第十一周/20211213红队推送

admin
admin
admin
138717
文章
114
评论
2021年12月14日16:40:43评论158 views字数 2294阅读7分38秒阅读模式


【特别推荐】

Apache Log4j2 (CVE-2021-44228)漏洞相关攻击IOC全披露

https://mp.weixin.qq.com/s/WRgvxHs4eQhD4lcP4Ahs3g

帮助寻找需要修复的log4j主机

https://github.com/fullhunt/log4j-scan

只需要一个域用户即可拿到 DC 权限

https://mp.weixin.qq.com/s/RvOndF3gdEZbgqrIPqXsUg


【红队文章】

XXE 基础扫盲

https://infosecwriteups.com/xxe-attacks-explained-5fc1d9cc7960

Getting root on Ubuntu through wishful thinking(CVE-2021-3939)

https://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939/

Process Ghosting 的了解及规避

https://pentestlaboratories.com/2021/12/08/process-ghosting/

深入解析CVE-2021-21220——PWN2OWN 2021 

https://www.zerodayinitiative.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021

从美国最新国防预算文件看网络空间发展新动向

https://mp.weixin.qq.com/s/nJnMXCwBmrOS4CsUrALuhw


【漏洞研究】

PageWay Version 1.8 BETA SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120031

Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure

https://cxsecurity.com/issue/WLB-2021120032

Reprise License Manager 14.2

https://cxsecurity.com/issue/WLB-2021120033

MTPutty 1.0.1.21 - SSH Password Disclosure

https://cxsecurity.com/issue/WLB-2021120035

Student Management System 1.0 - SQLi Authentication Bypass

https://cxsecurity.com/issue/WLB-2021120036

Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass

https://cxsecurity.com/issue/WLB-2021120037

Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)

https://cxsecurity.com/issue/WLB-2021120038

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

https://cxsecurity.com/issue/WLB-2021120039

Raspberry Pi 5.10 - Default Credentials

https://cxsecurity.com/issue/WLB-2021120040

Grafana 8.3.0 - Directory Traversal and Arbitrary File Read

https://cxsecurity.com/issue/WLB-2021120041

Free School Management Software 1.0 - Remote Code Execution (RCE)

https://cxsecurity.com/issue/WLB-2021120042

OpenCATS 0.9.4 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120043

LimeSurvey 5.2.4 Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120044

Microsoft Office Word MSHTML Remote Code Execution

https://cxsecurity.com/issue/WLB-2021120045

FiveM & Gmod Loading Screen Maker Free | SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120047

Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)

https://cxsecurity.com/issue/WLB-2021120048



更多详情请查看原文

原文始发于微信公众号(凌晨一点零三分):第十一周/20211213红队推送

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月14日16:40:43
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   第十一周/20211213红队推送https://cn-sec.com/archives/675268.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息