[EN] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai (@orange_8361)  |  繁體中文版本  |  English VersionHey there! This is my research on Apache HT... 2024-8-9 11:0:0 | 阅读: 2 | 收藏 | Orange - blog.orange.tw php proxy rewriterule confusion redmine

[中文] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai (@orange_8361)  |  繁體中文版本  |  English Version嗨，這是我今年發表在 Black Hat USA 2024 上針對 Apache HT... 2024-8-9 11:0:0 | 阅读: 5 | 收藏 | Orange - blog.orange.tw php 一個 這個 模組 攻擊

CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again! This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believ... 2024-6-7 06:0:0 | 阅读: 1126 | 收藏 | Orange - blog.orange.tw xampp php windows preparing devcore

從 2013 到 2023: Web Security 十年之進化與趨勢! TL;DR for Hackers & Researchers: this is a more conceptual talk for web developers. All are in Manda... 2023-8-12 16:0:0 | 阅读: 24 | 收藏 | Orange - blog.orange.tw 攻擊 一個 應用 安全 開發

A New Attack Surface on MS Exchange Part 4 - ProxyRelay! This is a cross-post blog from DEVCORE. You can check the series on: A New Attack Su... 2022-10-19 15:58:0 | 阅读: 8 | 收藏 | blog.orange.tw exchange microsoft frontend machine

Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! Hi, this is my fifth time speaking at Black Hat USA and DEFCON. You can get the slide copy and vi... 2022-8-18 00:0:0 | 阅读: 20 | 收藏 | blog.orange.tw microsoft orange bypass 30209

A New Attack Surface on MS Exchange Part 3 - ProxyShell! Author: Orange Tsai(@orange_8361) from DEVCORE P.S. This is a cross-post b... 2021-08-19 00:08:00 | 阅读: 68 | 收藏 | blog.orange.tw exchange initiative zdi pwn2own microsoft

Orange: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE... 2021-08-07 00:57:27 | 阅读: 69 | 收藏 | blog.orange.tw exchange frontend proxylogon httpcontext proxy

A New Attack Surface on MS Exchange Part 1 - ProxyLogon! Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE... 2021-8-6 15:57:0 | 阅读: 16 | 收藏 | blog.orange.tw exchange frontend httpcontext proxylogon microsoft

A New Attack Surface on MS Exchange Part 2 - ProxyOracle! Author: Orange Tsai(@orange_8361)P.S. This is a cross-post blog from DEVCORE... 2021-8-6 15:57:0 | 阅读: 16 | 收藏 | blog.orange.tw exchange fba username

A Journey Combining Web Hacking and Binary Exploitation in Real World! Hi, this blog post is just a short post to address the technique part in one of my Red Team cases... 2021-02-24 16:00:00 | 阅读: 97 | 收藏 | blog.orange.tw slides combining php phpwind hong

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM Author: Orange TsaiThis is a cross-post blog from DEVCORE. 中文版請參閱這裡 Hi, it’s a long time si... 2020-09-12 18:25:00 | 阅读: 57 | 收藏 | blog.orange.tw mdm jndi mobileiron groovy injection

Orange: 你用它上網，我用它進你內網! 中華電信數據機遠端代碼執行漏洞 For non-native readers, this is a writeup of my DEVCORE Conference 2019 talk. Describe a misconfi... 2019-11-12 13:58:57 | 阅读: 94 | 收藏 | blog.orange.tw 漏洞 一個 我們 數據機 數據

An analysis and thought about recently PHP-FPM RCE(CVE-2019-11043) First of all, this is such a really interesting bug! From a small memory defect to code execution... 2019-10-30 01:45:00 | 阅读: 53 | 收藏 | blog.orange.tw php fcgi fastcgi seg peda

Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from DEV... 2019-09-02 23:00:00 | 阅读: 49 | 收藏 | blog.orange.tw pulse perl dana security injection

Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN Author: Meh Chang(@mehqq_) and Orange Tsai(@orange_8361)This is also the cross-post blog from DEVC... 2019-08-10 05:53:00 | 阅读: 71 | 收藏 | blog.orange.tw overflow fortigate handshake junk crash

Orange: Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from D... 2019-07-18 15:32:01 | 阅读: 125 | 收藏 | blog.orange.tw alto sslmgr palo uber

Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from D... 2019-07-17 21:27:00 | 阅读: 52 | 收藏 | blog.orange.tw alto sslmgr palo scep

Orange: Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from D... 2019-07-17 21:08:07 | 阅读: 114 | 收藏 | blog.orange.tw alto sslmgr palo scep

A Wormable XSS on HackMD! 在 Web Security 中，我喜歡伺服器端的漏洞更勝於客戶端的漏洞!(當然可以直接拿 shell 的客戶端洞不在此限XD) 因為可以直接控制別人的伺服器對我來說更有趣! 正因如此，我以往的... 2019-03-12 21:00:00 | 阅读: 62 | 收藏 | blog.orange.tw hackmd 標籤 這個 註解 一個