hvv 0day pan micro OA V8 sql injection / V9 file upload (including batch poc)
0x00 introduction to pan micro OA
Founded in 2001 and headquartered in Shanghai, fanwei focuses on the field of collaborative management OA software, and is committed to taking collaborative OA as the core to help enterprises build a new mobile office platform.
0x01 vulnerability description
SQL injection vulnerability exists in Pan ...
Added by tukon on Tue, 08 Mar 2022 03:20:19 +0200
Mining Linux kernel vulnerabilities in web Security
1, Brief description
Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...
Added by majik_sheff on Sat, 05 Mar 2022 14:59:12 +0200
vulnstack2 of red sun safety ATT & CK target aircraft combat series
Typera root URL: PIC \ att & CK target combat series - vulnstack2
statement
study hard and make progress every day
Environment configuration
Baidu members can download directly from the cloud without any address
http://vulnstack.qiyuanxuetang.net/vuln/detail/3/
While downloading, you can start the network configuration of vmware
The ...
Added by ramram on Fri, 04 Mar 2022 17:49:56 +0200
The growth path of penetration testing - front end security
Front end security
Professional NOUNexplainpayloadAttack codeEXPComplete vulnerability exploitation toolsPOCViewpoint verification procedure. Running this program can get the expected resultsGPCGET POST COOKIE
1. Cross site scripting attack
Cross site scripting (XSS) refers to a client-side code injection attack in which an attacker executes ...
Added by mrwutang on Thu, 03 Mar 2022 16:52:24 +0200
Analyze HTTP requests to reduce the risk of HTTP smuggling attacks and HTTP data receiving asynchronous attacks
The words written in the front
HTTP/1.1 has gone through a long development process from 1991 to 2014:
HTTP/0.9– 1991HTTP/1.0– 1996HTTP/1.1RFC 2068– 1997RFC 2616- 1999RFC 7230- 2014
This means that various servers and clients in the Internet may have many security problems, which will also create opportunities for HTTP smuggling attack (HTTP ...
Added by billmasters on Sat, 26 Feb 2022 08:36:22 +0200
Penetration test of CFS three-layer target Intranet
1, Environment construction:
Target topology:
1. Add virtual network card:
Add network cards for network segments 22 (VMnet2) and 33(VMnet3)
VMnet8 communicates with the outside in NAT mode
2. Configure network card:
target1 network configuration:
target2 network configuration:
target3 network configuration:
3.web ...
Added by Syto on Wed, 23 Feb 2022 17:01:34 +0200
Information collection and Python script writing
In the penetration test, information collection is particularly important. In the information collection stage, the penetration test team can use various methods to obtain information about the topology and system configuration of the target network. Whether the information is perfect or not will seriously affect the speed and depth of subseque ...
Added by why not on Sun, 20 Feb 2022 01:38:58 +0200
2. Basic usage of Kali Linux 2
1. Introduction and installation of Kali Linux 2
1. Introduction to Kali Linux 2
Kali Linux 2 is an operating system for professional penetration testing and security auditing, which was developed from the previously well-known Back Track system. Back Track was once the best penetration test operating system in the world and achieved great su ...
Added by kula on Sat, 12 Feb 2022 20:42:21 +0200
Python script directory traversal
Basic application of urllib 3 Library
Urllib 3 is a powerful and well-organized Python library for HTTP clients. Many native Python systems have started to use urllib 3. Urllib3 provides many important features that are not available in the python standard library:
Thread safetyConnection poolClient SSL/TSL authenticationFile segment code upl ...
Added by beinerts on Fri, 11 Feb 2022 03:05:17 +0200
Python port scanner
Common ports:
portservice21The default is ftp port, which mainly depends on whether anonymous is supported or weak password can be used22The default is shh port23The default is telnet port25The default is smtp service53The default is DNS123NTP161,162,8161SNMP service (8161 SNMP opened by IBM)389ldap community80http service443https service512 ...
Added by dull1554 on Tue, 08 Feb 2022 06:27:59 +0200