Location:
Search - web injection
Search list
Description: 亿众购物系统
一套设计完善、高效的web商城解决方案,独有SQL注入防范、对非法操作者锁定IP及记录功能,完整详细的记录了非法操作情况,管理员可以随时查看网站安全日志以及解除系统自动锁定的IP等
前台简介:
1)系统为会员制购物,无限会员级别。
2)会员自动升级、相应级别所享有的折扣不同。
3)产品可在缺货时自动隐藏。
4)自动统计所有分类中商品数量,并在商品分类后面显示。
5)邮件列表功能,可在线订阅商品讯息。
6)订单处理模块更合理、实用。
7)付款方式时实显示。
8)强大的查询功能,使顾客更快捷的找到感兴趣的商品。
9)完善的顾客服务功能:订单明细、消费情况、求购商品、修改资料、修改密码等。
10)商品销售排行榜,以销售量来评出最热销的商品。
11)商品促销排行榜,以优惠价格自动列出最优惠的商品。
12)网上支付接口采用“北京网银在线”支付。 -100 million people shopping system a well-designed and efficient web mall solutions unique to SQL injection to prevent the illegal operators and record locking IP functionality, complete detailed records of illegal operations, administrators can readily see website security log and lifting the automatic lock system IP prospects Profile : 1) system for membership shopping, unlimited-level members. 2) Member automatic updates, the corresponding level enjoyed by the different discount. 3) the shortage of products automatically hidden. 4) Automatic statistical classification of all goods number and classification of goods in the back shows. 5) the mailing list function, online subscription commodity message. 6) processing module orders more reasonable and practical. 7) Payment real-time displa
Platform: |
Size: 4126292 |
Author: 李军 |
Hits:
Description: 基于ASP+ACCESS+AJAX构建而成,程序界面以及功能高仿51收藏夹。
功能:
1、用户管理中心支持注册信息,修改密码。
2、注册用户时会自动添加网址分类与通讯录分类,以便添加网址及通讯录。
3、网址收藏与通讯录记录时可选择对应分类,分类修改采用JS显示。
4、收藏网址时可选择公开或私有,公开则允许被游客浏览。
5、记事本主要用于记录一些重要资料和事件备忘等,记事本信息不对外公开。
6、关于ACCESS数据库链接采用通用防SQL注入类函数,主要过滤SQL字符。
7、注册会员列表按全国省区域分类显示。
8、内置一套统一模板的多用户投票系统,独立数据库,由于未完善,暂不整合。
会员测试帐号:netsoz.com
会员测试密码:123456
-ASP-based ACCESS from AJAX Construction, program interface, and the functional imitation high 51 favorites. Functions : a user management center to support registration information, change passwords. 2, registered users will automatically add the classification and directories site classification, added to the web site and directory. 3, the website address book collections and the corresponding records can classify the changes adopted JS show. 4, the collection site choice in public or private, the public is allowed to visit the tourists. 5, mainly in the notebook to record important information and events, the releases, in the notebook of information not open to the public. 6, on the ACCESS database link to adopt a common defense SQL injection type function, filtering SQL main characters.
Platform: |
Size: 230817 |
Author: wang zhang |
Hits:
Description: asp+php注入工具,对网站安全检测,建站参考以及注入攻击有很大帮助-asp+ php injection tool for Web site security testing, injection attacks建站reference, as well as of great help
Platform: |
Size: 731136 |
Author: 李文 |
Hits:
Description: 扫描并检测网站中存在的漏洞,该程序能检测SQL注入漏洞,跨网站脚本攻击漏洞等一系列网站漏洞-Scanning and detection loopholes website, the program can detect SQL injection flaws, cross-site scripting attacks on a series of Web site vulnerabilities vulnerability
Platform: |
Size: 59392 |
Author: 厚墨 |
Hits:
Description: 这是国内首本在网站系统安全开发规范方面的应用手册,由动易软件安全工程师们耗时近6个月精心编制而成。手册基于.NET 2.0 的网站系统开发环境进行编写,共分为十三大项,30个小项,介绍了输入验证、输出编码、SQL注入、跨站脚本攻击、跨站请求伪造、越权操作、IO操作安全、缓存泄漏、系统加密、信息批漏、日志和监测、Web.config安全配置等方面的内容,并列明具体的防御手段和方法,从而为网站开发人员提供了一本深具实操性的工具书。
-This is the first site of the system security aspects of the development of standardized manuals and by PowerEasy time-consuming software security engineers are nearly 6 months meticulously prepared. Manual-based. NET 2.0 web site development environment for the preparation of the system is divided into 13 major and 30 small items, introduced input validation, output encoding, SQL injection, cross-site scripting attacks, cross-site request forgery, unauthorized operations, IO safe operation, cache leakage, the system encryption, information leakage approved, log and monitoring, Web.config security configuration and so the content and set out the specific means and methods of defense, so as to Web site developers is a great parade of the tool.
