-
固件提取
🔒 The post has been encrypted and can only be viewed after entering the password. -
Smartbi Share权限绕过
漏洞分析vision/share.jsp 数据库查询获取c_publicshared 为1的默认ID 如果存在则自动登录为public用户 123456789101112mysql> select * from t_share_record;+... -
Clash Verge LPE
LPEhttps://github.com/clash-verge-rev/clash-verge-rev/issues/3428通过git issue 可知是clash-verge service 存在LPE 1clash-verge-servic... -
Zentao Privilege Escalation
漏洞分析https://github.com/easysoft/zentaopms/commit/695055c6b1d2e6a8c944bdbc38308c06820c40ce?diff=split&w=0[framework/api/en... -
H3Bpm
🔒 The post has been encrypted and can only be viewed after entering the password. -
Zentao RCE
下载补丁后可以看到只有两个module发生了改变 权限绕过和18beta1比对后发现common/mode.php有一处改动 由echo=>die,看其所在函数名为checkPriv,推测其为权限绕过的补丁 在index.php中调用... -
ASPX Upload Tips
🔒 The post has been encrypted and can only be viewed after entering the password. -
SmartBI
🔒 The post has been encrypted and can only be viewed after entering the password. -
金山终端V9
🔒 The post has been encrypted and can only be viewed after entering the password. -
Ysoserial Payloads Study
URLDNSURLDNS经常用于快速检测反序列化漏洞是否存在的链,因为使用的原生类没有jdk版本限制。 Gadget Chain1234* HashMap.readObject()* HashMap.putVal()* ...