QingScan 安全漏洞

QingScan is a batch vulnerability mining tool by a Chinese daxia individual developer. It is used to glue various good scanners. QingScan v1.8.0 version before the existence of a security vulnerability , the vulnerability stems from /webscan/sqlmap/index.html contains a reflective cross-site...

QingScan 跨站脚本漏洞

QingScan is a batch vulnerability mining tool by a Chinese daxia individual developer. It is used to glue various good scanners. There is a security vulnerability in QingScan 1.3.0, there is no information about the vulnerability at the moment, please feel free to pay attention to CNNVD or vendor...

Phoswap Token gas has a logic flaw vulnerability

Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...

honggfuzz vulnerability mining technology principle analysis-vulnerability warning-the black bar safety net

Google AFLWinAFL, the libfuzzer and honggfuzz is the most famous of the three based on code coverage fuzzer is. Online on the AFLWinAFLanalysis of the articles more, and on the latter two Analysis Articles less. Before the spring brother has written about honggfuzz article: honggfuzz vulnerabilit...

Router 0day vulnerability discovery practical-vulnerability warning-the black bar safety net

! Last year 7 month in the company's internal share over this issue, said to also almost a year, too lazy to now only issued to. In 2018, 3, 4 on more than two or three months time, spent more and more time to engage in a domestic router, dug some holes, after also don't get it. Also wrote a litt...

vaeThink v1. 0. 1 code execution vulnerability mining analysis-vulnerability warning-the black bar safety net

0x01 introduction This article is for a niche CMS（vaeThink v1. 0. 1 for analysis, code execution vulnerability discovery and audit process of the record, the CMS is based on ThinkPHP5 development. As a code audit entry rookie, also want to be able to practice and learn the process of recording an...

See how do I find the value of 3 thousand 6 thousand USD Google RCE vulnerability-vulnerability warning-the black bar safety net

! This article tells the story of the Uruguayan public University, 18-year-old student Ezequiel Pereira found Google highest level RCE vulnerability-related process. In the beginning of the year, Ezequiel found Google Google App Engine GAEis a non-production environment of a vulnerability, exploi...

Automated mining Windows kernel information disclosure vulnerability-vulnerability warning-the black bar safety net

2017 6 on patch day, to fix up before we report 5-a kernel information leak vulnerability , the end of the article have details. The year before I demonstrate how to use JS to fuzz the kernel, today we want to bring to you is not dependent on the fuzz, and to automate the mining kernel...

MP4 decoder vulnerability mining techniques-vulnerability warning-the black bar safety net

For the format vulnerability is most prone to is an infinite loop, so for this vulnerability in the search method, my personal approach is person meat jokes, the attention of those that function inside the use of the cycle of operation of the code, and then construct a sample test, of course, fir...