Platform: |
Size: 444416 |
Author: 老青 |
Hits:
Description: 本文挡主要探讨一些web代码安全里比较隐秘,容易被程序员忽视的问题.
主要内容:
二次攻击[Second attack]
类型1:通过文件系统函数漏洞转换
类型2:通过SQL注射漏洞转换
类型3:通过正则表达式中转变量
类型4:通过编码/解码中转变量
数组变量的魅力
Code与系统
Code与http协议
漏洞挖掘
-This article focused on retaining some web security code hidden in comparison, programmers easily overlooked. Main elements: the second attack [Second attack] type 1: the file system function through the loopholes in the conversion type 2: Adoption of SQL injection vulnerabilities conversion type 3: regular expressions transit through the variable type 4: Adoption of encoding/decoding interim array variable variable the charm of Code and System Code loophole mining agreement with the http
Platform: |
Size: 32768 |
Author: buzhidao |
Hits:
Description: pring.core 库是框架的基础, 提供依赖注入功能。spring.net中大多数类库依赖或扩展了spring.core的功能。iobjectfactory接口提供了一个简单而优雅的工厂模式,移除了对单例和一些服务定位stub写程序的必要。允许你将真正的程序逻辑的配置和依赖的详细情况解耦。作为对iobjectfactory 的扩展,iapplicationcontext接口也在spring.core库中,并且添加了许多企业应用为中心的功能,例如利用资源文件进行文本本地化、事件传播、资源加载等等。-pring.core library is the basis of the framework to provide dependency injection functionality. Most of spring.net or expanded library spring.core dependent functions. iobjectfactory interface provides a simple and elegant factory pattern, remove the single cases and a number of services targeting the procedures necessary to write stub. Allows you to program the logic of the real dependence on the configuration and details of the decoupling. Iobjectfactory as an extension of, iapplicationcontext also spring.core library interface, and add a number of enterprise applications-centric features, such as the use of resources to localize the text file, event dissemination, resource load and so on.
Platform: |
Size: 30178304 |
Author: 高照光 |
Hits:
Description: HDSI3.0的源代码,由delphi编写,用于分析网站而用 BY教主-HDSI3.0 the source code from delphi to prepare for the analysis of web sites and is available BY guru
Platform: |
Size: 823296 |
Author: 张张 |
Hits:
Description: 网站漏洞检测工具,用于检测网站是否存在攻击漏洞。-Website vulnerability detection tools for detecting the existence of vulnerabilities web site.
Platform: |
Size: 915456 |
Author: cany yang |
Hits:
Description: 基于JAVA的漏洞检测开源软件,可检测web网站的SQL注入和XSS漏洞。-JAVA-based open source vulnerability detection software, web sites can detect SQL injection and XSS vulnerabilities.
Platform: |
Size: 6024192 |
Author: yunzhong |
Hits:
Description: JSkyv1.0汉化版,Web漏洞的网站安全综合检测工具 :
SQL注入(SQL Injection ) 跨站脚本(XSS ) 不安全的对象引用(Unsecure object using ) 本地路径泄露(Local path disclosure ) 不安全的目录权限(Unsecure directory permissions ) 服务器漏洞如缓冲区溢出和配置错误(Server vulnerabilities like buffer overflow and configure error) 敏感目录和文件扫描(Possible sensitive directories and files scan ) 备份文件扫描(Backup files scan ) 源代码泄露(Source code disclosure ) 命令执行(Command Execute ) 文件包含(File Include ) Web木马后门(Web backdoor ) 敏感信息(Sensitive information ) -JSkyv1.0 Chinese Version, Web site security vulnerability detection tools integrated: SQL injection (SQL Injection) Cross-site scripting (XSS) secure the object reference (Unsecure object using) local path disclosure (Local path disclosure) insecure directory permissions (Unsecure directory permissions) server, such as buffer overflow vulnerabilities and configuration errors (Server vulnerabilities like buffer overflow and configure error) sensitive directory and file scanning (Possible sensitive directories and files scan) scan backup files (Backup files scan) source code leaked (Source code disclosure) command (Command Execute) file that contains (File Include) Web Trojan back door (Web backdoor) sensitive information (Sensitive information) and so on ......
Platform: |
Size: 6307840 |
Author: 李大海 |
Hits:
Description: PROTECTION AGAINST INPUT MANIPULATION VULNERABILITIES IN SERVICE ORIENTED
ARCHITECTURE
Thesis Submitted in partial fulfillment of the requirements for the degree of MASTER OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING – INFORMATION SECURITY by DEEPAK D J
Keywords: Service Oriented Architecture, XML firewall, Web service Attack, Input
manipulation, Denial of service (DOS), XDOS, SQL Injection , SOAP, Web Service
Security.
