Aggregator

前几天AK了个腾讯的T-Star高校挑战赛，题目比较偏向Misc和Web，这里记录一下解题过程。

It’s all too common that IT security tools and practices come at the cost of productivity. Even physical security has this trade-off. There would be no rush to arrive at the airport an hour early if it weren’t for the extensive security measures that flying entails. As a result of this trade-off, our concern often isn’t if we can increase security in our networks — rather, it’s if the increased security is worth the impact on the business.

Summary A critical flaw in Atlassian's Jira software that could be used to bypass authentication has been identified. Atlassian has issued an advisory detailing the versions vulnerable to the exploit. Threat Type Vulnerability Overview Be advised that X-Force Incident Command is tracking the disclosure of an authentication bypass vulnerability in Jira's web authentication framework, Seraph. Tracked as CVE-2022-0540 , the vulnerability scores a 9.9 CVSS score. A specially crafted HTTP request sent to vulnera

WSO2 proxy SSRF漏洞 WSO2-2019-0598

前言 CVE-2022-22947是Spring Cloud Gateway的一个SpEL命令注入漏洞，前一阵 …

继续阅读“CVE-2022-22947 注入哥斯拉内存马”

生擒0Day，活捉Botbet