- 博客(27)
- 收藏
- 关注
RSS订阅原创 Talking about JSONP Hijacking Vulnerability
【代码】Talking about JSONP Hijacking Vulnerability。
2023-07-22 21:11:29
166
原创 LangChain Arbitrary Command Execution - CVE-2023-34541
【代码】LangChain Arbitrary Command Execution - CVE-2023-34541。
2023-07-21 18:23:10
182
原创 Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears
【代码】Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears。
2023-07-21 18:19:57
161
原创 Bypassing PHP WAF to Achieve Remote Code Execution In-Depth Analysis
Source:-/cfwaf.php?Source:-Let's try?
2023-07-21 18:15:04
143
原创 Auth.Tesla.com‘s Vulnerability Leads To Account Takeover of Internal Tesla Accounts
Source:-Timeline。
2023-05-11 03:33:27
346
原创 The Summary Of Spring Security Authorization Bypass on Java
【代码】The Summary Of Spring Security Authorization Bypass on Java。
2023-05-11 03:26:54
225
原创 Methods for Bypassing Authentication Vulnerabilities
Overviewa.username?Changedirectly。
2023-05-11 03:20:46
142
原创 Getting Started with the Internet of Vehicles Security - CAN Simulation
【代码】Getting Started with the Internet of Vehicles Security - CAN Simulation。
2023-05-11 03:08:22
115
原创 The Unbounded Loops Vulnerability: Denial of Service
An unbounded loop vulnerability is a type of security flaw that can occur in smart contracts when a loop does not have a defined maximum iteration limit. This means that the loop can continue to run indefinitely
2023-05-11 02:36:12
127
原创 An Introduction to Smart Contracts Hacking and Attacks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.The smart contracts ecosystem is evolving rapidly, obtaini
2022-12-30 19:06:35
234
原创 An Unsafe Deserialization Vulnerability and Types of Deserialization
ImpactPreventiontestingPreventionReferencesysoserialPreventionWhere:ReferencesPreventionReferencesMDN — JSONs:27:”
2022-12-20 01:46:18
194
原创 A Talk about Logic Vulnerabilities of Android Components - Android Security
Anyone who has been in contact with Android should have heard of the "major components". The first thing to learn when developing an application is the life cycle of each component. The so-called four major components refer to Activity, Service, Broadcast
2022-11-21 23:50:53
1335
原创 A Brief Introduction to SAML Security Vector
A Brief Introduction to SAML Security Vector。
2022-11-21 23:46:02
5028
原创 A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters。
2022-11-08 15:31:51
231
原创 A Remote Code Execution in JXPath Library (CVE-2022-41852)
critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.
2022-10-29 02:32:24
213
原创 The Blind Exploits To Rule Watchguard Firewalls Vulnerabilities
WatchGuard firewalls have been under attack multiple times, most notably by the Russian APT Sandworm and their malware, Cyclops Blink. Over the course of 4 months, the editor released three firmware updates, patching numerous critical vulnerabilities.
2022-10-27 22:50:07
476
原创 The Various Utilization Methods of PHP Serialization & Deserialization
To facilitate data storage, php usually converts data such as arrays into serialized form for storage, so what is serialization? Serialization is actually conver
2022-10-25 19:00:40
610
原创 A Talk About Java Serialization and Deserialization
A Talk About Java Serialization and Deserialization
2022-10-25 18:21:36
231
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)
2022-10-25 17:54:17
501
原创 A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)
2022-10-25 17:36:40
679
转载 An Open Source apps Leads to XSS to RCE Vulnerability Flaws
【代码】An Open Source app leads to XSS to RCE Vulnerability Flaws。
2022-10-25 16:43:13
132
原创 Turning cookie - based XSS into account takeover
Turning cookie - based XSS into account takeover
2022-10-21 00:13:25
1338
原创 The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems
【代码】The Story of 3 bugs that lead to Unauthorized RCE - Pascom Systems。
2022-10-21 00:02:08
599
原创 Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl
转存失败重新上传取消转存失败重新上传取消。
2022-10-20 03:00:20
132
原创 Android Security : A Checklist For Exploiting WebView
【代码】Android Security : A Checklist For Exploiting WebView。WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors. If it
2022-10-20 02:06:32
817
原创 Spring Actuator - Finding Actuators using Static Code Analysis - Part 2
【代码】Spring Actuator - Finding Actuators using Static Code Analysis - Part 2。
2022-10-20 01:57:12
192
原创 Spring Actuator - Stealing Secrets Using Spring Actuators - Part 1:
Spring is a set of frameworks for developing Applications in Java. It is widely used, so it is not unusual to encounter it during a security audit or penetration test. One of its features that I recently encountered during a Whitebox audit is actuators. I
2022-10-20 01:54:38
390
2
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人