渗透技巧

NFEOA代码审计-前台任意文件上传

前言本篇文章主要内容为,从代码层面学习分析FEOA前台文件上传漏洞。FOFA指纹:app='FE-协作平台'影响版本:<7.0漏洞验证访问路由/servlet/uploadAttachme...

NPHP SQL快速审计思路

文章来源:朋友写的,拿来PHP挖SQL的话还是可以,最近也和他一直在整一些事情,整理内部知识库,搭建内部平台,这个后面再说。先看文章吧前言:在我看来,代...

NMicrosoft Windows Defender / Trojan.Win32/Powessere.G – Detection Mitigation Bypass

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_W...

NCVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake so...

NJetBrains TeamCity 2023.05.3 – Remote Code Execution (RCE)

#- Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE) #- Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 #-...

NResearchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code exe...

NVMware Cloud Director 10.5 Authentication Bypass

# Exploit Title: [VMware Cloud Director | Bypass identity verification] # Google Dork: [non] # Date: [12/06/2023] # Exploit Author: [Abdualhadi kha...

NCVE-2024-2432:Windows设备上Palo Alto 程序权限提升

CVE-2024-2432:Windows设备上Palo Alto Networks GlobalProtect应用程序中的权限提升(PE)漏洞使本地用户能够以提升的权限执行程序在Windows系统上,发现Gl...

N微信小程序反编译工具

点击蓝字 关注我们免责声明本文发布的工具和脚本,仅用作测试和学习研究,禁止用于商业用途,不能保证其合法性,准确性,完整性和有效性,请根据情况自行判断...

NNoSQL Injection

基本介绍NoSQL Injection是一种针对NoSQL数据库的安全漏洞,类似于传统的SQL注入攻击,NoSQL数据库是一类非关系型数据库,例如:MongoDB、Cassandra、Redis等...
1 2 3 413