shellcode programming: in memory in the parsing API to address-vulnerability warning-the black bar safety net

For Windows all with position-independent code, PIC core feature is based on a real-time analysis the API function address. It is a very important task. Here I introduce two popular methods, the use of the import address table IAT, and export address table to EAT is by far the most stable method...

In Python reconstructed vsFTPd Backdoor vulnerability-vulnerability warning-the black bar safety net

0×01 Preface Hello everyone, first of all to a statement of the purpose of this article is not to analyze the vsFTPd Backdoor vulnerability, I recently like to use the vulnerability to write the Trojan in the form of to practice a programming language, in this paper, we will re-use the Python to ...

Apache shiro 1.2.4 version of remote command execution vulnerability details-vulnerability warning-the black bar safety net

Search, I found online about apache shiro 1.2.4 version of the vulnerability consolidation report to write too simple, is perhaps the bigwigs speaking of professional, I this noob can't read the reason, specially in the local do a full show. First from the shiro official get shiro 1.2.4 of the...

BROP Attack of the Nginx remote code execution vulnerabilities analysis and use-vulnerability and early warning-the black bar safety net

Blind ROP is a very interesting attack, in fact, many foreign chapters, as well as the original dark cloud in the Knowledge Base article has a description, I put these reference articles are placed in the end position, interested friends can study together the Exchange. As Flappy pig clan wars, I...

XSSI: a not famous but the impact of a wide range of Web vulnerabilities-vulnerability warning-the black bar safety net

Find a specific category of vulnerability two key components: vulnerability awareness and find the vulnerability of the difficulty. Cross-site scripting containsXSSIvulnerability in the fact of a common standard i.e.: OWASP TOP 10 and is not mentioned. In addition and there is no disclosure of th...

The Intel part of the Skylake Processor the presence of vulnerabilities: through the USB interface to the invasion of the computer-vulnerability warning-the black bar safety net

Foreign Security Service Provider Positive Technologies recently found that part of the Intel sixth-generation Core Skylake processor loopholes, allowing hackers through the USB interface to the invasion of the computer, completely taking over theoperating system. This is due to the CPU debug...

The Apple AppStore is now serious Bug: popular search be transferred to the lottery application-vulnerability warning-the black bar safety net

1 May 12, 23: 00 or so, the Apple App Store there is a major fault. Search for“Taobao”, the“Baidu”and“wechat”, and“Tencent”, the“live”and other popular keywords, drop-down the Association of the word all or the vast majority is with lottery tickets related to the website, such as“color-77”website...

Using the Nintendo's 6502 processor instruction for Desktop Linux systems to exploit-vulnerability warning-the black bar safety net

gstreamer 0.10. x player NSF format of the music file when a vulnerability exists and a separate logic errors. A combination of both, you can achieve the very stability of the exploit method, and can bypass the 64-bit ASLR, DEP and so on. The so-called stable because the music player available in...

CVE-2015-1860 analysis: Qt module for processing GIFs cause a crash-bug warning-the black bar safety net

Vulnerability background Qt is a cross-platform graphical interface programming Framework, and its version is less than 4. 8. 7 and 5. x is less than 5. 4. 2 analytical picture of the process for cross-border inspections of improper handling, will result in the memcpy of the process occurs out of...

In-depth analysis of TIMA any kernel module authentication bypass vulnerability-vulnerability warning-the black bar safety net

In order to ensure that the Android device in Linux kernel the integrity of the, Samsung introduced a named“lkmauth”function. This function was originally designed to ensure that only the Samsung-approved those that the kernel module can only be loaded into the Linux kernel. TIMA any kernel modul...

From MS16-098 see a Windows 8.1 kernel exploit-vulnerability warning-the black bar safety net

When I first started contact core vulnerability when I don't have any about the kernel of the experience, not to mention to take advantage of a kernel vulnerability, but I'm always for reverse engineering and exploit techniques are very interested. Initially, my idea was simple: find one not...

See how I found the Github Enterprise version of the application SQL injection vulnerabilities and get 5000 dollars Bounty-vulnerability warning-the black bar safety net

GitHub Enterprise Edition software is designed for company groups to deploy in the internal network for the development of services of commercial application. Github enterprise uses the standard OVF format integrated to a virtual machine（VM）mirror, can be in the enterprise. github. com website...

