CVE-2022-30190 样本分析与漏洞复现
前言近期新爆出的漏洞office的day,利用msdt+远程加载CVE:CVE-2022-30190样本地址:https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/# 简单分析无VBA,远程加载 doc改名zip解压,搜索远程加载的地址定位到word_relsdocument.xml. ...
CVE-2025-27644: Addressing Local Privilege Escalation in Vasion Print
Understanding CVE-2025-27644: A Local Privilege Escalation Vulnerability in Vasion PrintCVE-2025-27644 identifies a critical vulnerability in Vasion Print (formerly known as PrinterLogic) affecting versions prior to Virtual Appli ...
CVE-2025-27643: Addressing Critical Hardcoded Credentials Vulnerability in Vasion Print
Overview of CVE-2025-27643CVE-2025-27643 is a critical security vulnerability identified in Vasion Print, formerly known as PrinterLogic, specifically affecting versions prior to Virtual Appliance Host 22.0.933 and Application 20 ...
Django SQL 注入漏洞 – CVE-2020-7471
0x01漏洞描述Django 是 Django 基金会的一套基于 Python 语言的开源 Web 应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 近日,Django 官方发布安全通告公布了一个通过 StringAgg(分隔符)实现利用的潜在 SQL 注入漏洞。攻击者可 ...
CVE-2025-27516: Addressing the Jinja Sandbox Vulnerability in Template Engines
Understanding CVE-2025-27516 Jinja VulnerabilityCVE-2025-27516 is a significant security flaw found in the Jinja template engine prior to version 3.1.6. This vulnerability stems from an oversight in how the Jinja sandboxed enviro ...
iscsicpl.exe ByPassUac复现
前言上午在推特逛街,看到了个这个bypassuac。复现了一下,写个笔记 正文lnk:https://www.ddosi.org/iscsicpl-bypassuac/poc:https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC/archive/refs/heads/main.zip c:Windowssyswow64iscsic ...
CVE-2025-27508: Addressing Cryptographic Vulnerabilities in Emissary
Overview of CVE-2025-27508CVE-2025-27508 highlights a critical vulnerability within the Emissary P2P data-driven workflow engine, primarily caused by the ChecksumCalculator class's use of deprecated cryptographic algorithms. The ...
python 端口在线扫描
引言 在渗透过程中,经常会遇到 nmap 扫描不出端口的情况,web 端口确定开放,且用网上的在线端口扫描是可以扫描到的,但是 nmap 就是无法扫出来,因此花了些时间写了 2 个基于 python 端口扫描工具。 基于在线网站调用扫描工具 截图 代码 # -*- ...
CVE-2025-27622: Understanding the Jenkins Security Vulnerability and Mitigation Strategies
Overview of CVE-2025-27622CVE-2025-27622 represents a critical security vulnerability affecting Jenkins, a widely used automation server in DevOps and CI/CD pipelines. Discovered in versions Jenkins 2.499 and earlier, as well as ...
记录一次客户授权的从外网到内网渗透测试过程
某日,甲方爸爸在HW期间被打穿了,已经修复完漏洞,让我们再给看看能不能再进内网溜达溜达…下班回到家夜里发邮件IP报备,测试结束时间记录,渗透测试申请单找同命相怜的同事填一下给甲方爸爸呈批。开工只有一个域名,简单做个信息收集真实ip:xxx. ...