[EN] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai (@orange_8361)  |  繁體中文版本  |  English VersionHey there! This is my research on Apache HT... 2024-8-9 11:0:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com php proxy rewriterule confusion redmine

[中文] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai (@orange_8361)  |  繁體中文版本  |  English Version嗨，這是我今年發表在 Black Hat USA 2024 上針對 Apache HT... 2024-8-9 11:0:0 | 阅读: 8 | 收藏 | Orange - orange-tw.blogspot.com php 一個 這個 模組 攻擊

CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again! This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believ... 2024-6-7 06:0:0 | 阅读: 5 | 收藏 | Orange - orange-tw.blogspot.com xampp windows php devcore bypassed

從 2013 到 2023: Web Security 十年之進化與趨勢! TL;DR for Hackers & Researchers: this is a more conceptual talk for web developers. All are in Manda... 2023-8-12 16:0:0 | 阅读: 2 | 收藏 | Orange - orange-tw.blogspot.com 攻擊 一個 安全 應用 開始

A New Attack Surface on MS Exchange Part 4 - ProxyRelay! This is a cross-post blog from DEVCORE. You can check the series on: A New Attack Su... 2022-10-19 15:58:0 | 阅读: 1 | 收藏 | Orange - orange-tw.blogspot.com exchange microsoft frontend machine

Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! Hi, this is my fifth time speaking at Black Hat USA and DEFCON. You can get the slide copy and vi... 2022-8-18 00:0:0 | 阅读: 3 | 收藏 | Orange - orange-tw.blogspot.com microsoft orange bypass lkrhash

A New Attack Surface on MS Exchange Part 3 - ProxyShell! Author: Orange Tsai(@orange_8361) from DEVCORE P.S. This is a cross-post... 2021-8-18 23:8:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com exchange pwn2own orange microsoft initiative

A New Attack Surface on MS Exchange Part 2 - ProxyOracle! Author: Orange Tsai(@orange_8361)P.S. This is a cross-post blog from DEVCORE... 2021-8-6 23:57:0 | 阅读: 2 | 收藏 | Orange - orange-tw.blogspot.com exchange fba client

A New Attack Surface on MS Exchange Part 1 - ProxyLogon! Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE... 2021-8-6 23:57:0 | 阅读: 2 | 收藏 | Orange - orange-tw.blogspot.com exchange frontend proxylogon httpcontext proxy

A Journey Combining Web Hacking and Binary Exploitation in Real World! Hi, this blog post is just a short post to address the technique part in one of my Red Team cases... 2021-2-24 15:0:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com slides php phpwind combining techday

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM Author: Orange TsaiThis is a cross-post blog from DEVCORE. 中文版請參閱這裡 Hi, it’s a long time si... 2020-9-12 17:25:0 | 阅读: 6 | 收藏 | Orange - orange-tw.blogspot.com mdm jndi mobileiron groovy injection

你用它上網，我用它進你內網! 中華電信數據機遠端代碼執行漏洞 For non-native readers, this is a writeup of my DEVCORE Conference 2019 talk. Describe a misconfi... 2019-11-11 18:15:0 | 阅读: 3 | 收藏 | Orange - orange-tw.blogspot.com 漏洞 一個 我們 數據 數據機

An analysis and thought about recently PHP-FPM RCE(CVE-2019-11043) First of all, this is such a really interesting bug! From a small memory defect to code execution... 2019-10-30 00:45:0 | 阅读: 3 | 收藏 | Orange - orange-tw.blogspot.com php fcgi fastcgi seg peda

Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from DEV... 2019-9-2 22:0:0 | 阅读: 1 | 收藏 | Orange - orange-tw.blogspot.com pulse perl dana injection security

Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN Author: Meh Chang(@mehqq_) and Orange Tsai(@orange_8361)This is also the cross-post blog from DEVC... 2019-8-10 04:53:0 | 阅读: 6 | 收藏 | Orange - orange-tw.blogspot.com overflow fortigate handshake junk crash

Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study! Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)P.S. This is a cross-post blog from D... 2019-7-17 20:27:0 | 阅读: 8 | 收藏 | Orange - orange-tw.blogspot.com sslmgr alto palo scep

A Wormable XSS on HackMD! 在 Web Security 中，我喜歡伺服器端的漏洞更勝於客戶端的漏洞!(當然可以直接拿 shell 的客戶端洞不在此限XD) 因為可以直接控制別人的伺服器對我來說更有趣! 正因如此，我以往的... 2019-3-12 20:0:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com hackmd 這個 標籤 註解 一個

Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE! This is also a cross-post blog from DEVCORE, this post is in English, 而這裡是中文版本!#2019-02-22-updat... 2019-2-19 20:0:0 | 阅读: 4 | 收藏 | Orange - orange-tw.blogspot.com groovy jenkins orange restlet grab

Hacking Jenkins Part 1 - Play with Dynamic Routing This is a cross-post blog from DEVCORE, this post is in English, 而這裡是中文版本!# Part two is out, plea... 2019-1-16 20:10:0 | 阅读: 1 | 收藏 | Orange - orange-tw.blogspot.com jenkins security bypass anonymous

HITCON CTF 2018 - One Line PHP Challenge In every year’s HITCON CTF, I will prepare at least one PHP exploit challenge which the source co... 2018-10-24 00:19:0 | 阅读: 1 | 收藏 | Orange - orange-tw.blogspot.com php solved tragedy iamorange bypass