cybersecurity
文章平均质量分 91
tutorialboy24
这个作者很懒,什么都没留下…
展开
-
LangChain Arbitrary Command Execution - CVE-2023-34541
【代码】LangChain Arbitrary Command Execution - CVE-2023-34541。原创 2023-07-21 18:23:10 · 126 阅读 · 0 评论 -
An Introduction to Smart Contracts Hacking and Attacks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.The smart contracts ecosystem is evolving rapidly, obtaini原创 2022-12-30 19:06:35 · 207 阅读 · 0 评论 -
An Unsafe Deserialization Vulnerability and Types of Deserialization
ImpactPreventiontestingPreventionReferencesysoserialPreventionWhere:ReferencesPreventionReferencesMDN — JSONs:27:”原创 2022-12-20 01:46:18 · 166 阅读 · 0 评论 -
A Talk about Logic Vulnerabilities of Android Components - Android Security
Anyone who has been in contact with Android should have heard of the "major components". The first thing to learn when developing an application is the life cycle of each component. The so-called four major components refer to Activity, Service, Broadcast原创 2022-11-21 23:50:53 · 1272 阅读 · 0 评论 -
A Brief Introduction to SAML Security Vector
A Brief Introduction to SAML Security Vector。原创 2022-11-21 23:46:02 · 4855 阅读 · 0 评论 -
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters。原创 2022-11-08 15:31:51 · 187 阅读 · 0 评论 -
A Remote Code Execution in JXPath Library (CVE-2022-41852)
critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.原创 2022-10-29 02:32:24 · 168 阅读 · 0 评论 -
The Blind Exploits To Rule Watchguard Firewalls Vulnerabilities
WatchGuard firewalls have been under attack multiple times, most notably by the Russian APT Sandworm and their malware, Cyclops Blink. Over the course of 4 months, the editor released three firmware updates, patching numerous critical vulnerabilities.原创 2022-10-27 22:50:07 · 400 阅读 · 0 评论 -
The Various Utilization Methods of PHP Serialization & Deserialization
To facilitate data storage, php usually converts data such as arrays into serialized form for storage, so what is serialization? Serialization is actually conver原创 2022-10-25 19:00:40 · 548 阅读 · 0 评论 -
A Talk About Java Serialization and Deserialization
A Talk About Java Serialization and Deserialization原创 2022-10-25 18:21:36 · 203 阅读 · 0 评论 -
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)原创 2022-10-25 17:54:17 · 456 阅读 · 0 评论 -
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)原创 2022-10-25 17:36:40 · 635 阅读 · 0 评论 -
An Open Source apps Leads to XSS to RCE Vulnerability Flaws
【代码】An Open Source app leads to XSS to RCE Vulnerability Flaws。转载 2022-10-25 16:43:13 · 104 阅读 · 0 评论 -
Turning cookie - based XSS into account takeover
Turning cookie - based XSS into account takeover原创 2022-10-21 00:13:25 · 972 阅读 · 0 评论 -
The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems
【代码】The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems。原创 2022-10-21 00:02:08 · 518 阅读 · 0 评论 -
Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl
转存失败重新上传取消转存失败重新上传取消。原创 2022-10-20 03:00:20 · 108 阅读 · 0 评论 -
Android Security : A Checklist For Exploiting WebView
【代码】Android Security : A Checklist For Exploiting WebView。WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors. If it原创 2022-10-20 02:06:32 · 760 阅读 · 0 评论 -
Spring Actuator - Stealing Secrets Using Spring Actuators - Part 1:
Spring is a set of frameworks for developing Applications in Java. It is widely used, so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a Whitebox audit is actuators. I原创 2022-10-20 01:54:38 · 355 阅读 · 2 评论