0x00 introduction to pan micro OA
Founded in 2001 and headquartered in Shanghai, fanwei focuses on the field of collaborative management OA software, and is committed to taking collaborative OA as the core to help enterprises build a new mobile office platform.
0x01 vulnerability description
SQL injection vulnerability exists in Pan ...
1, Brief description
Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...
Added by majik_sheff on Sat, 05 Mar 2022 14:59:12 +0200
Front end security
Professional NOUNexplainpayloadAttack codeEXPComplete vulnerability exploitation toolsPOCViewpoint verification procedure. Running this program can get the expected resultsGPCGET POST COOKIE
1. Cross site scripting attack
Cross site scripting (XSS) refers to a client-side code injection attack in which an attacker executes ...
Added by mrwutang on Thu, 03 Mar 2022 16:52:24 +0200
1. wordpress plug-in vulnerability
The security of wordpress itself is relatively perfect. Usually, most of the vulnerabilities in security audit come from the third-party plug-ins installed by wordpress. wordpress does not guarantee the security of these plug-ins, because the third-party plug-ins are written by other developers, and the secur ...
Added by littlejones on Sat, 19 Feb 2022 05:13:09 +0200
Target: the planes: Earth NAT 192.168.91.0 network segment
Information collection and utilization
As shown in the figure, use python s ...
Added by pureDesi on Sat, 12 Feb 2022 12:46:46 +0200
1, Causes of Redis unauthorized vulnerability
1.1 basic introduction to redis
Redis is an open source (BSD licensed) in memory data structure storage system, which can be used as database, cache and message middleware. It supports many types of data structures, such as strings, hashes, lists, sets, sorted sets and range queries, bitmaps, ...
Added by Wardy7 on Wed, 02 Feb 2022 20:29:15 +0200
Last time I wrote an article about SQL injection, someone said that SQL injection is outdated!!!
This time, four interesting practical cases are used: Hard - common getshell Fast - fast error injection Quasi - injected under the limit of character length 100 Around – around a university safety dog
Although there are only four ...
Added by lukemedway on Tue, 18 Jan 2022 00:14:13 +0200
The environment is built with vulhub. The version is
Confluence Server 6.10.2
Widget Connector is a plug-in of Confluence. Compare the plug-ins before and after repair
Left Confluence 6.13.0 right 6.13.3
You can see that th ...
The summary of this article is very clear and easy to understand (manual funny) https://blog.csdn.net/weixin_50464560/article/details/119562912
For the sake of user experience, some websites have such a function, that is, when users fail to submit information and need to return to fill in, they will help you autom ...
Added by Danny620 on Sun, 02 Jan 2022 07:16:10 +0200
Delete the check method return checkFile(). If the browser does not allow you to modify the front-end code, use the packet capture tool to modify it
Then upload a sentence
Back end verification content type
Change the typege to image/jpeg