第十五周/20220110 红队推送

红队工具

各种类型 SQL 注入大集合

https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet

POC bomber：一款可快速获取目标服务器权限的漏洞检测工具

https://github.com/tr0uble-mAker/POC-bomber

CVE-2021-42287/CVE-2021-42278 扫描程序

https://github.com/ricardojba/noPac

特殊PDF生成器

https://github.com/pussycat0x/malicious-pdf

开启wininet的etw事件，可用于抓取样本特征https://github.com/howmp/WinINetLogger

一个基于Golang的分布式任务调度系统

https://github.com/labulaka521/crocodile

用于渗透测试前期信息收集

https://github.com/rufherg/Web\_InfoCollector

红队文章

CVE-2021-42287/CVE-2021-42278 域内大杀器详解（正确原理版）

https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html

CVE-2021-40444: Office RCE的深度技术分析

https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/

Apple Safari 整数溢出RCE（CVE-2021-30734）-WebAssembly 功能详情分析

https://blog.ret2.io/2021/06/02/pwn2own-2021-jsc-exploit/

关于抓取明文密码的探究

https://xz.aliyun.com/t/10734

GENESIS64反序列化漏洞分析

https://www.anquanke.com/post/id/264690

HTB Previse 中的重定向后执行 (EAR) 

https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fexploiting-execute-after-redirect-ear-vulnerability-in-htb-previse-92ea3f1dbf3d

===

漏洞研究

Backdoor.Win32.Wollf.m / Authentication Bypass

http://seclists.org/fulldisclosure/2022/Jan/6

Backdoor.Win32.Fantador / Insecure Password Storage

https://seclists.org/fulldisclosure/2022/Jan/7

Backdoor.Win32.Fantador / Divide by Zero DoS

http://seclists.org/fulldisclosure/2022/Jan/8

Backdoor.Win32.Skrat / Cleartext Hardcoded Password

http://seclists.org/fulldisclosure/2022/Jan/9

Backdoor.Win32.SilentSpy.10 / Authentication Bypass Command Execution

http://seclists.org/fulldisclosure/2022/Jan/10

Backdoor.Win32.SilentSpy.10 / Authentication Race Condition

http://seclists.org/fulldisclosure/2022/Jan/11

Projeqtor 9.3.1 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010010

Computer And Mobile Repair Shop Management 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010011

TRIGONE Remote System Monitor 3.61 Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022010012

BeyondTrust Remote Support 6.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010013

WordPress CRM Form Entries Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010014

Media k - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010015

Nettmp NNT 5.1 SQL Injection

https://cxsecurity.com/issue/WLB-2022010016

WordPress Catch Themes Demo Import Shell Upload

https://cxsecurity.com/issue/WLB-2022010017

cWifi Hotspot Wireless CP Code Execution

https://cxsecurity.com/issue/WLB-2022010018

RiteCMS 3.1.0 Arbitrary File Overwrite

https://cxsecurity.com/issue/WLB-2022010019

Hospitals Patient Records Management System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010020

Easy Cart Shopping Cart 2021 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010021

uDoctorAppointment 2.1.1 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010022

Vodafone H-500-s 3.5.10 WiFi Password Disclosure

https://cxsecurity.com/issue/WLB-2022010024

TermTalk Server 3.24.0.2 Arbitrary File Read

https://cxsecurity.com/issue/WLB-2022010025

Affiliate Pro 1.7 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010026

Gerapy 0.9.7 Remote Code Execution

https://cxsecurity.com/issue/WLB-2022010027

AWebServer GhostBuilding 18 Denial Of Service

https://cxsecurity.com/issue/WLB-2022010028

Powered by INSPIROXINDIA - Blind Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010029

Dixell XWEB 500 Arbitrary File Write

https://cxsecurity.com/issue/WLB-2022010031

Active PHP BookMarks 1.3 - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010032

Simple Music Cloud Community System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010033

Backdoor.Win32.SVC / Remote Stack Buffer Overflow

https://cxsecurity.com/issue/WLB-2022010034

Backdoor.Win32.Dsklite.a / Remote Denial of Service

https://cxsecurity.com/issue/WLB-2022010035

Backdoor.Win32.Dsklite.a / Insecure Transit

https://cxsecurity.com/issue/WLB-2022010036

Backdoor.Win32.Jtram.a / Port Bounce Scan

https://cxsecurity.com/issue/WLB-2022010037

Backdoor.Win32.Jtram.a / Insecure Credential Storage

https://cxsecurity.com/issue/WLB-2022010038

Backdoor.Win32.SVC / Directory Traversal

https://cxsecurity.com/issue/WLB-2022010040

PixelPro Designs - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010041

NEETAI TECH - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010043

XNU inm_merge Heap Use-After-Free

https://cxsecurity.com/issue/WLB-2022010044

Automox Agent 32 Local Privilege Escalation

https://cxsecurity.com/issue/WLB-2022010046

PoC for CVE-2021-25079

http://seclists.org/fulldisclosure/2022/Jan/12

Microsoft Windows SMB Direct Session Takeover

https://cxsecurity.com/issue/WLB-2022010047

openSIS Student Information System 8.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010048

Microsoft Windows 11- 'Jolt2.c' Denial of Service (MS00-029)

https://cxsecurity.com/issue/WLB-2022010049

sixdaysworks - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010050

New RCA up! CVE-2021-38000 - Chrome Intents Logic Flaw

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-38000.html

---

更多详情请查看原文