长亭百川云 - 文章详情

第十四周/20220104 红队推送

凌晨一点零三分

45

2024-07-13

【漏洞研究】

BeeMedia - Bypass Admin Panel

https://cxsecurity.com/issue/WLB-2021120100

BeeMedia- Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120101

Backdoor.Win32.FTP.Simpel.12 / Insecure Crypto

https://cxsecurity.com/issue/WLB-2021120102

Backdoor.Win32.FTP.Simpel.12 / Port Bounce Scan

https://cxsecurity.com/issue/WLB-2021120103

AlphaSkins Alpha Controls Package | SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120104

Terramaster F4-210 / F2-210 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120105

Microsoft Windows Explorer Preview Pane Security Bypass

https://cxsecurity.com/issue/WLB-2021120107

Windows Explorer Preview Pane HTML File Link Spoofing

https://cxsecurity.com/issue/WLB-2021120108

Virtual Airlines Manager 2.6.2 - 'plane_location' SQL 

https://cxsecurity.com/issue/WLB-2022010009

ManageEngine ServiceDesk Plus Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120112

【红队工具】

2021年最受欢迎的黑客工具top 20

https://www.kitploit.com/2021/12/top-20-most-popular-hacking-tools-in.html

漏洞猎人的漏洞探测工具列表

https://infosecwriteups.com/bug-bounty-tool-list-32262271f1e4

WMEye:为使用 WMI 和 MSBuild 横向而开发

https://github.com/pwn1sher/WMEye

SourceLeakHacker:一个多线程 Web 目录扫描器

https://github.com/WangYihang/SourceLeakHacker

log4jscanner:用于分析 JAR 文件的 log4j 漏洞文件系统扫描器和 Go 包

https://github.com/google/log4jscanner

【红队文章】

黑魔法:JS引擎漏洞

https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html

Websphere Portal - SSRF 转安为危

https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/

通过从泄漏的 Auth JWT 令牌更改用户元数据

https://infosecwriteups.com/hacktoberfest2k21-vulnerability-how-users-metadata-can-be-changed-via-auth-jwt-tokens-leaking-from-3028f8ad6991

通过代码执行临时修改Shiro密钥

https://www.o2oxy.cn/3972.html

Fixing the Unfixable: Story of a Google Cloud SSRF

https://bugs.xdavidhu.me/google/2021/12/31/fixing-the-unfixable-story-of-a-google-cloud-ssrf/

如何检测网络中的 DNS 隧道?

https://www.catonetworks.com/blog/how-to-detect-dns-tunneling-in-the-network/

Hacking a VW Golf Power Steering ECU - Part 1

https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part1/


更多详情请查看原文

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2