-
Clash Verge LPE
🔒 The post has been encrypted and can only be viewed after entering the password. -
Zentao Privilege Escalation
漏洞分析https://github.com/easysoft/zentaopms/commit/695055c6b1d2e6a8c944bdbc38308c06820c40ce?diff=split&w=0[framework/api/en... -
H3Bpm
🔒 The post has been encrypted and can only be viewed after entering the password. -
Zentao RCE
下载补丁后可以看到只有两个module发生了改变 权限绕过和18beta1比对后发现common/mode.php有一处改动 由echo=>die,看其所在函数名为checkPriv,推测其为权限绕过的补丁 在index.php中调用... -
ASPX Upload Tips
🔒 The post has been encrypted and can only be viewed after entering the password. -
SmartBI
🔒 The post has been encrypted and can only be viewed after entering the password. -
金山终端V9
🔒 The post has been encrypted and can only be viewed after entering the password. -
Ysoserial Payloads Study
URLDNSURLDNS经常用于快速检测反序列化漏洞是否存在的链,因为使用的原生类没有jdk版本限制。 Gadget Chain1234* HashMap.readObject()* HashMap.putVal()* ... -
Shiro反序列化分析
环境搭建下载shiro源码 1234git clone https://github.com/apache/shiro.gitcd shirogit checkout shiro-root-1.2.4cd ./shiro/samples/web 修改... -
九思OA
🔒 The post has been encrypted and can only be viewed after entering the password.