Hack found iPhone X new vulnerabilities: can be get the device deleted pictures-vulnerability warning-the black bar safety net

According to Forbes 11 May 14 reported that, in Tokyo, Japan Day held at the Mobile Pwn2Own competition, two members of the hacker Richard Zhu and Amat Cama team up to attack a computer running Apple's latest iOS 12.1 system of the iPhone X, and successfully acquired a piece of already deleted...

VirtualBox virtual machine latest escape vulnerability E1000 0 day detailed analysis of the on-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2. 20 early versions of the 0 day vulnerabilities detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take...

CNNVD about Microsoft more security vulnerability Advisory-vulnerability warning-the black bar safety net

Recently, the official Microsoft has released multiple security vulnerabilities in the Bulletin, including Microsoft Internet Explorer security vulnerability, CNNVD-201811-349, CVE-2018-8570, the Microsoft Word security vulnerabilities CNNVD-201811-387, CVE-2018-8539）、（CNNVD-201811-388,...

VirtualBox VMSVGA a plurality of virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net

VirtualBox simulates a VMware virtual SVGA devices, which interface the detailed information and programming model can be on the network from public access. In addition, in the VMware hosted I/O architecture of GPU virtualization on paper, for the VMware SVGA device architecture had a very good...

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

Ruby2. X remote code execute vulnerability analysis of the deserialization gadget chain-vulnerability and early warning-the black bar safety net

Description This article will detailed introduction to ruby any deserialization use, at the same time also released the first General-purpose gadget chain, to achieve the Ruby 2. x arbitrary command execution. In the next article, I will explain in detail the deserialization of the problem and Th...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

Java deserialization vulnerability: in a restricted environment from vulnerability discovery to get a reverse Shell-vulnerability warning-the black bar safety net

Java deserialization vulnerability can be said that the Java security a piece of heart disease, in recent years more in the security sector“in the limelight”in. Actually say to the Java deserialization issues, as early as the beginning of 2015 in AppSecCali conference, two security researchers,...

Suspected“Group 123” APT groups using the HWP software is not disclosed vulnerabilities in targeted attacks analysis-vulnerability warning-the black bar safety net

Background 2018 9 October 20, 360 Threat Intelligence Center in the Daily sample analysis and tracking process found an example for Korean word processing software Hancom Office design exploits the sample. Through a detailed analysis found that the sample suspected with the APT organization“Group...

The Windows VBScript Engine RCE vulnerability of CVE-2018-8174 analysis and use-vulnerability and early warning-the black bar safety net

A, vulnerability introduction The VBScript Engine handles objects in memory there is a remote code execution vulnerability. The vulnerability could an attacker can in the current context of the user in the execution of arbitrary code in the way to spoil the memory. Successful exploitation of this...

Researchers wishing to publish Microsoft Edge browser 0-day sandbox escape vulnerability-vulnerability warning-the black bar safety net

In recent days, according to Twitter nickname is@Yux1xi（Yushi Liang security researchers revealed that he plans to publish on a Microsoft browser Microsoft Edge 0-day vulnerability that can be achieved for Edge browser remote code execution RCE, and@Yux1xi also claimed that he and his Russian...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...

Have hack found iOS 12.1 a new password bypass vulnerability-vulnerability warning-the black bar safety net

According to foreign media reports, in Apple for iOS 12 released a security patch after a few hours, iOS enthusiast, hacker Jose Rodriguez in iOS 12.1 found yet another vulnerability that can bypass the password using a group FaceTime access to the contact list. As Rodriguez on YouTube uploaded t...

Windows vulnerability allows hackers administrator permission to transfer to the guest account-vulnerability warning-the black bar safety net

Colombia cyber security experts SebastianCastro recently shared a report, the disclosure of the Windows system in the“critical”level vulnerabilities, allowing hackers the administrator permission to transfer to the other account. The vulnerability from the Windows XP system already exists, in a...

Microsoft Edge browser-explosive high-risk vulnerabilities, controlled by computer-executable any command-vulnerability warning-the black bar safety net

10 on 12 May, security researchers released a Windows Shell REC（ CVE-2018-8495, the vulnerability proof of concept code, the affected software for Windows 10 built-in Microsoft Edge, the attacker can use the code through the Microsoft Edge browser on the remote computer to run malicious code. It ...

The defect-week session of the fourth term: XML external entity injection-vulnerability warning-the black bar safety net

Code audit is the use of static analysis to discover the source code of the security flaws of the method can aid in the development or testing personnel in a software on-line prior to a more comprehensive understanding of its security concerns, preventive measures, and therefore has always been t...

See how I found Yahoo Mail APP stored XSS vulnerability-vulnerability warning-the black bar safety net

! Today I want to share is to participate in Yahoo（Yahoo!） Vulnerability all test items to find the one on Yahoo Mail iOS app vulnerability, and ultimately, by virtue of the vulnerability, I go into the Yahoo security Hall of Fame and get a$3500 dollar reward. Vulnerability case My test object is...

