Tag:Loophole
-
JSP vulnerability overview
Summary: server vulnerabilities are the origin of security problems. Hackers’ attacks on websites mostly start from finding each other’s vulnerabilities. Therefore, only by understanding their own vulnerabilities, website managers can take corresponding countermeasures to prevent foreign attacks. The following describes the common vulnerabilities of some servers (including web server and JSP server). What’s the matter […]
-
Tool | monitor the latest vulnerability POC / exp artifact of GitHub
Article toSource:Timeline Sec Tool: GitHub CVE monitor Description: monitor the vulnerability of CVE number project added on GitHub, push nail or server paste Author:[email protected] sec SRC group Project address: https://github.com/yhy0/github-cve-monitor Wechat push mode 1. Open server sauce http://sc.ftqq.com/9.version You can get your sckey by scanning the wechat code and logging in Sckey is very important, […]
-
Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
Problem description In versions prior to Apache apifix 2.12.1 (excluding 2.12.1 and 2.10.4), enable Apache apifixbatch-requestsAfter the plug-in, there is a risk of rewriting the x-real-ip header. This risk can lead to the following two problems: Attacker throughbatch-requestsThe plug-in bypasses the IP restrictions on the Apache APIs IX data plane. Such as bypassing IP black-and-white […]
-
The opening ceremony of Beijing Winter Olympic Games shocked and brushed the screen; GitHub launches sponsorship function; Flutter 2.10 releases “think no weekly”
40s News Express Shocking opening ceremony of Beijing Winter Olympics Microsoft disables msix appx installer Ministry of industry and information technology: the guarantee task of the opening ceremony of the Winter Olympic Games was successfully completed, and more than 4000 IP addresses of the sending end of malicious programs were blocked Intel says its CPU […]
-
CSRF attack technology
1. Understand CSRF “Cross site request forge”: referred to as “CSRF” for short. In the attack scenario of CSRF, the attacker will forge a request (this request is usually a link), and then deceive the target user to click. Once the user clicks the request, the whole attack is completed. Therefore, CSRF attack also becomes […]
-
Chrome rce 1day vulnerability recurrence
Vulnerability description Google Chrome is a free web browser developed by Google. Browsers that use a large number of chrome kernel will also be affected by this vulnerability. An attacker can exploit this vulnerability to construct a malicious web page, which will cause remote code execution when the user visits the page. Since the Chrome […]
-
Devsecops: a security software construction model for happy
The article was first published in:Firewire Zone Cloud Security Community Author: Ma Jinghe How to use devsecops, which sounds very long and difficult to practice, to help you build security software happily. My name is brother ma. At present, I am working as a Devops technical preacher in Jihu gitlab to share my experience with […]
-
Target penetration exercise 61 Chronos
Target description Target address:https://www.vulnhub.com/entry/chronos-1,735/ Description Difficulty : medium This works better with VirtualBox rather than VMware 1、 Build the target environment Attack aircraft Kali: IP address: 192.168.9.7 Target plane: IP address: 192.168.9.58 Note: the IP addresses of the target and Kali only need to be in the same LAN (the same network segment, that is, […]
-
Application of cloudquery data security technology
How important is data security? In the era of big data, data has become the core business asset of an enterprise. The frequent data security incidents in recent years, from “Facebook user information leakage” to “wechat database deletion event”, each data security incident shows that the leakage and destruction of data assets will lead to […]
-
Vulnhub actual combat – doubletrouble target 👻
Vulnhub actual combat – doubletrouble target Target download address:https://www.vulnhub.com/entry/doubletrouble-1,743/Download the ova format file on the page, import it into VMware, or open vitrualbox Target 1 penetration test 1. Target description describe Back to the top Get flag Difficulty: easy About VM: Test and export from VirtualBox. DHCP and nested vtx / AMDV are enabled. You […]
-
Vulnhub actual combat – doubletrouble target 👻
Vulnhub actual combat – doubletrouble target Target download address:https://www.vulnhub.com/entry/doubletrouble-1,743/Download the ova format file on the page, import it into VMware, or open vitrualbox Target 1 penetration test 1. Target description describe Back to the top Get flag Difficulty: easy About VM: Test and export from VirtualBox. DHCP and nested vtx / AMDV are enabled. You […]
-
Common website attack technologies in the field of Web Security
1. SQL injection The core of SQL injection attack is to let the web server execute the SQL statement expected by the attacker, so as to obtain the data of interest in the database or read, modify, delete, insert and other operations on the database, so as to achieve its evil purpose. How to make […]