[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit SET version 4.7 codename “ Headshot ” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the...

Apache MyFaces EL表达式求值安全绕过漏洞

Bugtraq ID: 50848 CVE ID：CVE-2011-4359 Apache MyFaces是一款JavaServer Faces技术开源实现。 Apache MyFaces存在安全漏洞，允许恶意用户绕过部分安全限制。 问题是由于解析Java Bean中的参数存在错误，可导致部分参数以EL表达式语言表达式求值。 成功利用漏洞需要Java Bean中"includeViewParameters"设置为"true"。 Apache MyFaces 2.1.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...