clash文件覆写导致RCE
环境准备影响版本: 通过利用powershell自定义.profile来执行命令。当用户打开powershell将触发(还需要powershell运行脚本执行才能成功) 1、%windir%system32WindowsPowerShellv1.0profile.ps1 它作用于所有用户、所有的Shell。 2、%windi ...
Understanding CVE-2025-1967: Mitigating Cross Site Scripting in Blood Bank Management System
Introduction to CVE-2025-1967The code-projects Blood Bank Management System version 1.0 has been found to contain a significant security vulnerability, identified as CVE-2025-1967. The vulnerability lies within the donor.php file ...
python 端口在线扫描
引言 在渗透过程中,经常会遇到 nmap 扫描不出端口的情况,web 端口确定开放,且用网上的在线端口扫描是可以扫描到的,但是 nmap 就是无法扫出来,因此花了些时间写了 2 个基于 python 端口扫描工具。 基于在线网站调用扫描工具 截图 代码 # -*- ...
微软SMB3协议远程利用0day漏洞 – CVE-2020-0796
0x01漏洞描述CVE-2020-0796是存在于微软服务器SMB协议中的一个“蠕虫化”漏洞,该漏洞未包含 在微软本月发布的补丁中,是在补丁的序言中泄露的。目前微软尚未发布任何技术详情,思科Talos团队和Fortinet公司提供了简短概述,目前尚不清楚该漏洞的补 ...
Vulnerability CVE-2025-26849 in Docusnap: Assessment and Mitigation Strategies
Understanding CVE-2025-26849 in DocusnapRecently discovered, CVE-2025-26849 has identified a critical security flaw within specific versions of Docusnap, a widely used network documentation tool. The vulnerability concerns a hard ...
Addressing CVE-2025-1914: Out of Bounds Read Vulnerability in Google Chrome V8
Understanding CVE-2025-1914: A Critical Vulnerability in Google Chrome Google Chrome, a widely-used browser known for its security measures, was recently identified with a critical vulnerability designated as CVE-2025-1914. This ...
htb打靶-Bastard
信息收集1nmap -sV -sT -sC -O 10.129.10.80 开放了80,135,重点显然是在web上面了 查看首页,drupal cms google一下找到专用扫描器 1https://github.com/immunIT/drupwn 给出了版本7.54但是发现扫不出,换工具! nday利用换searchsploi ...
CVE-2025-1915: Addressing Pathname Limitation Vulnerability in Google Chrome
Understanding CVE-2025-1915: A Google Chrome VulnerabilityThe vulnerability identified as CVE-2025-1915 pertains to Google Chrome, specifically affecting the DevTools component on Windows systems previous to version 134.0.6998.35 ...
关于COM口{A6BFEA43-501F-456F-A845-983D3AD7B8F0} BypassUAC研究
前言今天上线的机器,通过用DLL劫持和注册表进行BypassUac发现很不行。win10下的360可能不杀可能杀,注册表通过修改ShellCommand来实现ByPassUAC的操作。过于敏感,而DLL劫持BypassUAC用久后又会被杀。今天翻文章看到头像哥的COM口bypassuac。发现 ...
Understanding and Mitigating CVE-2025-1916: Use After Free Vulnerability in Google Chrome
Introduction to CVE-2025-1916An important security vulnerability identified as CVE-2025-1916 has been discovered in Google Chrome. This pertains to a use after free issue in the Profiles component of the browser, potentially allo ...