httpoxy漏洞的一些整理
2016-07-19 00:00
471 查看
一个MIMT漏洞,或许特殊场景能够发现出特殊的效果。
官网 https://httpoxy.org/
httpoxy poc https://github.com/httpoxy
生动形象 https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
什么是httpoxy https://medium.com/@nzdominic/what-is-httpoxy-65a33a8a1f4d
介绍是如何发现httpoxy这个漏洞的 https://medium.com/@nzdominic/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71#.7juwhx49s
非常不错 含测试脚本/修补建议和相关原理分析 https://access.redhat.com/security/vulnerabilities/httpoxy
http://seclists.org/oss-sec/2016/q3/94
reddit上的相关讨论,作者现身 https://www.reddit.com/r/netsec/comments/4tfc4k/httpoxy_a_cgi_application_vulnerability_for_php/
https://www.apache.org/security/asf-httpoxy-response.txt
https://news.ycombinator.com/item?id=12115051 hacknews
类似心脏出血重大漏洞的公布站点 https://github.com/KeenRivals/Bugsite-Index
鸟哥的分析说明贴:http://www.laruence.com/2016/07/19/3101.html
乌云zone的一些讨论:zone.wooyun.org/content/28537
官网 https://httpoxy.org/
httpoxy poc https://github.com/httpoxy
生动形象 https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
什么是httpoxy https://medium.com/@nzdominic/what-is-httpoxy-65a33a8a1f4d
介绍是如何发现httpoxy这个漏洞的 https://medium.com/@nzdominic/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71#.7juwhx49s
非常不错 含测试脚本/修补建议和相关原理分析 https://access.redhat.com/security/vulnerabilities/httpoxy
http://seclists.org/oss-sec/2016/q3/94
reddit上的相关讨论,作者现身 https://www.reddit.com/r/netsec/comments/4tfc4k/httpoxy_a_cgi_application_vulnerability_for_php/
https://www.apache.org/security/asf-httpoxy-response.txt
https://news.ycombinator.com/item?id=12115051 hacknews
类似心脏出血重大漏洞的公布站点 https://github.com/KeenRivals/Bugsite-Index
鸟哥的分析说明贴:http://www.laruence.com/2016/07/19/3101.html
乌云zone的一些讨论:zone.wooyun.org/content/28537
相关文章推荐
- HTTPoxy
- 网络协程编程
- 深度学习实战——caffe windows 下训练自己的网络模型
- 网络CCNA基础了解
- LAMP 搭建和压力测试
- 关于ELM
- workerman新增tcp端口支持app socket通信
- 网络编程+多线程实现简单的聊天室功能
- luogu2038[NOIP2014 T4]无线网络发射器选址
- luogu2038[NOIP2014 T4]无线网络发射器选址
- gethostbyname()函数详解
- 数据接收之环形缓冲 TCP粘包处理-RingBuf方法
- ubuntu配置网络
- HTTP 204和205的应用
- Windows 下 Apache HTTP Server 安装、配置以及与 Tomcat 的整合(附图)
- 从网络获取文件
- [网络流]poj1698 Alice's chance
- 学校实验室交换机上网,没有自动拨号时的设置
- 网络游戏分类
- Android 4.4 Kitkat 使能有线网络 Ethernet