PHP Generic Gadget Chains: Exploiting unserialize in unknown environments The use of unserialize() with unsafe input has been for years a very present vulnerability, and many... 2017-07-04 17:20:00 | 阅读: 17 | 收藏 | www.ambionics.io slim pimple phpggc monolog unserialize

Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell The article was updated on September 2018 with a more generic way to exploit the AXIS-SSRF combo. Yo... 2017-05-17 17:20:00 | 阅读: 23 | 收藏 | www.ambionics.io soapenv payload ns1 envelope axis

TYPO3 News module SQL Injection The News module, the 20th most used module of TYPO3, is subject to an SQL injection vulnerability. A... 2017-04-06 17:20:00 | 阅读: 12 | 收藏 | www.ambionics.io payload injection typo3

Drupal 7.x Services module unserialize() to RCE 08 March, 2017Posted By Charles Fol drupal module unserialize services exploit vulnerability details... 2017-03-09 03:20:00 | 阅读: 15 | 收藏 | www.ambionics.io drupal php ux injection

Grails PDF Plugin XXE Some times ago the Ambionics team encountered a very old instance of Grails, a Groovy based MVC fram... 2017-02-21 18:20:00 | 阅读: 11 | 收藏 | www.ambionics.io pdfform bounce attacker grails baseuri

CVE-2016-9838 - Joomla! Account Takeover & Remote Code Execution IntroductionJoomla! has been the target of several critical vulnerabilities during last year:[201610... 2017-01-20 18:20:00 | 阅读: 16 | 收藏 | www.ambionics.io joomla username jform php bs4