unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
PHP-FPM local root vulnerability (CVE-2021-21703)
该漏洞(CVE-2021-21703)存在于PHP-FPM中,允许低权限用户通过共享内存中的指针数组提升至root权限。攻击者可利用此漏洞修改主进程的内存结构,导致特权升级。修复措施包括更改共享内存中的数据结构以防止此类攻击。...
2021-10-21 07:0:0 | 阅读: 6 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
php
procs
memory
crash
zcg
DanaBot Communications Update
Since the last blog post from Proofpoint about the version 4 of DanaBot, the new samples available i...
2021-09-21 01:00:00 | 阅读: 32 |
收藏
|
blog.lexfo.fr
a77
t7ps
p9z
y9z
b77
Dridex Loader Analysis
IntroductionDridex is an old banking Trojan that appeared in 2014 and is still very active today. Th...
2021-04-07 01:00:00 | 阅读: 100 |
收藏
|
blog.lexfo.fr
crc32
mutex
windows
arc4
dridex
Laravel <= v8.4.2 debug mode: Remote code execution
这篇文章描述了Laravel框架中Ignition包的一个安全漏洞。该漏洞允许攻击者通过构造特定的URL路径,在服务器上执行任意代码。攻击者可以利用PHP的phar://过滤器和ftp协议来实现远程代码执行。最终,该漏洞被修复,并提供了CVE编号和修复建议。...
2021-1-12 08:0:0 | 阅读: 9 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
00a
php
00b
payload
00q
Remote code execution on Sqreen: exploiting the microagent
When Charles reached out to me to disclose this issue, we decided to react with one goal in mind: pr...
2020-11-19 08:0:0 | 阅读: 7 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
sqreen
binaryvalue
bv
python
ary
Secret fragments: Remote code execution on Symfony based websites
这篇文章讨论了Symfony框架中的FragmentListener类及其相关安全问题。由于该类允许通过GET参数设置请求属性以执行任意PHP代码,并依赖HMAC签名进行保护,而默认或弱密钥配置使其易受攻击。攻击者可利用文件读取、SSRF或其他低影响漏洞获取密钥,并通过构造有效签名URL实现远程代码执行。文章强调了正确配置密钥的重要性,并指出即使使用最新版本的Symfony,默认或弱密钥仍可能带来风险。...
2020-10-18 22:0:0 | 阅读: 7 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
symfony
fragment
php
ezpublish
Lockbit analysis
IntroductionIn this article, we will talk briefly about the LockBit features and focus on the differ...
2020-10-03 01:00:00 | 阅读: 80 |
收藏
|
blog.lexfo.fr
assignblk
0x423ee0
memory
buff
instr
Pentesting a banking FTP service
IntroductionA classical penetration test requires skills to assess a large variety of weaknesses, of...
2020-03-25 02:00:00 | 阅读: 78 |
收藏
|
blog.lexfo.fr
parm
lit
payload
allo
sig
Whitepaper: The Lazarus Constellation - A study on North-Korean malware
For years, Lazarus activities were seen as acts of cyberterrorism and vandalism, since most of them...
2020-03-09 22:00:00 | 阅读: 66 |
收藏
|
blog.lexfo.fr
whitepaper
acts
destruction
lexfo
download
Breaking PHP's mt_rand() with 2 values and no bruteforce
在渗透测试中发现了一个使用PHP的Mersenne Twister生成随机数的漏洞。作者证明了通过两个mt_rand()输出即可恢复种子,进而预测所有随机数,导致潜在的安全风险。...
2020-1-6 09:20:0 | 阅读: 9 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
php
scrambled
twist
s227
undo
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
文章描述了Magento电子商务平台中的一个未认证SQL注入漏洞,该漏洞存在于其ORM和数据库管理代码中。攻击者可通过构造特定请求利用此漏洞执行SQL注入攻击,进而读取数据库内容或获取管理员权限。该漏洞已存在多年,修复方案简单但影响深远。...
2019-3-28 23:0:0 | 阅读: 8 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
fieldname
magento
Exploiting Drupal8's REST RCE
Drupal 8 REST模块存在远程代码执行漏洞,攻击者可通过未认证的GET请求触发,利用反序列化机制实现代码注入。官方补丁不完全,建议升级或禁用模块以修复漏洞。...
2019-2-22 17:0:0 | 阅读: 6 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
drupal
hal
unserialize
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 1/4)
This series covers a step-by-step walkthrough to develop a Linux kernel exploit from a CVE descripti...
2018-10-02 13:00:00 | 阅读: 63 |
收藏
|
blog.lexfo.fr
netlink
mq
sigev
attachskb
fget
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 2/4)
The previous article provided a detailed analysis of the CVE-2017-11176 bug (aka. "mq_notify: double...
2018-10-02 13:00:00 | 阅读: 63 |
收藏
|
blog.lexfo.fr
netlink
unblock
wake
attachskb
15981
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 3/4)
In the previous article, we implemented a proof-of-concept that triggers the bug from userland, drop...
2018-10-02 13:00:00 | 阅读: 57 |
收藏
|
blog.lexfo.fr
netlink
slab
kmalloc
cmsg
CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 4/4)
In this final part, we will transform the arbitrary call primitive (cf. part 3) into arbitrary code...
2018-10-02 13:00:00 | 阅读: 59 |
收藏
|
blog.lexfo.fr
netlink
nl
userland
memory
hlist
PrestaShop 1.6 Privilege Escalation
PrestaShop存在会话cookie加密缺陷,攻击者可读取和篡改会话数据,导致客户或员工会话被劫持。该漏洞利用CRC32校验和和 Blowfish/AES 加密的缺陷,允许攻击者窃取敏感信息、获取管理员权限并执行代码。受影响版本为 1.6.1.19 及以下,已在 2018 年修复。...
2018-7-16 08:20:0 | 阅读: 13 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
crc
prestashop
k1
k0
kvp
PHP Generic Gadget Chains: Exploiting unserialize in unknown environments
文章介绍了利用`unserialize()`函数进行攻击的技术,并推出PHPGGC工具,用于生成针对常见PHP框架和库的gadget链payload。该工具支持Laravel、Symfony、Monolog等框架,并可通过命令行或编程方式生成payload。...
2017-7-4 08:20:0 | 阅读: 7 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
slim
pimple
monolog
unserialize
phpggc
Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell
文章描述了一种通过Oracle PeopleSoft中的XXE漏洞结合Apache Axis SSRF(服务器端请求伪造)技术实现远程代码执行的方法。攻击者利用XXE漏洞获取本地端口信息,并通过Axis服务部署LogHandler,在Web根目录下写入恶意JSP文件,最终获得SYSTEM权限的远程控制能力。...
2017-5-17 08:20:0 | 阅读: 5 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
soapenv
payload
ns1
envelope
axis
TYPO3 News module SQL Injection
TYPO3 News模块存在SQL注入漏洞,默认启用且未修复。攻击者可通过控制orderByAllowed参数构造恶意SQL语句提取敏感数据。尽管开发团队已收到报告但未及时修复,默认配置下仍可被利用。...
2017-4-6 08:20:0 | 阅读: 6 |
收藏
|
Lexfo's security blog - blog.lexfo.fr
payload
injection
typo3
Previous
3
4
5
6
7
8
9
10
Next