Signup PHP Portal 2.1 Shell Upload

https://cxsecurity.com/issue/WLB-2021120088

Video Sharing Website 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2021120089

Bazaar Web PHP Social Listings Shell Upload

https://cxsecurity.com/issue/WLB-2021120090

WBCE CMS 1.5.1 Admin Password Reset

https://cxsecurity.com/issue/WLB-2021120091

Exponent CMS 2.6 Multiple Vulnerabilities

https://cxsecurity.com/issue/WLB-2021120092

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

https://cxsecurity.com/issue/WLB-2021120093

WordPress Popular Posts 5.3.2 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120094

Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service

https://cxsecurity.com/issue/WLB-2021120095

phpKF CMS 3.00 Beta y6 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120096

HRVAC Consulting Engineering Israel SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120097

Backdoor.Win32.Visiotrol.10 / Insecure Password Storage

https://cxsecurity.com/issue/WLB-2021120098

生成各方面AD报告，便于进行安全管理或咨询。

https://github.com/ziesemer/ad-privileged-audit#execution

SQLbit - 基于布尔盲注的自动化脚本

https://github.com/Sunlight-Rim/sqlbit

https://github.com/daddycocoaman/turdshovel

https://github.com/S3cur3Th1sSh1t/MultiPotato

攻防资产处理小工具，便于筛选有价值资产

https://github.com/dr0op/bufferfly

原生JNDI注入漏洞的高版本JDKBypass利用

https://github.com/exp1orer/JNDI-Inject-Exploit

辅助攻防项目快速打点的综合工具

https://github.com/P1-Team/AlliN

【红队文章】

了解微服务的工作原理及破解过程

https://infosecwriteups.com/hacking-microservices-for-fun-and-bounty-5cc302769e94

Auerswald PBX 固件后门分析

https://blog.redteam-pentesting.de/2021/inside-a-pbx/

https://payloads.online/archivers/2020-07-16/1/

https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6

更多详情请查看原文