Aggregator

文章介绍如何发现隐藏的服务器来源，通过结合多种网络安全工具和技术（如DNS侦察、网络扫描等），绕过云WAF保护，掌握关键的第一步——原服务器发现。

作者测试了一个加密货币平台的安全性，发现了缓存欺骗和访问控制漏洞，并成功复现了问题。尽管报告了漏洞但因重复未获奖励，对平台感到失望但仍坚持寻找漏洞。

一位安全研究人员测试加密货币平台时发现缓存欺骗和访问控制漏洞，并成功利用接触ID绕过限制。尽管报告被标记为重复且修复延迟，他仍坚持漏洞挖掘。

作者通过目录暴力破解发现HP打印机未受保护的管理页面，可直接访问并修改网络设置、添加联系人或切断网络连接，最终报告漏洞获700美元奖励。

作者通过目录暴力破解发现HP打印机未受保护的管理页面,可直接访问并控制打印机设置,最终获得$875奖励。

通过在URL末尾添加.css等扩展名，利用服务器与缓存层之间的通信漏洞，将用户的敏感金融数据缓存到公共缓存中，从而实现未授权访问。

文章描述了一种Web Cache Deception（WCD）攻击，通过在URL末尾添加.css等文件扩展名，欺骗系统将敏感数据缓存到公共缓存中，从而获取用户的财务数据。该漏洞利用了服务器与缓存层之间的通信问题，并成功获得了$4000的漏洞赏金。

文章描述了三种级别的跨站脚本（XSS）攻击测试：低级通过直接注入``标签触发弹窗；中级利用大小写混合绕过黑名单过滤；高级使用``标签的`onerror`事件绕过正则表达式过滤。

Adwaith分享了他在TryHackMe平台上完成Biohazard CTF挑战的详细过程。从端口扫描到漏洞利用，再到解码Base64、ROT13等加密信息以获取旗帜（flag），并最终完成挑战。

文章介绍了OSINT（开放源情报）的概念及其重要性，强调通过合法和道德的方式利用公开数据进行分析。内容涵盖OSINT的基本定义、常用术语、工具（如搜索引擎、元数据提取工具）、匿名化方法及安全伦理指南，并鼓励读者通过实践项目提升技能。

JavaScript文件是现代网络应用的核心，负责客户端逻辑、API连接和数据获取。然而，它们也是黑客攻击的目标，常隐藏敏感信息。本文作者Abhijeet Kumawat作为赏金猎人，在其系列中深入探讨了JS文件的安全风险及其重要性。

A vulnerability has been found in Google Android 13/14/15/16 and classified as problematic. This impacts the function assertSafeToStartCustomActivity of the file AppRestrictionsFragment.java. The manipulation leads to deserialization. This vulnerability is documented as CVE-2025-48535. The attack needs to be performed locally. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in Google Android 15/16. The affected element is the function acl_arbiter of the file acl_arbiter.cc. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-48539. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability labeled as critical has been found in Google Android 16. This affects the function markMediaAsFavorite of the file MediaProvider.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-48532. Local access is required to approach this attack. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability categorized as problematic has been discovered in Google Android 16. Impacted is an unknown function. The manipulation results in unintended intermediary. This vulnerability is reported as CVE-2025-32320. The attack requires a local approach. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as problematic, was found in Google Android 13. Affected by this vulnerability is an unknown functionality of the file apk-versions.txt. The manipulation results in incorrect privilege assignment. This vulnerability is cataloged as CVE-2024-49731. The attack must be initiated from a local position. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability described as critical has been identified in Google Android 16. The affected element is an unknown function. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-32318. The attack can be launched remotely. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability was found in iBall Baton 150M iB-WRA150N 1.2.6 and classified as critical. This vulnerability affects unknown code of the file password.cgi of the component HTML Source Code. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2017-6558. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in Interspire Email Marketer up to 6.1.5. Affected is an unknown function of the file init.php of the component Cookie Handler. Performing manipulation of the argument IEM_CookieLogin results in improper authentication. This vulnerability is reported as CVE-2017-14322. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Ingenious School Management System 2.3.0. This issue affects some unknown processing of the file my_profile.php. The manipulation results in unrestricted upload. This vulnerability is known as CVE-2017-15957. It is possible to launch the attack remotely. Furthermore, an exploit is available.