unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Introducing lightyear: a new way to dump PHP files
PHP filter chains are, in my opinion, an amazing research subject, as they seem to offer an infinite...
2024-11-4 16:0:0 | 阅读: 5 |
收藏
|
Ambionics - www.ambionics.io
digit
iconv
4a
5a
dechunk
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for...
2024-9-30 15:0:0 | 阅读: 9 |
收藏
|
Ambionics - www.ambionics.io
php
brigade
buckets
memory
0x400
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for...
2024-6-17 15:0:0 | 阅读: 17 |
收藏
|
Ambionics - www.ambionics.io
php
iconv
rcube
rcmail
roundcube
Scalpel: a Burp Suite extension to edit HTTP traffic, in Python 3
Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the...
2024-6-5 20:0:0 | 阅读: 24 |
收藏
|
Ambionics - www.ambionics.io
burp
scalpel
python
encryption
repeater
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for...
2024-5-27 15:0:0 | 阅读: 5 |
收藏
|
Ambionics - www.ambionics.io
iconv
php
utf7
855
buckets
Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix
wrapwrap marks another improvement to the PHP filter exploitation saga. Adding arbitrary prefixes to...
2023-12-11 07:0:0 | 阅读: 4 |
收藏
|
Ambionics - www.ambionics.io
iconv
php
digit
triplet
payload
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
On November 21th 2023, Owncloud released a new version patching two vulnerabilities (1 and 2) we rep...
2023-12-4 07:0:0 | 阅读: 3 |
收藏
|
Ambionics - www.ambionics.io
oc
owncloud
dav
verifier
Unserializable, but unreachable: Remote code execution on vBulletin
In late August of 2022, we reported a pre-authentication remote code execution vulnerability to vBul...
2023-1-31 16:0:0 | 阅读: 24 |
收藏
|
Ambionics - www.ambionics.io
vb
vbulletin
datamanager
php
unserialize
Blind exploits to rule WatchGuard firewalls
AbstractIntroductionInitial footholdAttack surfaceXML-RPC parsingVulnerability #1: Blind alphanumeri...
2022-8-29 06:0:0 | 阅读: 14 |
收藏
|
www.ambionics.io
realloc
2gb
fig
arena
mmapped
Hacking Root-Me: SPIP SQL injection leading to RCE (challenge)
SPIP version 4.0.1 was released on Wednesday, December 15 2021, in order to patch a vulnerability in...
2022-1-12 07:0:0 | 阅读: 10 |
收藏
|
Ambionics - www.ambionics.io
spip
g0uz
hiring
security
hesitate
PHP-FPM local root vulnerability
IntroductionOverview of the bugOverview of PHP-FPMMain process and workersScoreboardsIPC through SHM...
2021-10-25 19:29:40 | 阅读: 131 |
收藏
|
www.ambionics.io
php
procs
memory
zcg
crash
PHP-FPM local root vulnerability
IntroductionOverview of the bugOverview of PHP-FPMMain process and workersScoreboardsIPC through SHM...
2021-10-21 07:0:0 | 阅读: 7 |
收藏
|
www.ambionics.io
php
procs
memory
zcg
crash
Laravel <= v8.4.2 debug mode: Remote code execution
In late November of 2020, during a security audit for one of our clients, we came accross a website...
2021-1-12 08:0:0 | 阅读: 11 |
收藏
|
www.ambionics.io
00a
php
00b
payload
00q
Remote code execution on Sqreen: exploiting the microagent
When Charles reached out to me to disclose this issue, we decided to react with one goal in mind: pr...
2020-11-19 17:00:00 | 阅读: 16 |
收藏
|
www.ambionics.io
sqreen
binaryvalue
bv
python
ary
Secret fragments: Remote code execution on Symfony based websites
Since its creation in 2008, the use of the Symfony framework has been growing more and more in PHP b...
2020-10-19 07:00:00 | 阅读: 22 |
收藏
|
www.ambionics.io
symfony
fragment
php
ezpublish
Breaking PHP's mt_rand() with 2 values and no bruteforce
While performing a pentest on an old website, we encountered a piece of code that we had not seen in...
2020-01-06 18:20:00 | 阅读: 16 |
收藏
|
www.ambionics.io
php
scrambled
twist
s227
undo
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
After attacking PrestaShop several months ago, my next target of choice was another eCommerce platfo...
2019-06-10 13:13:13 | 阅读: 34 |
收藏
|
www.ambionics.io
fieldname
magento
Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi
After attacking PrestaShop several months ago, my next target of choice was another eCommerce platfo...
2019-3-28 23:0:0 | 阅读: 10 |
收藏
|
www.ambionics.io
fieldname
magento
Exploiting Drupal8's REST RCE
Once again, an RCE vulnerability emerges on Drupal's core. This time it is targeting Drupal 8's REST...
2019-02-23 02:00:00 | 阅读: 17 |
收藏
|
www.ambionics.io
drupal
hal
unserialize
PrestaShop 1.6 Privilege Escalation
Instead of using the usual PHP session ID and storing data locally, PrestaShop stores session data i...
2018-07-16 17:20:00 | 阅读: 14 |
收藏
|
www.ambionics.io
crc
prestashop
k1
k0
kvp
Previous
-20
-19
-18
-17
-16
-15
-14
-13
Next