PT-2024-12890 · Undefined · Undefined

ChatGPT помог заработать $28 000 на 0-day. Базовый XXE-пейлоад выглядит как-то так Можно залить файл с таким содержимым на сервер и, если у либы, которая его распарсит, включена поддержка внешних сущностей, на выходе мы получим содержимое /etc/passwd. Это касается библиотек, но не браузеров. Если...

Microsoft FixIt Tool Blocks Java Attacks in IE

Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in...

Hacking Millions of Routers by Craig Heffner

After attending several DEFCON events, I am thrilled to announce that I will be speaking at DEFCON 18. My presentation titled "How to Hack Millions of Routers" aims to shed light on prevalent security vulnerabilities. I will also take this opportunity to answer frequently asked questions and...