Reverse Safety series: Use After Free vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Thinking the next step is to write a use after free small summary, just happened to be the nearest Lake Gordon Cup 2016 the one.---- game Use the use after free can be out. This title is their first in more formal competitions, make pwn title, do this question of time spent a lot, t...

Github Enterprise Edition SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Github enterprise is github. com a custom version, you can use it in your own private network to deploy their own full github service to use for business purposes. You can be in enterprise. github. com download to the corresponding VM and get a 45 day trial right after you complete the deployment...

Python format string vulnerabilities in Django, for example-the vulnerability of early warning-the black bar safety net

! Author: phithon In the C language, there is a class of particularly interesting vulnerability, format string vulnerability. The light then destroy the memory, read and write any address of the content, binary content, I will not say, say to also do not understand, share the link...

Network transmission PayPal is the exposure of"acquaintances can tamper with the password"deadly vulnerability-vulnerability warning-the black bar safety net

! This morning, the security client to the user feedback, the account is a friends login, and show the Bank card and the free password to pay functions can be normal use, very with devices, IP, environmental, geographical location, the truth in the end how? We know almost found on the relevant...

CVE-2016-10033: the PHPMailer remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

PHP is an open source scripting language that is used to embed the HTML to do Web development. It has 9 million users, and is the many popular tools such as WordPress, Drupal, Joomla! Etc. This Monday a high-risk security update to solve the PHPMailer remote code execution vulnerability...

Apache-mod_session_crypto module in the Padding Oracle vulnerability analysis-vulnerability warning-the black bar safety net

Recently, security researchers at theWeb serverApache modsessioncrypto module found a Padding Oracle vulnerability. An attacker can exploit this vulnerability to decrypt the session data, and even can be used to specify the data to be encrypted. Vulnerability details Product: Apache HTTP Server...

International air ticket booking system has loopholes, and can easily cancel, modify, flight reservation-vulnerability warning-the black bar safety net

! From the foreign media, CSO reports, the foreign tens of millions of people every day with the“trip booking system”very unsafe, lack of proper identity authentication scheme. Attackers exploit system weaknesses, and be able to easily change the passenger reservation, cancel the person's flight...

e107 CMS is less than or equal to 2. 1. 2 elevation of privilege vulnerability analysis-vulnerability warning-the black bar safety net

0x00 vulnerability background e107 CMS is a based on PHP, Bootstrap, Mysql, web site content management system, can be widely used for personal blogs, enterprise built station, in the global range more widely. 0x01 vulnerability affects version version 0x02 vulnerability analysis of the environme...

PhpMailer and SwiftMailer, the ZendMail successive exposure of the RCE high-risk vulnerabilities, affecting millions of Web servers-vulnerability warning-the black bar safety net

! Researchers recently found a present in 3 common open source PHP Library for high-riskCriticalvulnerabilities, hackers can exploit this vulnerability to remotely execute arbitrary commands, there is a vulnerability in the PHP library includes SwiftMailer And PhpMailer and ZendMail it. A few day...

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

iOS 10 iMessage character crash Bug again-vulnerability warning-the black bar safety net

! Recently, hacker@vincedes3 found a from iOS 8 to iOS 10.2.1 b2 universal iMessage character crash Bug, the Bug also utilizes the iOS 8 iMessage SMS Bug of a similar technique, a section of malicious code sent to the victims, the victims in receiving SMS, browse SMS can be caught, then the SMS...

A text message to let the other iPhone's Message app crashes(attached to the PoC and solution)-vulnerability warning-the black bar safety net

! The researchers said they found a can let the iPhone device, the Message application crash message, affecting iOS8-iOS 10.2.1 it. First look at the demo. Do not try so do it! If you want to test your iPhone at your own risk 1.下载文件vincedes3.com/vincedes3.vcf 2. Upload to iCloud Drive, Dropbox,...

CVE-2016-7255: analysis of Mining the Windows kernel to mention the right vulnerability-vulnerability warning-the black bar safety net

The Windows kernel mention the right Vulnerability, CVE-2016-7255 has been a lot of media attention. In the 11 month's Patch Tuesday, Microsoft released for this vulnerability fix, as MS16-135 announcement of the part. According to Microsoft's description, CVE-2016-7255 mainly used to perform...

