unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
文章介绍了一个24年前发现的glibc缓冲区溢出漏洞(CVE-2024-2961),该漏洞在PHP环境中被利用。通过php://filter协议链和文件读取漏洞,攻击者可将其转化为远程代码执行。该漏洞影响广泛,适用于多种PHP版本及应用,并提供了一种新的攻击向量。...
2024-5-27 07:0:0 | 阅读: 9 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
iconv
php
855
utf7
buckets
Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix
这篇文章介绍了PHP过滤器利用的新进展——WrapWrap工具的开发。该工具允许在资源前后添加任意前缀和后缀,从而将PHP资源包装到任何结构中。通过结合base64编码、字符集转换和特定的过滤器链,WrapWrap能够绕过安全措施(如禁用XXE),将任意内容注入目标应用,并绕过安全检查。尽管这种方法生成的payload可能非常大(例如3300字节需要2MB payload),但其灵活性使其成为一种强大的攻击手段。...
2023-12-10 23:0:0 | 阅读: 8 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
iconv
php
digit
triplet
payload
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
Owncloud于2023年11月21日修复了两个高危漏洞:CVE-2023-49103(CVSS 10)和CVE-2023-49105(CVSS 9.8)。前者允许通过PHPinfo页面获取敏感信息;后者使未认证用户可控制所有文件并可能远程执行代码(RCE),已认证用户可提升权限至管理员级别。...
2023-12-3 23:0:0 | 阅读: 4 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
oc
owncloud
dav
verifier
shalllogout
CVE-2023-27997 - Forensics short notice for XORtigate
Following the release of the CVE-2023-27997 on our blog and its section "A few notes for blue teamer...
2023-6-14 01:0:0 | 阅读: 101 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
remote
27997
salt
dtls
32bit
XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)
During a redteam assessment for one of our client, we had the opportunity to look into Fortigate SSL...
2023-6-13 22:0:0 | 阅读: 170 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
oplus
enspace
memory
compute
keystream
Sshimpanzee
TLDR;sshimpanzee is a fork of openssh server packaged with different network tunnels. It currently p...
2023-3-25 01:0:0 | 阅读: 44 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
icmp
tun
payload
fifo
tunnel
Cobalt Strike Investigation - Part 2
The previous article detailed the findings of the Cobalt Strike remote-exec built-in command that al...
2023-3-9 20:0:0 | 阅读: 158 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
windows
powershell
evtx
sysmon
usn
Unserializable, but unreachable: Remote code execution on vBulletin
文章描述了vBulletin中的一个预认证远程代码执行漏洞,该漏洞源于ORM对非标量数据的不当处理导致任意反序列化。尽管vBulletin对关键类进行了反序列化限制,但通过自定义类名触发autoloader加载Monolog库的autoload.php文件,成功实现了远程代码执行。...
2023-1-31 08:0:0 | 阅读: 7 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
vb
vbulletin
datamanager
php
autoload
Cobalt Strike Investigation Part 1
IntroductionApproachFindings SummaryCobalt Strike remote-exec winrm4.1. Sysmon Events4.2. Findings4....
2022-9-20 18:0:0 | 阅读: 44 |
收藏
|
blog.lexfo.fr
evtx
windows
alice
powershell
prefetch
Blind exploits to rule WatchGuard firewalls
这篇文章描述了作者在渗透测试中发现并利用WatchGuard防火墙的多个漏洞的过程。通过分析XML-RPC解析、XPath注入和整数溢出等漏洞,作者构建了八个不同的exploits,并最终获得了未修补的远程预身份验证root零日漏洞。整个过程涉及多个复杂的步骤和技巧,展示了对目标系统的深入理解和攻击能力。...
2022-8-28 22:0:0 | 阅读: 5 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
realloc
2gb
fig
arena
mmapped
安全通告 - 涉及华为某路由器产品的口令验证漏洞
nginx/1.21.6 ...
2022-6-28 08:0:0 | 阅读: 19 |
收藏
|
blog.lexfo.fr
安全通告 - 涉及华为打印机产品的输入验证类漏洞
nginx/1.21.6 ...
2022-6-20 08:0:0 | 阅读: 16 |
收藏
|
blog.lexfo.fr
安全通告 - 涉及华为打印机产品的输入校验漏洞
nginx/1.21.6 ...
2022-6-6 08:0:0 | 阅读: 19 |
收藏
|
blog.lexfo.fr
安全通告 - 华为某产品存在命令注入漏洞
nginx/1.21.6 ...
2022-6-6 08:0:0 | 阅读: 25 |
收藏
|
blog.lexfo.fr
安全通告 - 涉及华为产品的输入校验漏洞
nginx/1.21.6 ...
2022-6-1 08:0:0 | 阅读: 20 |
收藏
|
blog.lexfo.fr
安全通告 - 华为的某些产品存在越界写漏洞
nginx/1.21.6 ...
2022-5-23 08:0:0 | 阅读: 21 |
收藏
|
blog.lexfo.fr
安全通告 - 华为某些产品存在拒绝服务漏洞
nginx/1.21.6 ...
2022-5-23 08:0:0 | 阅读: 25 |
收藏
|
blog.lexfo.fr
Obfuscated obfuscation
IntroductionDuring a Red Team, we stumbled upon a device running Android. Next to the battery slot,...
2022-4-11 14:0:0 | 阅读: 25 |
收藏
|
blog.lexfo.fr
rk
i3
i2
td4
carr
AvosLocker Ransomware Linux Version Analysis
IntroductionOver the last few months, several cyber gangs (BlackCat, Hive, Revil, etc.) have built L...
2022-3-3 01:0:0 | 阅读: 28 |
收藏
|
blog.lexfo.fr
ransomware
ecies
encryption
salsa
hl
Hacking Root-Me: SPIP SQL injection leading to RCE (challenge)
SPIP CMS发布4.0.1版本修复SQL引擎漏洞,允许未认证用户读取数据库并执行代码。Root-Me网站被黑并创建挑战任务。...
2022-1-11 23:0:0 | 阅读: 7 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
spip
g0uz
hiring
security
wednesday
Previous
2
3
4
5
6
7
8
9
Next