关于 "CVE-2024-2961 glibc iconv exploitation (part 2)" 注解 CVE-2024-2961是最近公布出现在iconv中的漏洞。原发现者cfeal也陆续展示了关于它的利用方式[1] [2]。我之前是看过part 1 [1]，其中通过使... 2024-7-4 00:3:48 | 阅读: 37 | 收藏 | Sec-News 安全文摘 - govuln.com php freelist slots iconv 0x800

Phishing or What?? How I Got Access to the Internal Email of a Company 2024-7-2 15:18:18 | 阅读: 4 | 收藏 | Sec-News 安全文摘 - govuln.com

Inside Xerox WorkCentre: Two Unauthenticated RCEs Every organization has printers.... 2024-7-2 14:35:35 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com xerox php workcentre firmware

MongoDB NoSQL Injection with Aggregation Pipelines StoryLast August (2023), while assisting with the NoSQL lab module for PortSwigger Web Academy, I... 2024-6-27 10:47:27 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com injection nosql aggregate agg dummy

Swagger API Exploit 1.2 2024-6-27 10:46:50 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com github grade security copilot stories

Ransacking your password reset tokens -- MARKDOWN --- Integrating the ["Ransack" library](https://github.com/activerecord-hackery/ransack)... 2024-6-27 10:22:4 | 阅读: 5 | 收藏 | Sec-News 安全文摘 - govuln.com github ransack fablabs superadmin cont

plORMbing your Django ORM Table of Contents INTRODUCTION PREVIOUS RESEARCH WHAT ARE ORMS... 2024-6-26 18:53:7 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com payload dumped django orm bright

How I Was Paid $9,000 for a Critical Vulnerability in Adobe Commerce (CVE-2024-34102) From time to time, I participate in bug bounty programs. When I choose a target, I base my decision... 2024-6-26 17:29:22 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com magento quote cartid carts

Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) Magento is one of the most popular e-commerce solutions in use on the internet. It's estimated that... 2024-6-26 17:25:51 | 阅读: 67 | 收藏 | Sec-News 安全文摘 - govuln.com magento sourcedata php quote magento2

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2) A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for... 2024-6-18 17:45:7 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com php iconv rcube rcmail roundcube

加密程序：如何应对勒索软件攻击 首页 会员介绍... 2024-6-18 11:33:21 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com icp 20012251 审计

利用codeql查找hsqldb2.7.3最新反序列化链 2024-6-18 11:31:30 | 阅读: 3 | 收藏 | Sec-News 安全文摘 - govuln.com

Exploiting (GH-13690) mt_rand in php in 2024 This blog post delves into the inner workings of mt_rand(), exposing its weaknesses and demon... 2024-6-18 11:28:22 | 阅读: 16 | 收藏 | Sec-News 安全文摘 - govuln.com php attacker rnd 13690 gh

XML 相关漏洞风险研究 小小的 XML，大大的风险。经常看到有关 XXE 的漏洞分析，大概知道原理，但是对 XML 中相关的定义却一知半解。XEE 全称为 XML External Entity 即 XML 外部实体，但除... 2024-6-18 11:26:7 | 阅读: 14 | 收藏 | Sec-News 安全文摘 - govuln.com xsl xslt xs evilpan 数据

Mitmproxy 数据包解密实战篇 error code: 521... 2024-6-18 11:24:53 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com 521

网络安全面试指南 多年来筛选了数以千计的简历，为什么很多人连面试机会都没有？参与了数以百计应聘者的面试，为何如此多的人... 2024-6-12 14:48:53 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com 安全 网络 招聘 应聘

记一次离谱的内存马 GetShell 如果觉得我的文章对您有用，请随意打赏。你的支持将鼓励我继续创作！ ... 2024-6-12 11:45:27 | 阅读: 45 | 收藏 | Sec-News 安全文摘 - govuln.com

No Way, PHP Strikes Again! (CVE-2024-4577) Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affe... 2024-6-7 16:24:37 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com php hyphen soft locales orange

掘金滑块验证码安全升级，继续破解 HTTP: 404this_page.wrong = true;if (you_spelt_it_wrong) {try_again();}else if (we_screwed_up)... 2024-6-6 14:39:46 | 阅读: 14 | 收藏 | Sec-News 安全文摘 - govuln.com spelt screwed sorry

掘金滑块验证码安全升级，继续破解 去年发过一篇文章，《使用前端技术破解掘金滑块验证码》，我很佩服掘金官方的气度，不但允许我发布这篇文章，还同步发到了官方公众号。最近发现掘金的滑块验证码升级了，也许是我那篇文章起到了一些作用，逼迫官方加... 2024-6-6 14:39:45 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com 缺口 captchadata 滑块 掘金