Aggregator

ProxyToken Vulnerability Hits Zero-Day Initiative Program(link is external)

X-Force Exchange - Collection Feed
3 years 6 months ago
Summary A new vulnerability named ProxyToken has been disclosed by the Zero-Day Initiative Blog. Like ProxyShell, this vulnerability targets Microsoft Exchange servers. Overview A new vulnerability in Microsoft Exchange named ProxyToken has been observed by researchers and disclosed to the Zero-Day Initiative program. The vulnerability allows attackers to skip authentication and change an Exchange server's backend configuration. According to Le Xuan Tuyen, the original researcher credited for discovering th

Backdoor users on Linux with uid=0(link is external)

Embrace The Red
3 years 6 months ago
On Unix/Linux users with a uid=0 are root. This means any security checks are bypassed for them. An adversary might go ahead and create a new account, or set an existing account’s user identifier (uid) or group identifier to zero. A simple way to do this is to update /etc/passwd of an account, or use usermod -u 0 -o mallory. Let’s create a new user named mallory: wuzzi@saturn:/$ sudo adduser mallory [.

以太坊EIP-1559总结(link is external)

Exploit的小站~
3 years 6 months ago
一、概要 EIP-1559主要提出了区块BaseFee的概念,有以下特点: (1)basefee是动态变化的,用来指定gas的基础费用 (2)变化幅度和方向由一个公式算出,和之前区块的gas实际消耗以及gas target值(gasLimit / ELASTICITY_MULTIPLIER 乘数)决定 (3)当区块的gas目标值变大时,basefee会变大,否则会变小 (4)basefee的手续费会销毁,不会给矿工 (5)交易规定了用户愿意支付给矿工的每个gas的最高费用,以便于让矿工优先打包自
u011721501

Managed ad