Aggregator

CS Xss2Rce CVE-2022-39197分析与复现

LoRexxar's Blog
1 year 11 months ago

前段时间这个漏洞被挖掘出来之后的时候还是引发了很多关注的,但是最初一直都没有什么像样的分析文章出来,最早看@漂亮鼠的文章之后才大体上对这个漏洞有了一个基本的认识。

https://mp.weixin.qq.com/s/l5e2p_WtYSCYYhYE0lzRdQ

但是不知道是我的java水平真的不够,又或者说这篇文章中隐去的部分太多了,我顺着文章研究了一段时间但是几个点都串不起来。后来又接二连三的看了几篇文章,直到看完@pang0lin才算是把逻辑串联起来许多

https://mp.weixin.qq.com/s?__biz=MzkzNjMxNDM0Mg==&mid=2247485450&idx=1&sn=5662a9f2c081fc8521eee651b357323f&chksm=c2a1dc83f5d655957cf2a1c88adf45cd0d028316f536e0a8a18c9e7cb0440869ed4077822ce8&mpshare=1&scene=1&srcid=1017PFOrquxivFM2ck4Prl9m&sharer_sharetime=1665993698480&sharer_shareid=8c0858e06fee9d607c68521b3949c3e9#rd

这篇文章不知道什么时候发出来,主要是记录一下整个复现分析的心路历程,以便以后需要的时候没处看。

LoRexxar

GoEXP WANTED 3

俗世吧
1 year 11 months ago
GoEXP第三期是怎么回事呢?GoEXP相信大家都很熟悉,但是GoEXP第三期是怎么回事呢?GoEXP第三期,其实就是GoEXP出第三期了。大家可能会感到惊讶,GoEXP怎么会出第三期呢?但事实就是这样,小编也很惊讶。欢迎在评论区一起讨论哦

Critical Flaw in OpenSSL

X-Force Exchange - Collection Feed
1 year 11 months ago
Summary ***UPDATED*** The OpenSSL Project has officially released version 3.0.7. This update contains a fix for a previously undisclosed vulnerability that affects all current versions of the technology. This vulnerability has been downgraded from critical to high. Threat Type Vulnerability Overview ***UPDATE 1, November 1, 2022*** OpenSSL has released version 3.0.7 to address the undisclosed, high rated vulnerability. The download can be found here as well as in the references section below. Please note th

Burp-Montoya

RainSec
2 years ago
Burp的新版本更新了新的API接口,刚好最近有写插件的想法,所以简单的了解了下。简介  单从Monto

译|PHP 7 新的 Hashtable 实现

她和她的猫
2 years ago
大约三年前,我写了一篇分析 PHP 5 中数组的内存使用情况的文章。即将到来的 PHP 7 作为我工作的一部分,我重点关注于优化数据结构的大小以及内存分配上,为此重写了 Zend

DNS Threat Report ? Q3 2022

The Akamai Blog
2 years ago
Akamai's visibility into global traffic through Q3 provides insight into phishing campaigns and potential user susceptibility to malware attacks.
Or Katz

Fodcha Is Coming Back, Raising A Wave of Ransom DDoS

360 Netlab Blog - 360
2 years ago
Background

On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in an updated sample.No surprise, Fodcha's authors

Alex.Turing

Managed ad