Vulhub vulnerability series: Atlas confluence path traversal and Command Execution Vulnerability (CVE-2019-3396)
00. Preface This article will introduce and reproduce the vulnerability, and briefly explain the use of Vulhub. It is suitable for Xiaobai to learn together, and it's good for big guys to have a look ☺ 01. Introduction to atlassian confluence Atlassian Confluence (Confluence) is a professionalUTF-8...
Posted by e11rof on Fri, 21 May 2021 07:34:20 +0930
Android virtual sports running based on Frida HOOK sensor
Android virtual sports running based on Frida HOOK sensor (running environment: WIN10 + Pythom 3.6) As we all know, Android HOOK is very powerful, so one day, I suddenly wondered if I could dynamically HOOK Android sensor functions to achieve pseudo motion, so after consulting the data, I foundUTF-8...
Posted by bagpuss03 on Wed, 26 May 2021 02:55:34 +0930
linux kernel vulnerability authorization process
Core empowerment In the process of linux system vulnerability exploitation, the ultimate goal is to obtain the root permission of the target. In the process of penetration, sometimes some vulnerabilities can be used to obtain a low privilege user, and then try to raise the privilege to the rootUTF-8...
Posted by bhawap on Wed, 26 May 2021 05:04:51 +0930
10 common security vulnerabilities that programmers need to understand
preface In our daily development, many small partners tend to ignore the problem of security vulnerabilities, and think that as long as the normal implementation of business logic is OK. In fact, security is the most important thing. This article will learn common security vulnerabilities with UTF-8...
Posted by offnordberg on Fri, 28 May 2021 03:14:15 +0930
15-PHP code audit -- yii 2.0.37 deserialization vulnerability
Yii is a component-based high-performance PHP framework for developing large Web applications. There is a deserialization vulnerability in yii2 before 2.0.38. If the program calls unserialize() internally to deserialize, there may be a deserialization vulnerability in the program. Attackers canUTF-8...
Posted by Stalingrad on Mon, 07 Jun 2021 05:10:01 +0930
First contact penetration test
preface: The author of this paper received an authorized penetration test task, and needed to test the security of the app back-end server with an app as the entrance. Stage 1: IOS prison break After getting the corresponding authorization and downloading the specified app, we found that thereUTF-8...
Posted by jfourman on Thu, 08 Jul 2021 05:25:47 +0930
Super detailed MySQL function summary
MySQL string function functiondescribeexampleASCII(s)Returns the ASCII code of the first character of string s. Returns the ASCII code of the first letter of the CustomerName field: SELECT ASCII(CustomerName) AS NumCodeOfFirstChar FROM Customers; CHAR_LENGTH(s)Returns the number of characters iUTF-8...
Posted by Twysted on Sat, 24 Jul 2021 06:09:53 +0930
In a word, how to realize the Trojan horse? I'll show you now
preface For a long time, the Java Trojan horse has been implemented by entering the bytecode defineClass. The advantage of this method is that it can completely enter a class and realize almost all functions in Java. The disadvantage is that the Payload is too large and not as easy to modify asUTF-8...
Posted by smarlowe on Sat, 31 Jul 2021 06:39:07 +0930
PHP deserialization vulnerability so learn (fine)!
brief introduction To learn deserialization, you need to know the principle and function of serialization. Serialization is the process of converting the member variables of an object into strings that can be saved and transmitted, and deserialization is the process of converting the string intUTF-8...
Posted by shage on Sat, 14 Aug 2021 03:50:57 +0930
[duplicate jboss vulnerability] CVE-2017-7504 deserialization vulnerability + CVE-2017-12149 Arbitrary Code Execution Vulnerability + jmxinvokerservlet deserialization deserialization vulnerability
CVE-2017-7504 Jboss AS 4. In X and earlier versions, JbossMQ implements the HTTP serverilservlet in the JMS over HTTP Invocation Layer of the process A deserialization vulnerability exists in java files, which can be exploited by remote attackers to execute arbitrary code via specially crafted UTF-8...
Posted by snake310 on Sat, 18 Dec 2021 15:25:15 +1030