catalog . Description . Effected Scope . Exploit Analysis . Principle Of Vulnerability . Patch Fix 1. Description S2-007和S2-003.S2-005的漏洞源头都是一样的,都是struts2对OGNL的解析过程中存在漏洞,导致黑客可以通过OGNL表达式实现代码注入和执行,所不同的是 . S2-.S2-: 通过OGNL的name-value的赋值解析过程.#访问全局静态变量(AOP…

漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache Synapse(CVE-2017-15708)远程命令执行漏洞分析]  // 今年年底抽出时间看Apache的Project,也顺利完成在年初的flag   Apache Synapse Remote Code Execution Vulnerability   Severity: Importa…

目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和windows的Secure Channel (Schannel)有关 The Secure Channel (Schannel) security package is a Security Support Provider (SSP) that implements the Secure Soc…

# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability # Google Dork: N/A # Date: March, 13 2019 # Exploit Author: Eduardo Braun Prado # Vendor Homepage: http://www.microsoft.com/ # Software L…

# Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Author: David May (david.may@semanticbits.com) # Vendor Homepage: https://superset.apache.org/ # Software Link: https://github.com/apache/incubator-superset…

# Exploit Title: ThinkPHP .x < v5.0.23,v5.1.31 Remote Code Execution # Date: -- # Exploit Author: VulnSpy # Vendor Homepage: https://thinkphp.cn # Software Link: https://github.com/top-think/framework/ # Version: v5.x below v5.0.23,v5.1.31 # CVE: N/A…

catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function can be bypassed under special conditions and it is possible to allows remote code execution. Relevant Link: https://cxsecurity.com/issue/WLB-2015120164…

Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed. If you're running Elasticsearch in development please read the instructions on how to se…

本文简要记述一下Roundcube 1.2.2远程代码执行漏洞的复现过程. 漏洞利用条件 Roundcube必须配置成使用PHP的mail()函数(如果没有指定SMTP,则是默认开启) PHP的mail()函数配置使用sendmail(默认开启) 关闭PHP配置文件中的safe_mode(默认开启) 攻击者必须知道或者猜出网站根目录的[绝对路径] 需要有一个可登陆的[账号密码account] 影响版本 1.1.x < 1.1.7 1.2.x < 1.2.3 环境搭建 请参考:CentOS6 安…

一.  Home Web Server 1.9.1 build 164 - CGI Remote Code Execution复现 漏洞描述: Home Web Server允许调用CGI程序来通过POST请求访问位于/cgi-bin下的文件,然后通过目录遍历,就有可能执行远程主机的任意可执行程序. 漏洞影响范围: Home Web Server 1.9.1 build 164 漏洞复现: 利用原理: NC连接发送打开计算器请求,安装Home Web Server 1.9.1 build 164…