How an obscure PHP footgun led to RCE in Craft CMS Most developers would agree that PHP is a much saner, safer and more secure language than it was 15... 2024-12-28 19:4:33 | 阅读: 13 | 收藏 | Sec-News 安全文摘 - govuln.com php craft findconfig filehelper

SpringMVC的URI解析和权限绕过 2024-12-24 02:40:54 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com

Bypassing WAFs with the phantom $Version cookie Published: 04 December 2024 at 15:03 UTC... 2024-12-22 07:29:24 | 阅读: 18 | 收藏 | Sec-News 安全文摘 - govuln.com quoted param2 param1 value1 value2

Databricks JDBC Attack via JAAS Background StoryYesterday, I received a threat intelligence alert regarding the Databricks JDBC... 2024-12-20 12:41:48 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com jaas remote krbjaasfile flask pyn3rd

Using YouTube to steal your files Ʊ lyra's epic blog In my security research I often come across weird quirks and behaviours that aren’t p... 2024-12-19 16:50:45 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com youtube horse slides lyra signin

越狱破解马斯克最新AI-Grok2揭秘：特朗普赢得大选背后，AI的推波助澜 error code: 521... 2024-12-18 18:45:35 | 阅读: 9 | 收藏 | Sec-News 安全文摘 - govuln.com 521

企业上云的新攻击面分析 环境异常 当前环境异常，完成验证后即可继续访问。 去验证... 2024-12-18 15:56:46 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com

Apache Struts2 文件上传逻辑绕过(CVE-2024-53677)(S2-067) 前言​ Apache官方公告又更新了一个Struts2的漏洞，考虑到很久没有发无密码的博客了，再加上漏洞的影响并不严重，因此公开分享利用的思路。分析影响版本Struts 2.0.0 - Struts... 2024-12-16 16:16:50 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com struts 漏洞 y4tacker

Diving deep into Jetbrains TeamCity Part 2 - Analysing CVE-2024-24942 leading to unauthenticated Path Traversal Dec 11, 2024 •java, aaThis article aims to explore the details of CVE-2024-249... 2024-12-12 14:58:6 | 阅读: 28 | 收藏 | Sec-News 安全文摘 - govuln.com swaggerui teamcity notnull

基于 llamafile 和 Continue 的本地AI代码助手 继“数字货币”和“区块链”之后，IT 业界目前最火的概念毫无疑问就是 “AI“ 了。些许值得庆幸的是，在经过一年多的发展后，名为 “AI” 实为 “LLM（... 2024-12-12 14:27:37 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com llamafile 模型 coder qwen2 gguf

New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader Did I ever tell you what the de... 2024-12-12 14:19:54 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com dma pcie memory security mastering

Remote Code Execution with Spring Properties Recently a past student came to me with a very interesting unauthenticated vul... 2024-11-27 11:23:20 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com logfile logback

Chrome扩展攻击指南 首页 会员介绍... 2024-11-25 17:54:27 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com icp 20012251 审计

The Karma connection in Chrome Web Store Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome... 2024-11-25 16:40:59 | 阅读: 13 | 收藏 | Sec-News 安全文摘 - govuln.com karma affiliate ltd malicious youtube

Exploiting File Writes in Hardened Node.js Environments …TL; DR在 Hexacon 2024 上关注到了这么一个议题 《Exploiting File... 2024-11-25 16:40:2 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com signum uv 数据 0x60

010editor 模板编写笔记 可以通过local关键字定义变量，这样的变量默认不会显示在模板窗口中，不过用户任然可以在窗口中点击右键菜单中的Show Local Variables来显示局部变量。format: 以某种进制格式显示... 2024-11-25 16:39:5 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com wchar ftell wstring hh yyyy

Introducing lightyear: a new way to dump PHP files PHP filter chains are, in my opinion, an amazing research subject, as they seem to offer an infinite... 2024-11-25 16:38:16 | 阅读: 16 | 收藏 | Sec-News 安全文摘 - govuln.com digit iconv 4a dechunk 5a

N1CTF24 PHP Master Writeup 0x01 介绍在刚刚过去的N1CTF24上，... 2024-11-12 19:48:15 | 阅读: 9 | 收藏 | Sec-News 安全文摘 - govuln.com php dataform 0x500 解释器 指令

Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable 2024-11-7 16:19:46 | 阅读: 6 | 收藏 | Sec-News 安全文摘 - govuln.com

构建无密码认证：passkey入门与Go实现 请点击上方蓝字TonyBai订阅公众号！传统的密码认证一直以来都是数字时代的主流身份验证方式。然而，用户常常选择易记的弱密码并重复使用，导致账号易受攻击。密码泄露、钓鱼攻击等安全问题层出不穷，超过80... 2024-11-7 16:18:4 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com passkey webauthn username 数据