Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor  ✔  8388  18:32:43...

MobiSystems Ltd.: Firebase Firestore insecure database

Summary: The app is exposing a firebase database url that has no read/write protections. Steps To Reproduce: 1. Decompile the Android app 2. Do a string search for firebasedatabase 3. Use the project name i.e. msdict-dev in combination with the Firestore REST API to modify the database. Supportin...

Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 !./info.p...

Path traversal

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java from the package ghidra.app.plugin.core.archive via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis...

FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

50m-ctf: 0xc0ffee's 50M-CTF Submission

Introduction This CTF was extremely fun and truly original. It covered different kinds of very interesting challenges where completing one challenge led to another one, like some sort of quest with various levels. Thank you Cody and HackerOne for giving 5 hackers the opportunity to go to Vegas,...

50m-ctf: Writeup Hackerone 50M CTF

Writeup Hackerone 50m CTF First stage of this ctf we need to solve an hidden file from an image which posted by HackerOne at twitter https://twitter.com/hacker0x01/status/1100543680383832065?lang=en. I tried to run bunch of steganography tools and i found something with zteg the exact command is...

Ghidra - Software Reverse Engineering Framework

Ghidra is a software reverse engineering SRE framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including...

IBM Content Navigator Information Disclosure Vulnerability

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator version 2.0.3 and 3.0CD, which originates from the program's use of a public key store...

Reko - A General Purpose Binary Decompiler

Reko Swedish: "decent, obliging" is a C project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windo...

CVE-2018-15871

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

Microsoft Windows Defender - mpengine.dll Memory Corruption Exploit

Exploit for windows platform in category dos / poc Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code;...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

WireX update: UDP attack capabilities

Akamai would like to acknowledge the research by F5 containing additional information on the capabilities of this malware, released September 2nd. Finding new features The WireX botnet was discovered due to its role in a series of prolonged attacks against several organizations. It was brought to...

Heap overflow

A heap-based buffer over-read was found in the function OpCode called from decompileINCRDECR line 1474 in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file...

Androguard - Reverse engineering, Malware and goodware analysis of Android applications

Reverse engineering, Malware and goodware analysis of Android applications ... and more ninja ! Features Androguard is a full python tool to play with Android files. Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, Diassemble/Decompilation/Modification of DEX/ODEX/APK...

Deobfuscating Python Bytecode

Introduction During an investigation, the FLARE team came across an interesting Python malware sample MD5: 61a9f80612d3f7566db5bdf37bbf22cf that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we...

欧朋浏览器之广告主后台敏感信息泄漏漏洞（泄漏内容证明）

简要描述： J2EE架构安全 详细说明： 泄漏点： http://59.151.113.225/WEB-INF/web.xml http://59.151.113.225/WEB-INF/spring/webmvc-config.xml 漏洞证明： Spring+Freemaker 反编译class文件...

PageAdmin VIEWSTATE引发的血案

简要描述： 本想找个注入的，却发现Isstr 与其绕过不如（此处打码）直接来的痛快。 @wefgod 小弟弱弱的告诉你 ViewState不仅仅可以WooYun-2014-61699这样用，还可以这样滴哟 详细说明： 下载pageAdmin 反编译发现混淆过 蛋疼！ 只好翻翻页面！各种页面各种翻 咿！尼玛 这是啥 ViewState"constr" 那就抄刀上阵吧 打开 ：http://192.168.10.64:9992/e/member/index.aspx?s=1&type=memfavolst 复制然后 这是在本地搭建的 那试试官网 附上官网的...