The widespread use of email components: PHPMailer remote code execution vulnerability exists-vulnerability warning-the black bar safety net

Recently, Polish researchers Dawid Golunski discovered a present in the PHPMailer in a serious remote code execution vulnerability. The vulnerabilities in yesterday's legalhackers. com published on, but the exploit details of a proof-of-concept and is not included. Unfortunately in a couple of...

Based on the Chakra JIT-CFG to bypass the technology-vulnerability warning-the black bar safety net

In this article, we will to introduce the reader in to attack Internet Explorer and the Edge browser can be used to bypass Microsoft's control flow protection of the CFG of the method. Our previous proof-of-concept nature of the exploit code is covered by the object's function pointers to achieve...

Popular open-source e-mail application Roundcube v1. 2. 2 command execution vulnerability analysis-vulnerability warning-the black bar safety net

Description Roundcube is a widely used open source e-mail program, in the globe there are many organizations and companies are in use. In the past 1 years, the only SourceForge mirror file is downloaded more than 26 million, which also is only actual use in a population of a fraction. On the serv...

Popular applications AddThis presence postMessage XSS vulnerability million sites are affected-vulnerability warning-the black bar safety net

AddThis is a paragraph with more than one million users use the web pages Share button. In the earlier this year is found to existXSSvulnerabilities. In a previous article has described the postMessage API defects. And this article will describe how I identified and then use the AddThis Share...

Two CVE case study: how to use Android in the trusted zone-vulnerability warning-the black bar safety net

This article from the actual departure, about how to step by step use of Android in the trusted zone TrustZone on. Here I am using a Huawei hisilicon the Trusted Execution Environment Trusted Execution Environment, TEE on. First of all, I found one can gain kernel privilege vulnerabilities, and...

Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...

You know in PHP public key encryption is wrong-vulnerability warning-the black bar safety net

Last year, our security team to confirm the CVE-2015-7503 vulnerability, aka ZF2015-10, which is a in using the RSA process, the emergence of functional vulnerability exists in Zend Framework cryptographic library. The actual vulnerability with PKCS1v1. 5 method of filling the RSA...

CVE-2016-7054: the OpenSSl 1.1.0 a and 1.1.0 b heap overflow exploit-vulnerability warning-the black bar safety net

A few days ago, Fortinet has published a entitled“OpenSSL ChaCha20-Poly1305 heap overflowCVE-2016-7054analysis”article. The OpenSSL library in a high risk heap overflow vulnerability was discovered, affecting 1. 1. 0a and 1. 1. 0 b version. Vulnerability code is in...

OpenSSH is now in the risk of vulnerabilities can cause remote code execution-vulnerability warning-the black bar safety net

Vulnerability number CVE-2016-10009 Vulnerability level In the risk Vulnerability OpenSSH 7.3 and the following version Vulnerability description The vulnerability appears the ssh-agent, this process by default does not start, only in a multi-host Free the password the login will only be used to...

A and Nintendo for 0-day vulnerabilities, probably the most Linux system impact-vulnerability warning-the black bar safety net

! Last month, we published an article related to red and white machine to the Ubuntu vulnerabilities, and using malicious build of the red and white machine music files can be triggered--this is the famous security expert, Chris Evans masterpiece; in fact, the super any also the existence of such...

Once due to bug fixes to trigger the vulnerability—CVE-2016-6309 vulnerability detailed analysis-vulnerability warning-the black bar safety net

openssl released a security level for”serious”UAF vulnerability, the exploit is simple, only need to send a tcp packet will trigger the vulnerability, but the consequences are serious, may result in TLS-related applications denial of service or even arbitrary code execution and other consequences...

CVE-2016-8610: to cause a denial of service“SSL-Death Alert”vulnerability patch analysis-vulnerability warning-the black bar safety net

Recently, one for OpenSSL Red AlertSSL Death Alertvulnerability security patch caught our attention. Other serious security vulnerabilities, this vulnerability also caught our attention, because according to the vulnerability discoverer said, there is this vulnerability of OpenSSL Web servermay b...

