Aggregator

文章描述了一个简单的CTF挑战，目标是获得系统管理员权限。作者通过检查页面内容或点击按钮成功获取了管理员访问权限。

这篇文章讨论了如何在银行系统中通过特定操作使账户余额变为负数，目标是通过添加正数金额来实现这一目标，并详细介绍了相关挑战和解决方法。

文章讨论了Web缓存中毒攻击的概念及其潜在影响。通过分析常见漏洞、测试方法及防御措施，揭示了如何利用未正确处理的请求头或参数注入恶意内容，并介绍了检测工具如Param Miner和WCVS等。同时强调了正确配置缓存键的重要性以防止此类攻击。

作者通过工具发现一个配置错误的表单和GraphQL端点,导致浏览器泄露其他用户的密码。

作者通过工具组合进行大规模信息收集时发现一个配置错误的表单和GraphQL端点导致浏览器泄露其他用户密码。

文章解释了跨站请求伪造（CSRF）攻击的工作原理：利用浏览器自动附带认证信息（如会话cookie）和服务器无法区分请求来源的特点，在用户不知情的情况下执行恶意操作（如银行转账）。

文章描述了BlackHat Bugcrowd CTF 2025中的一个挑战，通过Cookie Manipulation技术获取管理员权限以访问特殊笔记中的flag。

文章介绍了如何绕过常见的403 Forbidden和401 Unauthorized错误，解释了这些错误的原因，并提供了通过改变HTTP方法等技巧来解决这些问题的方法。

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. This vulnerability was named CVE-2025-8790. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-8789. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. This vulnerability is handled as CVE-2025-8788. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. This vulnerability is known as CVE-2025-8787. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the file /registros-de-conteudos-por-areas-de-conhecimento/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. This vulnerability is traded as CVE-2025-8786. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educar_usuario_lst.php. The manipulation of the argument nm_pessoa/matricula/matricula_interna leads to cross site scripting. The identification of this vulnerability is CVE-2025-8785. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. This vulnerability was named CVE-2025-8784. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.  The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and

研究人员发现CyberArk和HashiCorp的企业安全产品存在14个高危漏洞（统称为Vault Fault），包括身份验证绕过、权限提升和远程代码执行等。这些漏洞可能导致攻击者无需有效凭证即可控制企业系统并窃取敏感数据。相关厂商已发布补丁修复这些问题。

Submit #625918 / VDB-319318

Submit #625917 / VDB-319317

Submit #625799 / VDB-319316