- 博客(27)
- 收藏
- 关注
RSS订阅原创 Talking about JSONP Hijacking Vulnerability
【代码】Talking about JSONP Hijacking Vulnerability。
2023-07-22 21:11:29
79
原创 LangChain Arbitrary Command Execution - CVE-2023-34541
【代码】LangChain Arbitrary Command Execution - CVE-2023-34541。
2023-07-21 18:23:10
85
原创 Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears
【代码】Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears。
2023-07-21 18:19:57
59
原创 Bypassing PHP WAF to Achieve Remote Code Execution In-Depth Analysis
Source:-/cfwaf.php?Source:-Let's try?
2023-07-21 18:15:04
60
原创 Auth.Tesla.com‘s Vulnerability Leads To Account Takeover of Internal Tesla Accounts
Source:-Timeline。
2023-05-11 03:33:27
194
原创 The Summary Of Spring Security Authorization Bypass on Java
【代码】The Summary Of Spring Security Authorization Bypass on Java。
2023-05-11 03:26:54
131
原创 Methods for Bypassing Authentication Vulnerabilities
Overviewa.username?Changedirectly。
2023-05-11 03:20:46
88
原创 Getting Started with the Internet of Vehicles Security - CAN Simulation
【代码】Getting Started with the Internet of Vehicles Security - CAN Simulation。
2023-05-11 03:08:22
56
原创 The Unbounded Loops Vulnerability: Denial of Service
An unbounded loop vulnerability is a type of security flaw that can occur in smart contracts when a loop does not have a defined maximum iteration limit. This means that the loop can continue to run indefinitely
2023-05-11 02:36:12
49
原创 An Introduction to Smart Contracts Hacking and Attacks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.The smart contracts ecosystem is evolving rapidly, obtaini
2022-12-30 19:06:35
186
原创 An Unsafe Deserialization Vulnerability and Types of Deserialization
ImpactPreventiontestingPreventionReferencesysoserialPreventionWhere:ReferencesPreventionReferencesMDN — JSONs:27:”
2022-12-20 01:46:18
135
原创 A Talk about Logic Vulnerabilities of Android Components - Android Security
Anyone who has been in contact with Android should have heard of the "major components". The first thing to learn when developing an application is the life cycle of each component. The so-called four major components refer to Activity, Service, Broadcast
2022-11-21 23:50:53
1214
原创 A Brief Introduction to SAML Security Vector
A Brief Introduction to SAML Security Vector。
2022-11-21 23:46:02
4626
原创 A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters。
2022-11-08 15:31:51
140
原创 A Remote Code Execution in JXPath Library (CVE-2022-41852)
critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.
2022-10-29 02:32:24
128
原创 The Blind Exploits To Rule Watchguard Firewalls Vulnerabilities
WatchGuard firewalls have been under attack multiple times, most notably by the Russian APT Sandworm and their malware, Cyclops Blink. Over the course of 4 months, the editor released three firmware updates, patching numerous critical vulnerabilities.
2022-10-27 22:50:07
376
原创 The Various Utilization Methods of PHP Serialization & Deserialization
To facilitate data storage, php usually converts data such as arrays into serialized form for storage, so what is serialization? Serialization is actually conver
2022-10-25 19:00:40
529
原创 A Talk About Java Serialization and Deserialization
A Talk About Java Serialization and Deserialization
2022-10-25 18:21:36
188
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
2022-10-25 17:54:17
439
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
2022-10-25 17:36:40
600
转载 An Open Source apps Leads to XSS to RCE Vulnerability Flaws
【代码】An Open Source app leads to XSS to RCE Vulnerability Flaws。
2022-10-25 16:43:13
82
原创 Turning cookie - based XSS into account takeover
Turning cookie - based XSS into account takeover
2022-10-21 00:13:25
702
原创 The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems
【代码】The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems。
2022-10-21 00:02:08
417
原创 Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl
转存失败重新上传取消转存失败重新上传取消。
2022-10-20 03:00:20
90
原创 Android Security : A Checklist For Exploiting WebView
【代码】Android Security : A Checklist For Exploiting WebView。WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors. If it
2022-10-20 02:06:32
710
原创 Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
【代码】Spring Actuator - Finding Actuators using Static Code Analysis - Part 2。
2022-10-20 01:57:12
127
原创 Spring Actuator - Stealing Secrets Using Spring Actuators - Part 1:
Spring is a set of frameworks for developing Applications in Java. It is widely used, so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a Whitebox audit is actuators. I
2022-10-20 01:54:38
336
2
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人