Comunicati Stampa

Cyber ​​​​attack: nws yog dab tsi, nws ua haujlwm li cas, lub hom phiaj thiab yuav tiv thaiv nws li cas: XSS kab uas tuaj yeem ua rau lub kaw lus kaw

xss cross-site scripting

Niaj hnub no peb pom qee qhov Cross Site Scripting (XSS) qhov tsis zoo uas pom nyob rau hauv qee qhov kev siv qhib, thiab uas tuaj yeem ua rau kev ua haujlwm ntawm cov chaw taws teeb.

Cov kws tshaj lij cybersecurity tau tshaj tawm cov ntaub ntawv ntawm peb qhov chaw sib sau ua ke (XSS) qhov tsis zoo hauv cov ntawv thov qhib nrov uas tuaj yeem ua rau kev ua txhaum cai nyob deb (RCE).

Kev tawm tsam XSS thaum ntxov tso cai rau tus neeg ua yeeb yam hem thawj JavaScript code kom raug tua hauv tus neeg raug tsim txom lub vev xaib browser, uas qhib lub qhov rooj rau cov khoom qab zib tub sab, xa mus rau qhov chaw phishing, thiab ntau ntxiv.

Tam sim no cia peb saib qee qhov tsis zoo uas pom

Cross-Site Scripting (XSS) yog ib qho kev tawm tsam ntau tshaj plaws hauv web apps.Yog tias tus neeg ua phem hem thawj siv javascript code hauv app cov zis, nws tsis tsuas yog nyiag cov ncuav qab zib, tab sis kuj qee zaum ua rau muaj kev cuam tshuam tag nrho ntawm cov tshuab.

Evolution CMS V3.1.8

Thawj kab laum, Evolution CMS V3.1.8, tso cai rau tus neeg nyiag nkas tso tawm qhov cuam tshuam XSS ntawm ntau qhov chaw hauv ntu kev tswj hwm. Aleksey Solovev hais tias nyob rau hauv qhov kev tshwm sim ntawm kev ua tiav kev tawm tsam ntawm tus neeg saib xyuas kev tso cai hauv lub kaw lus, cov ntaub ntawv index.php yuav raug sau dua nrog cov lej uas tus neeg tawm tsam muab tso rau hauv lub payload.

FUD Rooj Sib Tham v3.1.1

Qhov thib ob qhov tsis zoo, pom hauv FUDForum v3.1.1, tuaj yeem tso cai rau tus neeg nyiag nkag los tso tawm XSS nres. Aleksey Solovev hais tias FUDforum yog lub rooj sib tham ceev ceev thiab loj tuaj. Nws yog customizable heev thiab txhawb unlimited cov tswv cuab, forums, posts, topics, polls, thiab attachments.

FUDforum tswj vaj huam sib luag muaj tus neeg saib xyuas cov ntaub ntawv uas tso cai rau koj xa cov ntaub ntawv mus rau lub server, suav nrog cov ntaub ntawv nrog PHP txuas ntxiv. Tus neeg tawm tsam tuaj yeem siv archived XSS los xa cov ntaub ntawv PHP uas tuaj yeem ua tiav ib qho lus txib ntawm lub server.

Bitbucket v4.37.1

Nyob rau hauv qhov tseeb qhov tsis txaus ntseeg, Bitbucket v4.37.1, muaj kab mob kev ruaj ntseg tau pom tias tuaj yeem tso cai rau tus neeg tawm tsam los tua XSS nres hauv ntau qhov chaw. Aleksey Solovev tau hais tias muaj qhov archived XSS nres tuaj yeem sim siv nws los ua cov cai ntawm lub server. Lub vaj huam sib luag admin muaj cov cuab yeej los khiav SQL queries.

GitBucket siv H2 Database Cav los ntawm lub neej ntawddefintua. Rau cov ntaub ntawv no, muaj kev siv pej xeem siv los ua kom tiav cov lej ua haujlwm nyob deb. Yog li, txhua tus neeg tawm tsam yuav tsum ua yog tsim PoC code raws li qhov kev siv no, upload nws mus rau qhov chaw cia khoom, thiab siv nws thaum muaj kev tawm tsam:

Yuav ua li cas tiv thaiv qhov muaj qhov tsis zoo

Ib txwm hloov kho Open Source platform, tam sim ntawd nruab ib qho kev kho thaj ua rau thaj.

Nug cov lus qhia, kev ntsuam xyuas, kev kwv yees yuav ua li cas kom ruaj ntseg koj lub cev.

Innovation tsab ntawv xov xwm
Tsis txhob nco cov xov xwm tseem ceeb tshaj plaws ntawm kev tsim kho tshiab. Sau npe kom tau txais lawv los ntawm email.
Kev soj ntsuam kev nyab xeeb

Nws yog cov txheej txheem tseem ceeb rau kev ntsuas koj lub tuam txhab qib kev ruaj ntseg tam sim no.

