- 博客(27)
- 收藏
- 关注
RSS订阅原创 Talking about JSONP Hijacking Vulnerability
【代码】Talking about JSONP Hijacking Vulnerability。
2023-07-22 21:11:29
144
原创 LangChain Arbitrary Command Execution - CVE-2023-34541
【代码】LangChain Arbitrary Command Execution - CVE-2023-34541。
2023-07-21 18:23:10
154
原创 Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears
【代码】Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears。
2023-07-21 18:19:57
126
原创 Bypassing PHP WAF to Achieve Remote Code Execution In-Depth Analysis
Source:-/cfwaf.php?Source:-Let's try?
2023-07-21 18:15:04
121
原创 Auth.Tesla.com‘s Vulnerability Leads To Account Takeover of Internal Tesla Accounts
Source:-Timeline。
2023-05-11 03:33:27
288
原创 The Summary Of Spring Security Authorization Bypass on Java
【代码】The Summary Of Spring Security Authorization Bypass on Java。
2023-05-11 03:26:54
198
原创 Methods for Bypassing Authentication Vulnerabilities
Overviewa.username?Changedirectly。
2023-05-11 03:20:46
128
原创 Getting Started with the Internet of Vehicles Security - CAN Simulation
【代码】Getting Started with the Internet of Vehicles Security - CAN Simulation。
2023-05-11 03:08:22
83
原创 The Unbounded Loops Vulnerability: Denial of Service
An unbounded loop vulnerability is a type of security flaw that can occur in smart contracts when a loop does not have a defined maximum iteration limit. This means that the loop can continue to run indefinitely
2023-05-11 02:36:12
114
原创 An Introduction to Smart Contracts Hacking and Attacks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.The smart contracts ecosystem is evolving rapidly, obtaini
2022-12-30 19:06:35
219
原创 An Unsafe Deserialization Vulnerability and Types of Deserialization
ImpactPreventiontestingPreventionReferencesysoserialPreventionWhere:ReferencesPreventionReferencesMDN — JSONs:27:”
2022-12-20 01:46:18
176
原创 A Talk about Logic Vulnerabilities of Android Components - Android Security
Anyone who has been in contact with Android should have heard of the "major components". The first thing to learn when developing an application is the life cycle of each component. The so-called four major components refer to Activity, Service, Broadcast
2022-11-21 23:50:53
1300
原创 A Brief Introduction to SAML Security Vector
A Brief Introduction to SAML Security Vector。
2022-11-21 23:46:02
4933
原创 A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters。
2022-11-08 15:31:51
214
原创 A Remote Code Execution in JXPath Library (CVE-2022-41852)
critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.
2022-10-29 02:32:24
185
原创 The Blind Exploits To Rule Watchguard Firewalls Vulnerabilities
WatchGuard firewalls have been under attack multiple times, most notably by the Russian APT Sandworm and their malware, Cyclops Blink. Over the course of 4 months, the editor released three firmware updates, patching numerous critical vulnerabilities.
2022-10-27 22:50:07
447
原创 The Various Utilization Methods of PHP Serialization & Deserialization
To facilitate data storage, php usually converts data such as arrays into serialized form for storage, so what is serialization? Serialization is actually conver
2022-10-25 19:00:40
575
原创 A Talk About Java Serialization and Deserialization
A Talk About Java Serialization and Deserialization
2022-10-25 18:21:36
216
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
2022-10-25 17:54:17
475
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
2022-10-25 17:36:40
655
转载 An Open Source apps Leads to XSS to RCE Vulnerability Flaws
【代码】An Open Source app leads to XSS to RCE Vulnerability Flaws。
2022-10-25 16:43:13
117
原创 Turning cookie - based XSS into account takeover
Turning cookie - based XSS into account takeover
2022-10-21 00:13:25
1049
原创 The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems
【代码】The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems。
2022-10-21 00:02:08
548
原创 Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl
转存失败重新上传取消转存失败重新上传取消。
2022-10-20 03:00:20
121
原创 Android Security : A Checklist For Exploiting WebView
【代码】Android Security : A Checklist For Exploiting WebView。WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors. If it
2022-10-20 02:06:32
791
原创 Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
【代码】Spring Actuator - Finding Actuators using Static Code Analysis - Part 2。
2022-10-20 01:57:12
181
原创 Spring Actuator - Stealing Secrets Using Spring Actuators - Part 1:
Spring is a set of frameworks for developing Applications in Java. It is widely used, so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a Whitebox audit is actuators. I
2022-10-20 01:54:38
373
2
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人