CVE-2016-8655 kernel race condition vulnerability the Debug analysis-vulnerability warning-the black bar safety net

12 5 March, hilipPettersson published a piece that already exists Linux kernel up to 5 years of local mention the right vulnerability, affecting virtually all Linux mainstream distributions, a time limelight without the two, no less than some time ago of“Dirty Cow”in. For this black magic...

Ubuntu crash reporting tool there is a remote code execution vulnerability-vulnerability warning-the black bar safety net

Security researchers found the Ubuntu crash reporting tool there is a remote code execution vulnerability, an attacker may only need a malicious file will be able to capture a system. The vulnerability affects all default installations of Ubuntu Linux 12.10 Quantaland later version of theoperatin...

Through static analysis and detection binary code in Use-After-Free vulnerability-vulnerability warning-the black bar safety net

Use-After-Free is a well-known vulnerability types, is often a modern attack code The use of referring to Pwn2own 2016 on. In the research project AnaStaSec, AMOSSYS provides a lot of information about how the static detection binary code of such vulnerability. In this blog, we will send the read...

PHP garbage collection mechanism UAF vulnerability analysis-vulnerability warning-the black bar safety net

First, the PHP garbage collection mechanism introduction Because PHP is among the presence of circular references, only the refcount of the counter as a garbage collection mechanism is not enough, so in PHP5. 3 introduced a new garbage collection mechanism. $a = array'one'; $a = &$a; unset$a; ?&...

The Nagios Core code execution vulnerability, CVE-2016-9565 analysis-vulnerability warning-the black bar safety net

Author: p0wd3r, dawu know Chong Yu 404 security lab Date: 2016-12-15 0x00 vulnerability overview 1. Vulnerability description Nagios is a monitoring of the IT infrastructure program, recently security researchers Dawid Golunski found in Nagios Core there is a code execution vulnerability: an...

NTPD denial of service vulnerability, CVE-2016-7434 analysis-vulnerability warning-the black bar safety net

Author: LJ, dawu know Chong Yu 404 laboratory Preface NTP service for the Internet is essential, many things can and it linked together. Not so long ago, the sensational Germany off the network the event also appeared in its shadow. Ensure the NTP server's security is very important! 0x00...

Facebook chat history stealing vulnerability, the impact of the billion Messenger users-vulnerability warning-the black bar safety net

In this article, we describe in detail A in Facebook on find Server security vulnerabilities, this vulnerability might affect millions of CORScross-origin resource sharingin the Origin header to allow“NULL”value of the site, the vulnerability will threat the privacy of the user, the malicious...

Verizon Webmail client stored XSS vulnerability-vulnerability warning-the black bar safety net

Write in front of words Before that, I had specialized to write a technical article to explain in detail through Verizon Webmial client of server-side vulnerabilities article transfer gate button. But I recently went in this client found some very interesting vulnerabilities, these vulnerabilitie...

unsorted bin attack analysis-vulnerability warning-the black bar safety net

One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...

By means of DynELF achieved without libc exploit summary-vulnerability warning-the black bar safety net

In the absence of the target system libc file of the case, we can use pwntools the DynELF module to leak address information, thereby acquiring to shell. This article for linux puts and write, respectively, shows the implementation of the DynELF key function of the leak method, and by a 3-CTF top...

UCloud-201612-002: Linux kernel through kill to mention the right vulnerability Security Alert-vulnerability warning-the black bar safety net

Dear UCloud users: The Linux kernel is proof of the presence of conditions of competition of high-risk vulnerabilities, exploit the vulnerability from low rights processes executing kernel code, harm the serious. Please check you are using the kernel is in the affected range, and timely upgrades...

Microsoft Edge UXSS-the adventure of the endless world-vulnerability warning-the black bar safety net

Today we will work together to onlookers under the Microsoft Edge there is some design problem-when these issues are combined it will form a universal cross-site scripting attacks UXSS in. If you want to figure out this vulnerability, but you're just not a security researcher, you can try so...

NetGear lot of router remote command injection vulnerability analysis(Update Patch analysis)-vulnerability warning-the black bar safety net

0x01 introduction Two days before the NTP just doing the complete thing, the NetGear routerNETGEAR routerand to engage in things of T. T. The current CERT in the last week, five have issued a notice,“if the user comes to the router, it is recommended to stop use until the official release of the...