Tenda-AX1806路由器多处栈溢出漏洞分析
Tenda AX1806路由器固件版本 v1.0.0.1,存在多处栈溢出漏洞,漏洞点在 tdhttpd 二进制文件中,使用了危险函数 strcpy前未对参数长度进行判断,导致拒绝服务漏...
Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices
NCC Group has found proof of concept that BLE devices can be exploited from anywhere on the planet. Image: iStockphoto/thomaguery A criti...
When Your Smart ID Card Reader Comes With Malware
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and control...
Printing Fake Fiscal Receipts – An Italian Job p.2
TL;DR The ItalRetail RistorAndro app installed on the SpiceT fiscal printer is affected by a pre-authentication remote arbitrary file write and an ...
CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD
The Basics Disclosure or Patch Date: March 31, 2022 Product: Apple iOS, MacOS Advisory: iOS: https://support.apple.com/en-us/HT213219 Mac: http...
一次失败的SQL注入
有时候失败了也能学到很多东西。这是一个提交数据的接口(诈骗),其携带了一个htable的参数,很明显,在设计之初,这里可以传递不同的表名,来把数据存储在不...
VJW0rm蠕虫病毒分析报告
前述上周捕捉到vjw0rm样本,看到没有相关分析,就拿出来分析一波。该样本首次披露在2021-03-24 07:52:09 UTC,最近一次发现在2022-05-11 23:01:38 UTC。VJW0r...
Akamai WAF Bypass
文件读取绕过:file:///etc/x%252Fy/../passwd?/../passwd 原文始发于微信公众号(Khan安全攻防实验室):Akamai WAF Bypass
XSS bypass WAF
<img/src/onerror=arguments[0].path.pop().['al'+'ert'](1)> 原文始发于微信公众号(Khan安全攻防实验室):XSS bypass WAF
Linux多跳透明网关配置
理论上将适合任何架构,任何系统的linux网络拓扑+-----------+ ...