AI自动化代码审计RCE
AI最近的趋势持续偏高,用AI来写代码,挖漏洞甚至于审计代码的文章或者工具都非常多,最近刚好在学习AI安全,并且php相关的代码审计也比较熟练,趁着学习AI的机会结合代码审计进行学习。
Aggregator
Bytes CTF 2021 EasyDroid 复现
7 hours 22 minutes ago
Intent重定向, webview 漏洞,XSS 注入
CodeQL规则编写之常用类与特殊情况
7 hours 22 minutes ago
关于编写任何Codeql规则时经常会用到的一些类和谓词,以及数据流可能会出现的特殊情况的分析与解决
一个简单的AsyncRAT样本分析
7 hours 22 minutes ago
AsyncRAT样本分析
Log4j WAF Bypass 技巧详细分析+总结
7 hours 22 minutes ago
Log4j WAF Bypass 技巧详细分析+总结
深入解析 Getter 方法的安全风险:源点调用与 JDBC 攻击
7 hours 22 minutes ago
深入解析 Getter 方法的安全风险:源点调用与 JDBC 攻击
如果通过反序列化进行打马
7 hours 22 minutes ago
多种反序列化打马教程
user32.dll的功能解析、劫持技术与防御策略全面分析
7 hours 22 minutes ago
user32.dll劫持
LSASS进程安全分析与防护指南
7 hours 22 minutes ago
本文全面解析LSASS核心功能、系统地位及运行流程,探讨其在身份验证、安全策略管理中的作用。同时,分析LSASS劫持技术原理与攻击手法,包括内存转储、恶意代码注入和注册表劫持,并提供系统加固、日志监控及应急响应等防御措施,帮助提升系统安全性。
IoT安全透视:D-Link DWR-932B固件全面逆向分析
7 hours 23 minutes ago
本文深入剖析D-Link DWR-932B路由器的固件安全,揭示可能导致攻击者未经授权访问和控制设备的严重漏洞,包括硬编码凭据、弱根密码以及管理与更新机制中的关键缺陷,如未认证的远程命令执行和不安全的固件更新协议。研究采用静态与动态分析相结合的方法,并通过逆向工程定位问题。本文可能存在一些不足,请大家斧正!此分析提醒人们在不断扩展的IoT生态系统中,强化安全实践的重要性,适合安全爱好者、网络管理员
2025CISCN&长城杯半决赛 PWN Prompt详细题解
7 hours 23 minutes ago
赛后复现
PolarCTF网络安全2025春季个人挑战赛-Writeup
7 hours 23 minutes ago
PolarCTF网络安全2025春季个人挑战赛-Writeup
PolarD&N--2025春季个人挑战赛--Crypto-WP
7 hours 23 minutes ago
LCGtask:普通的LCG问题,只需要逆运算求得初始种子seed即可。exp:beginnertask:原题是给定一个flag,将其转换为大整数M后左移10000位,也就是乘以2^10000,得到的十进制数的最后125位要与给定的字符串匹配。可以表达为:M * 2^10000 ≡ K (mod 10^125)其中,K是给定的那个大整数值。这里的关键是将模数分解为2^125和5^125,然后应用中
浅析:从0开始-shellCode的编写与完善
7 hours 23 minutes ago
Windows下shellCode编写与完善
从源码视角解析Arkari间接跳转混淆
7 hours 23 minutes ago
通过分析Arkari的源码,深入剖析CSEL-BR间接跳转的实现原理
Polarctf2025春季赛题解
7 hours 23 minutes ago
pwn题解
CVE-2007-2386 | Apple Mac OS X 10.4 memory corruption (VU#221876 / EDB-16871)
7 hours 23 minutes ago
A vulnerability was found in Apple Mac OS X 10.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2007-2386. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1219 | PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 Header Content-Type redirect (Nessus ID 232748)
7 hours 23 minutes ago
A vulnerability, which was classified as problematic, has been found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Type leads to open redirect.
This vulnerability is handled as CVE-2025-1219. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1736 | PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 check_has_header denial of service (Nessus ID 232748)
7 hours 23 minutes ago
A vulnerability, which was classified as problematic, was found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4. This affects the function check_has_header. The manipulation leads to denial of service.
This vulnerability is uniquely identified as CVE-2025-1736. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1861 | PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 HTTP Wrapper Truncate redirect (Nessus ID 232748)
7 hours 23 minutes ago
A vulnerability has been found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 and classified as problematic. This vulnerability affects unknown code of the component HTTP Wrapper Truncate Handler. The manipulation leads to open redirect.
This vulnerability was named CVE-2025-1861. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com