【特别推荐】
Apache Log4j2 (CVE-2021-44228)漏洞相关攻击IOC全披露
https://mp.weixin.qq.com/s/WRgvxHs4eQhD4lcP4Ahs3g
帮助寻找需要修复的log4j主机
https://github.com/fullhunt/log4j-scan
只需要一个域用户即可拿到 DC 权限
https://mp.weixin.qq.com/s/RvOndF3gdEZbgqrIPqXsUg
【红队文章】
XXE 基础扫盲
https://infosecwriteups.com/xxe-attacks-explained-5fc1d9cc7960
Getting root on Ubuntu through wishful thinking(CVE-2021-3939)
https://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939/
Process Ghosting 的了解及规避
https://pentestlaboratories.com/2021/12/08/process-ghosting/
深入解析CVE-2021-21220——PWN2OWN 2021
https://www.zerodayinitiative.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021
从美国最新国防预算文件看网络空间发展新动向
https://mp.weixin.qq.com/s/nJnMXCwBmrOS4CsUrALuhw
【漏洞研究】
PageWay Version 1.8 BETA SQL Injection Vulnerability
https://cxsecurity.com/issue/WLB-2021120031
Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure
https://cxsecurity.com/issue/WLB-2021120032
Reprise License Manager 14.2
https://cxsecurity.com/issue/WLB-2021120033
MTPutty 1.0.1.21 - SSH Password Disclosure
https://cxsecurity.com/issue/WLB-2021120035
Student Management System 1.0 - SQLi Authentication Bypass
https://cxsecurity.com/issue/WLB-2021120036
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
https://cxsecurity.com/issue/WLB-2021120037
Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
https://cxsecurity.com/issue/WLB-2021120038
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
https://cxsecurity.com/issue/WLB-2021120039
Raspberry Pi 5.10 - Default Credentials
https://cxsecurity.com/issue/WLB-2021120040
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
https://cxsecurity.com/issue/WLB-2021120041
Free School Management Software 1.0 - Remote Code Execution (RCE)
https://cxsecurity.com/issue/WLB-2021120042
OpenCATS 0.9.4 Remote Code Execution
https://cxsecurity.com/issue/WLB-2021120043
LimeSurvey 5.2.4 Remote Code Execution
https://cxsecurity.com/issue/WLB-2021120044
Microsoft Office Word MSHTML Remote Code Execution
https://cxsecurity.com/issue/WLB-2021120045
FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability
https://cxsecurity.com/issue/WLB-2021120047
Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)
https://cxsecurity.com/issue/WLB-2021120048
更多详情请查看原文
原文始发于微信公众号(凌晨一点零三分):第十一周/20211213红队推送
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论