Ua li no nws yog ib qho tsim nyog yuav tsum koom nrog pawg Cyber ​​​​Team npaj kom txaus, muaj peev xwm ua tiav kev soj ntsuam ntawm lub xeev uas lub tuam txhab pom nws tus kheej nrog rau IT kev ruaj ntseg.

Kev tsom xam tuaj yeem ua tiav synchronously, los ntawm kev xam phaj ua los ntawm Cyber ​​​​Team lossis

kuj asynchronous, los ntawm kev sau daim ntawv nug hauv online.

Peb tuaj yeem pab koj, tiv tauj cov kws tshaj lij ntawm ilwebcreativo.nws sau rau info@ilwebcreativo.it lossis los ntawm kev sib tham ntawm whatsapp ncaj qha siv lub cim ntawm sab xis hauv qab.

SECURITY WEB MONITORING: tsom xam ntawm DARK WEB

Lub vev xaib tsaus yog hais txog cov ntsiab lus ntawm World Wide Web hauv darknets uas tuaj yeem ncav cuag hauv Is Taws Nem los ntawm cov software tshwj xeeb, teeb tsa thiab nkag mus.
Nrog peb Kev Saib Xyuas Kev Ruaj Ntseg Hauv Web peb tuaj yeem tiv thaiv thiab muaj kev tawm tsam cyber, pib los ntawm kev txheeb xyuas lub tuam txhab sau npe (piv txwv li: ilwebcreativo.it ) thiab tus kheej e-mail chaw nyob.

Tiv tauj peb ntawm vhatsapp, peb tuaj yeem npaj cov phiaj xwm daws teeb meem kom cais tawm qhov kev hem thawj, tiv thaiv nws kev sib kis thiab defipeb ua qhov tsim nyog kho. Kev pabcuam yog muab 24/XNUMX los ntawm Ltalis

CYBERDRIVE: daim ntawv thov ruaj ntseg rau kev sib koom thiab kho cov ntaub ntawv

CyberDrive yog tus tswj hwm cov ntaub ntawv huab nrog cov qauv kev nyab xeeb siab ua tsaug rau kev ywj pheej ntawm txhua cov ntaub ntawv. Ua kom muaj kev ruaj ntseg ntawm cov ntaub ntawv koom nrog thaum ua haujlwm hauv huab thiab sib qhia thiab kho cov ntaub ntawv nrog lwm tus neeg siv. Yog tias qhov kev twb kev txuas ploj lawm, tsis muaj cov ntaub ntawv khaws cia ntawm tus neeg siv lub PC. CyberDrive tiv thaiv cov ntaub ntawv los ntawm kev ploj vim yog kev puas tsuaj los yog raug nyiag los ntawm lub cev lossis digital.

"Lub CUBE": lub revolutionary daws

Qhov tsawg tshaj plaws thiab muaj zog tshaj plaws nyob rau hauv-ib-lub thawv datacenter muab kev suav lub zog thiab kev tiv thaiv los ntawm kev puas tsuaj rau lub cev thiab cov laj thawj. Tsim los rau kev tswj cov ntaub ntawv nyob rau hauv ntug thiab robo ib puag ncig, khw muag khoom ib puag ncig, chaw ua haujlwm tshaj lij, chaw ua haujlwm nyob deb thiab cov lag luam me uas qhov chaw, nqi thiab kev siv hluav taws xob yog qhov tseem ceeb. Nws tsis xav tau cov chaw zov me nyuam thiab cov khoom khib nyiab. Nws tuaj yeem muab tso rau hauv txhua yam ntawm ib puag ncig ua tsaug rau qhov cuam tshuam zoo nkauj hauv kev sib raug zoo nrog cov chaw ua haujlwm. "Lub Cube" muab kev lag luam software technology ntawm kev pabcuam ntawm cov lag luam me thiab nruab nrab.

Leej twg daws:

Txhawm rau tshawb xyuas cov teeb meem kev nyab xeeb, daws qhov tsis zoo, kom ruaj ntseg koj cov ntaub ntawv, ib txwm cia siab rau cov kws tshaj lij hauv kev lag luam:

  • Hu xov tooj HRC srl + 39 011 8190569
  • lossis xa email rau Rocco D'Agostino rda@rhrcsrl.it
  • los yog xa email rau Ercole Palmeri ercolep@ilwebcreativo.it

Lub lim tiam dhau los no peb tau hais txog cov ncauj lus hauv qab no hais txog Cyber ​​​​Security:

  1. Qhov tseem ceeb hauv Middle Attack
  2. malware
  3. Phishing thiab Spear phishing
  4. Attack nrog Interception
  5. Tsav-los ntawm
  6. Cross-site scripting (XSS)
  7. SQL Txhaj tshuaj tiv thaiv
  8. Malware kis piv txwv
  9. Google Drive & Dropbox: Lub Hom Phiaj ntawm APT29, Lavxias teb sab Hackers sau
  10. Attack rau Passwords
  11. Cyber ​​​​Attack Trends: Thawj Ib Nrab Tshaj Qhia 2022 - Check Point Software

Ercole Palmeri: Innovation addicted

​  

Innovation tsab ntawv xov xwm
Tsis txhob nco cov xov xwm tseem ceeb tshaj plaws ntawm kev tsim kho tshiab. Sau npe kom tau txais lawv los ntawm email.
Tags: antivirushnub yug tuacyber attackcyber nressib tham isthawmnev hais kev ruaj ntsegcybersecurity tutorialsgoogle themmalwareIT kev ruaj ntsegcomputer kev ruaj ntsegtutorialvpnxws
Peb 3, 2022 10:34 PM

Tsis ntev los no cov khoom

Google qhov kev txawj ntse tshiab tuaj yeem ua qauv DNA, RNA thiab "tag nrho cov molecules ntawm lub neej"

Google DeepMind tab tom qhia txog kev txhim kho ntawm nws cov qauv kev txawj ntse. Tus qauv txhim kho tshiab tsis yog tsuas yog…

9 Tej zaum 2024

Tshawb nrhiav Laravel's Modular Architecture

Laravel, nto moo rau nws cov lus sib xyaw ua ke zoo nkauj thiab cov yam ntxwv muaj zog, kuj muab lub hauv paus ruaj khov rau cov qauv tsim qauv. Nyob ntawd…

9 Tej zaum 2024

Cisco Hypershield thiab tau txais ntawm Splunk Lub sijhawm tshiab ntawm kev ruaj ntseg pib

Cisco thiab Splunk tab tom pab cov neeg siv khoom nrawm lawv txoj kev mus rau Lub Chaw Haujlwm Saib Xyuas Kev Ruaj Ntseg (SOC) ntawm lub neej yav tom ntej nrog…

8 Tej zaum 2024

Tshaj tawm ntawm kev lag luam: tus nqi tsis paub tseeb ntawm ransomware

Ransomware tau tshaj tawm xov xwm rau ob xyoos dhau los. Cov neeg feem coob yeej paub zoo tias kev tawm tsam…

6 Tej zaum 2024

Kev cuam tshuam tshiab hauv Augmented Reality, nrog Apple tus saib ntawm Catania Polyclinic

Kev lag luam ophthalmoplasty siv Apple Vision Pro coj mus muag saib tau ua ntawm Catania Polyclinic…

3 Tej zaum 2024

Cov txiaj ntsig ntawm Coloring nplooj ntawv rau menyuam yaus - lub ntiaj teb ntawm kev ua khawv koob rau txhua tus neeg

Tsim kom muaj kev txawj tsav tsheb zoo los ntawm kev pleev xim npaj cov menyuam yaus rau kev txawj ntse ntau dua li kev sau ntawv. Rau xim…

2 Tej zaum 2024

Lub neej yav tom ntej nyob ntawm no: Yuav ua li cas Kev Lag Luam Shipping yog Revolutionizing Ntiaj Teb Kev Lag Luam

Kev lag luam naval yog lub zog kev lag luam thoob ntiaj teb tiag tiag, uas tau taug kev mus rau 150 billion kev lag luam ...

1 Tej zaum 2024

Cov tshaj tawm thiab OpenAI kos npe rau daim ntawv cog lus los tswj kev khiav ntawm cov ntaub ntawv ua tiav los ntawm Artificial Intelligence

Hnub Monday dhau los, Lub Sijhawm Nyiaj Txiag tau tshaj tawm kev pom zoo nrog OpenAI. FT tso cai nws cov ntawv xov xwm thoob ntiaj teb…

30 Plaub Hlis 2024

Nyeem Innovation hauv koj hom lus

Innovation tsab ntawv xov xwm
Tsis txhob nco cov xov xwm tseem ceeb tshaj plaws ntawm kev tsim kho tshiab. Sau npe kom tau txais lawv los ntawm email.

Ua raws li peb

Tsis ntev los no cov khoom

lossis

cov khoom noj cyber attack blockchain sib tham chatgpt ua huab huab xam Cov ntsiab lus Marketing cyber nres sib tham isthawmnev hais kev ruaj ntseg neeg siv khoom txoj cai eCommerce ib enea kev tsim kho tshiab gianfranco fedele google cawv innovation nyiaj txiag innovation nce ntxiv qhov kev hloov pauv kev kho mob innovation innovation sustainability Kev tsim thev naus laus zis txoj kev ntse IOT laravel tshuab Kawm metaverse microsoft nft php teb Robotics seo SERP software software tsim software txoj kev loj hlob software Engineering sustainability pib thales tutorial vpn Web3