PMAT-labs - Labs For Practical Malware Analysis And Triage

Welcome to the labs for Practical Malware Analysis & Triage. WARNING Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course PMAT. These samples are either written to emulate common malware characteristics or a...

FCKeditor connectors模块多个跨站脚本及目录遍历漏洞

CVECAN ID: CVE-2009-2324,CVE-2009-2265 FCKeditor是一款开放源码的HTML文本编辑器。 FCKeditor没有正确地验证用户对多个connector模块所传送的输入，远程攻击者可以利用samples目录中的组件注入任意脚本或HTML，或通过目录遍历攻击上传恶意文件。 FCKeditor = 2.6.4 从editor\filemanager\connectors中删除不使用的连接器 在config.ext中禁用文件浏览器 完全删除samples目录 厂商补丁： FCKeditor ---------...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples aka samples directory...

CVE-2009-2324

Multiple cross-site scripting XSS vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples aka samples directory...