Advisory: Code Execution via Insecure Shell Function getopt_simple RedTeam Pentesting discovered that the shell function "getopt_simple",as presented in the "Advanced Bash-Scripting Guide", allows execution ofattacker-controlled comman…
目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和windows的Secure Channel (Schannel)有关 The Secure Channel (Schannel) security package is a Security Support Provider (SSP) that implements the Secure Soc…
Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed. If you're running Elasticsearch in development please read the instructions on how to se…
# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability # Google Dork: N/A # Date: March, 13 2019 # Exploit Author: Eduardo Braun Prado # Vendor Homepage: # Software L…
catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function can be bypassed under special conditions and it is possible to allows remote code execution. Relevant Link:…
测试方法: 本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负! /* Apache Magica by Kingcope */ /* gcc apache-magika.c -o apache-magika -lssl */ /* This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the…
In Chapter 1, Getting Started, we noted that $(document).ready()was jQuery's primary way to perform tasks on page load. It is not, however, the only method at our disposal. The native window.onloadevent can achieve a similar effect. While the two met…
本文简要记述一下Roundcube 1.2.2远程代码执行漏洞的复现过程. 漏洞利用条件 Roundcube必须配置成使用PHP的mail()函数(如果没有指定SMTP,则是默认开启) PHP的mail()函数配置使用sendmail(默认开启) 关闭PHP配置文件中的safe_mode(默认开启) 攻击者必须知道或者猜出网站根目录的[绝对路径] 需要有一个可登陆的[账号密码account] 影响版本 1.1.x < 1.1.7 1.2.x < 1.2.3 环境搭建 请参考:CentOS6 安…
# Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Author: David May ( # Vendor Homepage: # Software Link:…
# Exploit Title: ThinkPHP .x < v5.0.23,v5.1.31 Remote Code Execution # Date: -- # Exploit Author: VulnSpy # Vendor Homepage: # Software Link: # Version: v5.x below v5.0.23,v5.1.31 # CVE: N/A…