长亭百川云 - 文章详情

第十三周/20211227红队推送

凌晨一点零三分

52

2024-07-13


【漏洞研究】

=============

Signup PHP Portal 2.1 Shell Upload

https://cxsecurity.com/issue/WLB-2021120088

Video Sharing Website 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2021120089

Bazaar Web PHP Social Listings Shell Upload

https://cxsecurity.com/issue/WLB-2021120090

WBCE CMS 1.5.1 Admin Password Reset

https://cxsecurity.com/issue/WLB-2021120091

Exponent CMS 2.6 Multiple Vulnerabilities

https://cxsecurity.com/issue/WLB-2021120092

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

https://cxsecurity.com/issue/WLB-2021120093

WordPress Popular Posts 5.3.2 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120094

Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service

https://cxsecurity.com/issue/WLB-2021120095

phpKF CMS 3.00 Beta y6 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120096

HRVAC Consulting Engineering Israel SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120097

Backdoor.Win32.Visiotrol.10 / Insecure Password Storage

https://cxsecurity.com/issue/WLB-2021120098

【红队工具】

生成各方面AD报告,便于进行安全管理或咨询。

https://github.com/ziesemer/ad-privileged-audit#execution

SQLbit - 基于布尔盲注的自动化脚本

https://github.com/Sunlight-Rim/sqlbit

Turdshovel - 一个 .NET 内存转储分析工具

https://github.com/daddycocoaman/turdshovel

MultiPotato - 土豆家族新成员

https://github.com/S3cur3Th1sSh1t/MultiPotato

攻防资产处理小工具,便于筛选有价值资产

https://github.com/dr0op/bufferfly

原生JNDI注入漏洞的高版本JDKBypass利用

https://github.com/exp1orer/JNDI-Inject-Exploit

辅助攻防项目快速打点的综合工具

https://github.com/P1-Team/AlliN

【红队文章】

了解微服务的工作原理及破解过程

https://infosecwriteups.com/hacking-microservices-for-fun-and-bounty-5cc302769e94

Auerswald PBX 固件后门分析

https://blog.redteam-pentesting.de/2021/inside-a-pbx/

通过OXID解析器获取Windows远程主机上网卡地址

https://payloads.online/archivers/2020-07-16/1/

Tenda AC10–1200 sscanf 缓冲区溢出WP

https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6

Coding+Hacking:assert()函数深入理解与利用

https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6


更多详情请查看原文

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2