fengnanman的专栏

SQL Injection AKA mother of hacking is one of the notorious and well known vulnerability which has caused lots of damage to cyber world. Researchers has published lots of stuff on different-2 exploitation techniques for conducting various type of attacks including accessing data stored in database, reading/writing code from/to server using load and into outfile in MySQL, performing command execution using SA account in MSSQL. In this paper, we are going to exploit SQL Injection vulnerability in file download function which download file from server on the basis of output returned by vulnerable SQL query.

ModSecurity is an open source web application firewall that can work either embedded in an Apache web server or as a reverse proxy. The new features in version 2.0 and version 2.5 (released in February 2008) allow for a highly configurable capability that can address vulnerabilities (e.g. discovered during black-box penetration testing) on a per-application basis. ModSecurity provides for free a broad set of generic Core Rulesets that cover areas such as protocol compliance, malicious client software detection, XML protection, error detection, and generic attack detection ("Detect application level attacks such as described in the OWASP top 10"). However, the Core Set rule documentation (see README in modsecurity-core-rules_2.5-1.6.0.tar.gz) cautions that since attackers may examine the freely-available core rules to get around them, some core rules should be viewed more as a "nuisance reduction" mechanism instead of a security mechanism.

[MapReduce.Design.Patterns(2012.11)].Donald.M

Hadoop权威指南_Edition2_CN Tom White 周敏奇

Doug Cutting, Hadoop’s creator, likes to call Hadoop the kernel for big data, and I’d tend to agree. With its distributed storage and compute capabilities, Hadoop is fundamentally an enabling technology for working with huge datasets. Hadoop, to me, provides a bridge between structured (RDBMS) and unstructured (log files, XML, text) data, and allows these datasets to be easily joined together. This has evolved from traditional use cases, such as combining OLTP and log files, to more sophisticated uses, such as using Hadoop for data warehousing (exemplified by Facebook) and the field of data science, which studies and makes new discoveries about data. This book collects a number of intermediary and advanced Hadoop examples and presents them in a problem/solution format. Each of the 85 techniques addresses a specific task you’ll face, like using Flume to move log files into Hadoop or using Mahout for predictive analysis. Each problem is explored step by step and, as you work through them, you’ll find yourself growing more comfortable with Hadoop and at home in the world of big data. This hands-on book targets users who have some practical experience with Hadoop and understand the basic concepts of MapReduce and HDFS. Manning’s Hadoop in Action by Chuck Lam contains the necessary prerequisites to understand and apply the techniques covered in this book. Many techniques in this book are Java-based, which means readers are expected to possess an intermediate-level knowledge of Java. An excellent text for all levels of Java users is Effective Java, Second Edition, by Joshua Bloch (Addison-Wesley, 2008).

一、 MongoDB简介 MongoDB是一个面向文档的数据库系统。使用C++编写，不支持SQL，但有自己功能强大的查询语法。 MongoDB使用BSON作为数据存储和传输的格式。BSON是一种类似JSON的二进制序列化文档，支持嵌套对象和数组。 MongoDB很像MySQL，document对应MySQL的row，collection对应MySQL的table。

MongoDB基础教程

书名： 中文名《SQLite权威指南》 英文名《The Definitive Guide to SQLite》 出版日期：2006-05-25 页数：463 ISBN:1-59059-673-0 语言：英语 格式：PDF 简介:传统关系型数据库和内嵌数据库都有个让开发者困惑的缺点。因此对许多人来说，解决方案存在于SQLite，一个开放源内嵌数据库，有着令人惊奇的小痕印( 小于250k字节)。SQLite打包了强大的阵列功能可以操控大至2T字节的数据库。

SQLite的SQL语法 SQLite库可以解析大部分标准SQL语言。但它也省去了一些特性 并且加入了一些自己的新特性。这篇文档就是试图描述那些SQLite支持/不支持的SQL语法的。

SQL 安全注入漏洞过滤器类 Java实现 Java类实现，以及配置文件web.xml

HTML、CSS、JavaScript语法简明速查表 CSS语法表 HTML语法表 HTML语言参考 JavaScript语法表

软件测试登记表，简单实用。 模板简单拷贝如下 故障与问题记录 前台系统调试/测试记录登记表 编号： 1 时间： 2009-10-27 系统名称： 前台系统（门户网站）http://192.168.2.133/csta 现场环境： 1、 系统运行软硬件环境 操作系统版本号：Microsoft Windows Server 2003 R2 Enterprise Edition SP1 内存：1.0G JDK：jdk1.6.0_16 TOMCAT：apache-tomcat-6.0.20 SQL：版本: 8.0 2、 测试机软硬件环境（浏览器版本号） 操作系统版本号：XXX 内存：XXX 浏览器版本号：XXX

CVSNT2.5.03 使用手册 CVSNT 安装 配置CVSNT 服务器 添加CVS 用户 添加CVS 管理员 关闭pserver 加强安全性 管理pservre 跟sserver 的用户 用SSPI 协议 Finetuing 用户访问CVS 在CVSNT 中适用空格 后序

programming languages and lambda calculi

Modern C++ Design: Generic Programming and Design Patterns Applied