N1CTF24 PHP Master Writeup 0x01 介绍在刚刚过去的N1CTF24上，... 2024-11-12 19:48:15 | 阅读: 4 | 收藏 | Sec-News 安全文摘 - govuln.com php dataform 0x500 解释器 指令

Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable 2024-11-7 16:19:46 | 阅读: 2 | 收藏 | Sec-News 安全文摘 - govuln.com

构建无密码认证：passkey入门与Go实现 请点击上方蓝字TonyBai订阅公众号！传统的密码认证一直以来都是数字时代的主流身份验证方式。然而，用户常常选择易记的弱密码并重复使用，导致账号易受攻击。密码泄露、钓鱼攻击等安全问题层出不穷，超过80... 2024-11-7 16:18:4 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com passkey webauthn username 数据

CVE-2024-9264: Grafana Remote Code Execution via SQL Expressions In my previous blog post, I examined a File-Read vulnerability in Grafana, which was introduced in... 2024-11-7 16:16:55 | 阅读: 20 | 收藏 | Sec-News 安全文摘 - govuln.com reverse payload shellfs username duckdb

protectai/vulnhuntr: Zero shot vulnerability discovery using LLMs A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.Worl... 2024-10-22 23:4:15 | 阅读: 2 | 收藏 | Sec-News 安全文摘 - govuln.com llm vulnhuntr analysis gpt

nollium/CVE-2024-9264: Exploit for Grafana arbitrary file-read (CVE-2024-9264) Grafana Post-Auth DuckDB SQL Injection (File Read)Proof of Concept (PoC)This PoC demonstrates the... 2024-10-22 02:3:51 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com duckdb 9264 gr injection

Why Code Security Matters - Even in Hardened Environments Infrastructure hardening makes applications more resilient to attacks. These measures raise the bar... 2024-10-10 00:30:53 | 阅读: 0 | 收藏 | Sec-News 安全文摘 - govuln.com attackers uv yellow signum memory

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) IntroductionIn this blog post, we will analyze CVE-2024-45409, a critical vulnerabi... 2024-10-5 19:14:50 | 阅读: 18 | 收藏 | Sec-News 安全文摘 - govuln.com assertion digest signedinfo oasis digestvalue

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine 首页 会员介绍... 2024-10-4 16:34:37 | 阅读: 3 | 收藏 | Sec-News 安全文摘 - govuln.com icp 20012251 审计

Java Payload 生成框架的设计与实现 一、前言    我们在实战渗透过程中，尤其是国内，遇到很多Java语言编写的站点居多，同时这里会存在很多Java漏洞场景。    例如在Shiro 550中，以Java反序列化点为漏洞入口起点，使用... 2024-9-30 14:21:49 | 阅读: 9 | 收藏 | Sec-News 安全文摘 - govuln.com payload github jndi ysomap

Clash 检测工具的原理 我在 /t/1076579 给出了 Clash 检测的在线工具，有评论希望我能说明以下其中的原理。对此比较感兴趣的，可以阅读一下本文。首先，需要了解两个术语：「同源策略」和「跨域资源共享」。... 2024-9-30 11:36:31 | 阅读: 14 | 收藏 | Sec-News 安全文摘 - govuln.com 端口 clash 浏览器 401 共享

iOS 如何按地区限制功能：浅析 MobileGestalt 与 Eligibility 如一些评论指出，今年的 iPhone 16 系列在上市时是一种奇怪的「空壳」状态：大力鼓吹的 Apple Intelligence 至少要等到十月的 iOS 18.1 中才能启用；与国内用户在短期内无... 2024-9-28 21:34:25 | 阅读: 22 | 收藏 | Sec-News 安全文摘 - govuln.com eligibility 备份 苹果

Preventing app removal on iOS You can still remove the app from Home Screen, but it is not uninstalled.... 2024-9-28 21:30:25 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com alarm superalarm approval prevented completes

探秘argv[0]：程序参数中的安全隐忧 2024-9-27 16:50:37 | 阅读: 2 | 收藏 | Sec-News 安全文摘 - govuln.com

webshell下的Rasp简易绕过 一 、什么是RASP？在2014年的时候，Gartner引入了“Runtime application self-protection”一词，简称为RASP。它是一种新型应用安全保护技术，它将保护程序... 2024-9-27 15:57:43 | 阅读: 26 | 收藏 | Sec-News 安全文摘 - govuln.com bypassrasp 拦截 shellentity splitpane

Attacking UNIX Systems via CUPS, Part I Hello friends, this is the first of two, possibly three (if and when I have time to finish the Wind... 2024-9-27 15:57:1 | 阅读: 14 | 收藏 | Sec-News 安全文摘 - govuln.com cups printer ppd ipp browsed

Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall The testing tool to identify if your domain is vulnerable to this attack is located at the end of th... 2024-9-27 15:56:6 | 阅读: 10 | 收藏 | Sec-News 安全文摘 - govuln.com webproxy vn redacted2 fastly

The real slim shady || Ivanti Endpoint Manager (EPM) Pre-Auth RCE ivanti just pushed a patch for a Critical CVSS 9.8 (Critical) Remote Code Execution Vulnerability th... 2024-9-20 17:24:53 | 阅读: 11 | 收藏 | Sec-News 安全文摘 - govuln.com remoting forshaw james mbr

解密 ClassFinal 加密的 Java Jar 包 ClassFinal 是一款 java class 文件安全加密工具，支持直接加密 jar 包或 war 包，无需修改任何项目代码，兼容 spring-framework ；可避免源码泄漏或字节码被反... 2024-9-18 20:0:42 | 阅读: 16 | 收藏 | Sec-News 安全文摘 - govuln.com classfinal decompiler roseboy classpath

Introducing the URL validation bypass cheat sheet Published: 03 September 2024 at 14:52 UTC... 2024-9-12 18:44:38 | 阅读: 2 | 收藏 | Sec-News 安全文摘 - govuln.com cheat bypass converted attacker hexadecimal