unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
N1CTF24 PHP Master Writeup
0x01 介绍在刚刚过去的N1CTF24上,...
2024-11-12 19:48:15 | 阅读: 4 |
收藏
|
Sec-News 安全文摘 - govuln.com
php
dataform
0x500
解释器
指令
Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable
2024-11-7 16:19:46 | 阅读: 2 |
收藏
|
Sec-News 安全文摘 - govuln.com
构建无密码认证:passkey入门与Go实现
请点击上方蓝字TonyBai订阅公众号!传统的密码认证一直以来都是数字时代的主流身份验证方式。然而,用户常常选择易记的弱密码并重复使用,导致账号易受攻击。密码泄露、钓鱼攻击等安全问题层出不穷,超过80...
2024-11-7 16:18:4 | 阅读: 10 |
收藏
|
Sec-News 安全文摘 - govuln.com
passkey
webauthn
username
数据
CVE-2024-9264: Grafana Remote Code Execution via SQL Expressions
In my previous blog post, I examined a File-Read vulnerability in Grafana, which was introduced in...
2024-11-7 16:16:55 | 阅读: 20 |
收藏
|
Sec-News 安全文摘 - govuln.com
reverse
payload
shellfs
username
duckdb
protectai/vulnhuntr: Zero shot vulnerability discovery using LLMs
A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.Worl...
2024-10-22 23:4:15 | 阅读: 2 |
收藏
|
Sec-News 安全文摘 - govuln.com
llm
vulnhuntr
analysis
gpt
nollium/CVE-2024-9264: Exploit for Grafana arbitrary file-read (CVE-2024-9264)
Grafana Post-Auth DuckDB SQL Injection (File Read)Proof of Concept (PoC)This PoC demonstrates the...
2024-10-22 02:3:51 | 阅读: 15 |
收藏
|
Sec-News 安全文摘 - govuln.com
duckdb
9264
gr
injection
Why Code Security Matters - Even in Hardened Environments
Infrastructure hardening makes applications more resilient to attacks. These measures raise the bar...
2024-10-10 00:30:53 | 阅读: 0 |
收藏
|
Sec-News 安全文摘 - govuln.com
attackers
uv
yellow
signum
memory
Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
IntroductionIn this blog post, we will analyze CVE-2024-45409, a critical vulnerabi...
2024-10-5 19:14:50 | 阅读: 18 |
收藏
|
Sec-News 安全文摘 - govuln.com
assertion
digest
signedinfo
oasis
digestvalue
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
首页 会员介绍...
2024-10-4 16:34:37 | 阅读: 3 |
收藏
|
Sec-News 安全文摘 - govuln.com
icp
20012251
审计
Java Payload 生成框架的设计与实现
一、前言 我们在实战渗透过程中,尤其是国内,遇到很多Java语言编写的站点居多,同时这里会存在很多Java漏洞场景。 例如在Shiro 550中,以Java反序列化点为漏洞入口起点,使用...
2024-9-30 14:21:49 | 阅读: 9 |
收藏
|
Sec-News 安全文摘 - govuln.com
payload
github
jndi
ysomap
Clash 检测工具的原理
我在 /t/1076579 给出了 Clash 检测的在线工具,有评论希望我能说明以下其中的原理。对此比较感兴趣的,可以阅读一下本文。首先,需要了解两个术语:「同源策略」和「跨域资源共享」。...
2024-9-30 11:36:31 | 阅读: 14 |
收藏
|
Sec-News 安全文摘 - govuln.com
端口
clash
浏览器
401
共享
iOS 如何按地区限制功能:浅析 MobileGestalt 与 Eligibility
如一些评论指出,今年的 iPhone 16 系列在上市时是一种奇怪的「空壳」状态:大力鼓吹的 Apple Intelligence 至少要等到十月的 iOS 18.1 中才能启用;与国内用户在短期内无...
2024-9-28 21:34:25 | 阅读: 22 |
收藏
|
Sec-News 安全文摘 - govuln.com
eligibility
备份
苹果
Preventing app removal on iOS
You can still remove the app from Home Screen, but it is not uninstalled....
2024-9-28 21:30:25 | 阅读: 10 |
收藏
|
Sec-News 安全文摘 - govuln.com
alarm
superalarm
approval
prevented
completes
探秘argv[0]:程序参数中的安全隐忧
2024-9-27 16:50:37 | 阅读: 2 |
收藏
|
Sec-News 安全文摘 - govuln.com
webshell下的Rasp简易绕过
一 、什么是RASP?在2014年的时候,Gartner引入了“Runtime application self-protection”一词,简称为RASP。它是一种新型应用安全保护技术,它将保护程序...
2024-9-27 15:57:43 | 阅读: 26 |
收藏
|
Sec-News 安全文摘 - govuln.com
bypassrasp
拦截
shellentity
splitpane
Attacking UNIX Systems via CUPS, Part I
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Wind...
2024-9-27 15:57:1 | 阅读: 14 |
收藏
|
Sec-News 安全文摘 - govuln.com
cups
printer
ppd
ipp
browsed
Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall
The testing tool to identify if your domain is vulnerable to this attack is located at the end of th...
2024-9-27 15:56:6 | 阅读: 10 |
收藏
|
Sec-News 安全文摘 - govuln.com
webproxy
vn
redacted2
fastly
The real slim shady || Ivanti Endpoint Manager (EPM) Pre-Auth RCE
ivanti just pushed a patch for a Critical CVSS 9.8 (Critical) Remote Code Execution Vulnerability th...
2024-9-20 17:24:53 | 阅读: 11 |
收藏
|
Sec-News 安全文摘 - govuln.com
remoting
forshaw
james
mbr
解密 ClassFinal 加密的 Java Jar 包
ClassFinal 是一款 java class 文件安全加密工具,支持直接加密 jar 包或 war 包,无需修改任何项目代码,兼容 spring-framework ;可避免源码泄漏或字节码被反...
2024-9-18 20:0:42 | 阅读: 16 |
收藏
|
Sec-News 安全文摘 - govuln.com
classfinal
decompiler
roseboy
classpath
Introducing the URL validation bypass cheat sheet
Published: 03 September 2024 at 14:52 UTC...
2024-9-12 18:44:38 | 阅读: 2 |
收藏
|
Sec-News 安全文摘 - govuln.com
cheat
bypass
converted
attacker
hexadecimal
Previous
-5
-4
-3
-2
-1
0
1
2
Next