, and CVV/CVC codes. I cannot count the number of times I brought the issue up - first to my boss, then our company accountant, the client's IT director, finally the client's President. That was 3 years ago. The file is still being served, it can even be googled. And it's been updated. I tend not to respond to their donation solicitations when I get them.
1-800 dominos will give unlisted address's related to any target phone number. When prompted if you are calling about the phone number you called from select no. The system will prompt you for a new phone number, the system will then read back to you the name and address that's associated to this phone number. Enter in your target's phone number and you now have their name and address. This is pretty common with automated ordering systems and if dominos has fixed this there are literally hundreds more.