How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System Hi! This is the case study in my Black Hat USA 2018 and DEFCON 26 talk, you can also check slides... 2018-8-11 04:10:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com seam nuxeo bypass security

Google CTF 2018 Quals Web Challenge - gCalc gCalc is the web challenge in Google CTF 2018 quals and only 15 teams solved during 2 days’ comp... 2018-6-27 15:40:0 | 阅读: 3 | 收藏 | Orange - orange-tw.blogspot.com gcalc2 payload ans

Pwn a CTF Platform with Java JRMP Gadget 打 CTF 打膩覺得沒啥新鮮感嗎，來試試打掉整個 CTF 計分板吧!前幾個月，剛好看到某個大型 CTF 比賽開放註冊，但不允許台灣參加有點難過 :(看著官網最下面發現是 FlappyPig 所主辦，... 2018-3-26 20:0:0 | 阅读: 3 | 收藏 | Orange - orange-tw.blogspot.com shiro 漏洞 一個 classloader 實現

PHP CVE-2018-5711 - Hanging Websites by a Harmful GIF Author: Orange Tsai(@orange_8361) from DEVCORERecently, I reviewed several Web frameworks and l... 2018-1-21 23:21:0 | 阅读: 0 | 收藏 | Orange - orange-tw.blogspot.com php getcode scd

How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Hi, it’s been a long time since my last blog post.In the past few months, I spent lots of time... 2017-7-28 14:0:0 | 阅读: 5 | 收藏 | Orange - orange-tw.blogspot.com github ssrf payload nogg graphite