Platform: |
Size: 920576 |
Author: BARBIESS |
Hits:
Description: web安全测试之SQL注入测试攻击,主要为前台攻击-SQL injection of the attack at the front desk
Platform: |
Size: 165888 |
Author: 柴婷婷 |
Hits:
Description: 数据在DataBase里,自己还原上去
你还得修改一下Security.config 文件里的数据库连接串,然后就可以编译运行了
本系统使用 IBatis.Net+ASP.NET MVC3.0+ExtJS实现,
并扩展IBatis.Net的缓存,支持分布式缓存Memcached,你自己可在Web.config中修改下自己的缓存服务器地址
把IBatis.Net 的缓存模式改成MEMCACHED就可以了,我想你应该多少了解一些IBatis.Net的缓存机制,这是我最喜欢它的地方
那我就不多说了
本系统并实现了·全局异常捕捉跟全局权限验证过滤,依赖注入,
你在Global.asax中,解开这行注释就可以了
ControllerBuilder.Current.SetControllerFactory(new LC.MVC.Web.Common.Authorization.BIDefaultControllerFactory(container))
另外所有的页面全都是用纯JS编写的,实现了组件式页面,通过JS来动态加载,
菜单也是动态加载的(可以实现后期的权限模块),你自己在数据库的Features表中可以看到
动态加载菜单类在/Scripts/Business/Core/layout.js中
可能还会有些小BUG,但我还没发现
如果你有发现或者有好的建议,可以跟我交流交流
52017126我的QQ,
这个是VS2010版本的,当然你还得装ASP.NET MVC3-Data in DataBase own restore up
You have to modify the database connection string Security.config file, then you can compile and run
The system uses IBatis.Net ASP.NET MVC3.0 ExtJS achieved
And extended cache of IBatis.Net, to support the distributed cache Memcached yourself in the Web.config to modify under its own cache server address
To the IBatis.Net the cache the mode changed MEMCACHED can, I think you should know how much some IBatis.Net caching mechanism, which is my favorite place
I will not say
The system and achieve · global exception capture filter validation with global permissions dependency injection,
Can you unlock the line comment in Global.asax
ControllerBuilder.Current.SetControllerFactory (new LC.MVC.Web.Common.Authorization.BIDefaultControllerFactory (container))
In addition, all the pages are all written in pure JS component page via JS to dynamically load
Menu is dynamically loaded (the permissions module) of late, you can see the Feat
Platform: |
Size: 12442624 |
Author: luocan |
Hits:
Description: Web application vulnerabilities have become a major concern in software security. This paper will present major attack patterns, i.e. SQL injection, cross-site scripting, cross-site request forgery, JavaScript hijacking, and DNS rebinding, together with a survey and assessment
of the countermeasures available to web application developers.
Platform: |
Size: 1156096 |
Author: nateko |
Hits:
Description: A simple PHP web site code,一个简单的PHP网站代码实现,实现了登录功能,方便演示SQL 注入攻击实验-A simple PHP website code, realize the login function, convenient demonstration of SQL injection attack experiment
Platform: |
Size: 2048 |
Author: 千羽飞鸟 |
Hits:
Description: Vulnerability detection tools are frequently
considered the silver-bullet for detecting vulnerabilities in web
services. However, research shows that the effectiveness of
most of those tools is very low and that using the wrong tool
may lead to the deployment of services with undetected
vulnerabilities. In this paper we propose a benchmarking
approach to assess and compare the effectiveness of
vulnerability detection tools in web services environments. This
approach was used to define a concrete benchmark for SQL
Injection vulnerability detection tools. This benchmark is
demonstrated by a real example of benchmarking several
widely used tools, including four penetration-testers, three
static code analyzers, and one anomaly detector. Results show
that the benchmark accurately portrays the effectiveness of
vulnerability detection tools and suggest that the proposed
approach can be applied in the field.
Platform: |
Size: 373760 |
Author: Maddy |
Hits:
Description: 1, site management
Site settings / foreground navigation settings / home ID call / home module switch / external call code /SQL, anti injection management / server detection
2, user management
Manage user / add user / integrator initialization / member press rank / data blank new /
3, content management
Add new information management / articles / articles / columns add a link category management / management information management information / all / Hongtouwenjian / add Hongtouwenjian * / * / annex management red head file management / set / IP / data management limited the empty
4, thematic link management
Thematic chain photo / Pop announcement management / floating picture management / home office picture
5, database management
Database backup Online
6, guestbook management
Message view / processing message / message category / related settings
7, voting management
Managing voting / adding votes
Platform: |
Size: 11600896 |
Author: yuzhe
|
Hits:
Description: 简单的端口扫描,nmap实现,ssh登录,网页注入,密码破解加密,等小脚本,功能简陋,仅供参考(Simple port scanning, nmap implementation, SSH login, web injection, password
cracking, encryption, and other small scripts, simple functions, for reference only)
Platform: |
Size: 6144 |
Author: The_Doc
|
Hits:
Description: 注入工具 web安全检测工具 sql注入工具 mssql mysql 源码(Injection tool web security detection tool SQL injection tool MSSQL MySQL source code)
Platform: |
Size: 382976 |
Author: 小小可明
|
Hits: