每日安全动态推送(2-14)

渗透技巧 2年前 (2023) admin

440 0 0

Tencent Security Xuanwu Lab Daily News

• [Vulnerability] GitHub – 0xf4n9x/CVE-2023-0669: CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.:
https://github.com/0xf4n9x/CVE-2023-0669

・ GoAnywhere MFT反序列化漏洞（CVE-2023-0669）利用工具 – P4nda

• Shadowsocks 重定向攻击:
https://www.freebuf.com/articles/blockchain-articles/357051.html

・复现和分析2020年发现的Shadowsocks 重定向漏洞，利用已知明文攻击可能造成中间人攻击 – xmzyshypnc

• Vulns1002 04 UAF ð¥·CVE-2020-29661ðâï¸ 03 Exploit:
https://www.youtube.com/watch?v=96f8H48d-y8

・ Linux tty子系统UAF漏洞（CVE-2020-29661）详情与利用思路 – P4nda

• Firefly: a smart black-box fuzzer for web applications testing – Global Bug Bounty Platform:
https://blog.yeswehack.com/yeswerhackers/firefly-smart-black-box-fuzzer-web-applications/

・ Web 应用黑盒模糊测试工具 Firefly – WireFish

• [Malware] Phylum Discovers Revived Crypto Wallet Address Replacement Attack:
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack

・替换剪贴板中钱包地址的恶意软件再次活跃，使用了新的混淆方法。 – keenan

• mast1c0re: Introduction – Exploiting the PS4 and PS5 through a game save:
https://mccaulay.co.uk/mast1c0re-introduction-exploiting-the-ps4-and-ps5-through-a-gamesave/

・ PS4和PS5上的漏洞利用过程：修改游戏存档文件，利用栈溢出漏洞实现shellcode执行，利用越界写漏洞逃逸emulator。 – keenan

• Helping secure BNB Chain through responsible disclosure:
https://jumpcrypto.com/helping-secure-bnb-chain-through-responsible-disclosure/