解析语言内存马注入(一) 解析语言内存马注入(一)前言在一直以来的漏洞挖掘和攻防过程中,我们会发现经常会出现表达式语言注入漏洞,而为了稳定获取权限就不可避免的需要注入内存马 解析语言概述本文会测试使用的表达式语言基本都是常见的java表达式语言或常见模板,一共6种,如下所示: 123456ELOGNLSPELThymeleafVelocityFreeMarker 解析语言介绍EL表达式EL表达式全名Expression 2024-03-01 学习记录 #java
Java_JDBC(commonscollection3.2.2)Bypass Java_JDBC(commonscollection3.2.2)Bypass0x01 分析题目简单捋捋信息,访问题目得到一个连接测试页面 题目给出的附件如下: 不难看出考点是DB2的JNDI注入,DB2打JNDI的payload大致如下: 1jdbc:db2://127.0.0.1:50001/db:clientRerouteServerListJNDIName=ldap://127.0.0 2023-12-29 rce #CTF #Bypass
CVE-2023-41544(JeecgBoot FreeMarker SSTI) DescriptionThe JeecgBoot/jeecg boot/jmreport/loadTableData Api interface does not have identity verification. Freemarker is used to process SQL parameters passed in by the user, and arb 2023-09-18 CVE #CVE #JeecgBoot #代码审计
CVE-2023-41543(JeecgBoot Sql Injection) DescriptionJEECG Boot v3.5.3 was discovered to contain a SQL injection in /sys/replicate/check Affected versionJeecgBoot <= v3.5.3 Vulnerability AnalysisIt was found that the fr 2023-09-18 CVE #CVE #JeecgBoot #代码审计
CVE-2022-22972(VM_access_Identity_authentication_bypass) Vulnerability DescriptionVMware is a provider of global desktop to data center virtualization solutions, offering products including our most familiar VMware Workstation, a desktop virtual computing s 2023-09-18 CVE #CVE #代码审计 #VMware
CVE-2023-41542(JeecgBoot Sql Injection) DescriptionJEECG Boot v3.5.3 was discovered to contain a SQL injection in /jeecg boot/jmreport/qurestSql Affected versionJeecgBoot <= v3.5.3 Vulnerability AnalysisIt was found t 2023-09-15 CVE #CVE #JeecgBoot #代码审计
命令执行绕过 命令执行无字母数字绕过12345678910111213141516171819202122232425if(!preg_match('/[a-z0-9]/is',$_GET['shell'])){ eval($_GET['shell']);}1.异或$_=('%01'^'`' 2022-07-14 rce #WAF绕过 #rce
sql注入绕过 今天总结一下sql注入过程中目前阶段碰到的主要过滤问题。 0x00 基本问题sql注入过程中,为了防止注入,代码中一般会进行输入字符的过滤或拦截。其中过滤指的是输入的内容被删除or替换成了别的字符,拦截指的是检测到指定内容存在后,直接返回错误,不再进行后续的操作。 0x01 and/or1.尝试双写or大小写绕过 2.运算符代替:&&,|| 3.^运算符,例如:?id 2022-06-16 sql #sql #WAF绕过