See how do I find Starbucks subdomain hijacking vulnerability-vulnerability warning-the black bar safety net

! Recently, I seem to and Starbucks and by Chance, the continuous discovery of its two sub-domain name hijacking vulnerability, the balloon won$4000 dollars. Wherein, the first vulnerability is based on Microsoft's Azure cloud service discovery, this time the second vulnerability is also very...

The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

DEFCON 26 | use of the Fax function of the vulnerability to penetrate into the corporate network Faxploit-a vulnerability warning-the black bar safety net

! From the ancient times of the flying Pigeon pass book to the later postal courier, the author and the recipient between the physical message transfer mode gradually in the evolution, and after that Fax technology to some extent, help people get out of a letter delivered to the dark ages. Howeve...

Android system broadcast mechanism the presence of vulnerabilities, the malware can bypass security mechanisms to track The user-to vulnerability and early warning-the black bar safety net

Foreign to the researchers of the Android Vulnerability, CVE-2018-9489. The Android system of internal broadcast mechanism will expose the sensitive user and device information, the mobile applications installed on the user's knowledge or without permission access to this information. ! The Andro...

CVE-2018-8412: by MS Office for Mac Legacy Package to provide the right-vulnerability warning-the black bar safety net

Note: a patch has been released, please will you MAU upgrade to 18081201 ! Microsoft Autoupdate Helper 3.18180410 + legacy SilverLight insecure installer package EoP Scope of impact: Microsoft Office for Mac 2016 and SkypeForBusiness（16.17.0.65） This report relates to two main defects: 1. Code...

MetInfo arbitrary file read vulnerability fix with a bypass-vulnerability warning-the black bar safety net

404 laboratory inside the WAMWeb application monitoring program, the end of this article related to WAMsurveillance to MetInfo version of the update, and automatically diff files from the diff point of view, should be to fix a arbitrary file read vulnerability, but did not fix completely, resulti...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

ghostscript command execution vulnerability alerts-a vulnerability alert-the black bar safety net

8 on the 21st, Tavis Ormandy disclosed by the mail list hxxps://bugs. chromium. org/p/project-zero/issues/detail? id=1640, and again that ghostscript security sandbox can be bypassed by constructing a malicious image content, can cause the command execution. ghostscript is widely used, ImageMagic...

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

! 2018 4 months, I to Apache Struts and the Struts security team reported a new remote code execution vulnerability--CVE-2018-11776（S2-057 in to do some configuration on a server running Struts, and can be accessed via the carefully constructed URL to trigger the vulnerability. This discovery is ...

zzcms 8.3 arbitrary file deletion vulnerability deep thinking-vulnerability warning-the black bar safety net

In the analysis of the already existing cve in the process, discovered zzcms 8.3 comparison of the previous version of the function improved, so by the follow-up look, there is no problem, and sure enough found the problem. CMS for file storage implementation Because I myself have done similar cm...

See Orange Tsai how to use the four Bugs to achieve Amazon the collaborative platform of the RCE vulnerability-vulnerability warning-the black bar safety net

! Taiwan white cap Orange Tsai（Cai governance up invited to this session of the Black Hat USA and DEFCON 26 post subject speeches, in the Breaking Parser Logic! Take Your Path Normalization Off and Pop 0days Out of his speech, he shared how based on the“inconsistencies”in Security, Integrated the...

php new exploit techniques—phar://-bug warning-the black bar safety net

Last week, in the United States the BlackHat conference to announce a for the PHP application to the new exploit. You can be in this article to understand it. Summary From Secarma security researcher Sam Thomas discovered a new exploit way, you can not use the php function unserializeis the...

CoinHive intelligent web mining two or three thing-vulnerability warning-the black bar safety net

Mining has now become black hat profit, the main means of recently Internet by chance found part of the website is hung it to exist after the web mining behavior, different from the conventional virusoperating systemin the mining acts, pages mainly on the site hanging on the malicious JS scripts,...

Use CVE-2018-8373 0day vulnerabilities the attacks the Darkhotel gang-related analysis-vulnerability warning-the black bar safety net

Background 2018 8 on 15 May, the network security company Trend Micro disclosed its in this year 7 month to capture an example in the wild 0day vulnerability to attack, the attack uses the Windows VBScript Engine code execution vulnerability, through the analysis and comparison found that the 0da...

See how I found the Yahoo XSSi vulnerability to achieve the user information stealing-vulnerability warning-the black bar safety net

! Find some specific categories of vulnerability is composed of two key parts, that is the vulnerability the cognitive as well as mining the degree of difficulty. Cross-site script contains a vulnerabilityXSSi in a recognized security standards OWASP TOP 10 and is not mentioned, but it is also no...

Zip Slip arbitrary file overwrite vulnerability analysis-vulnerability warning-the black bar safety net

Zip Slip is a widespread arbitrary file overwrite vulnerability, usually leads to remote command execution. The vulnerability affects range greatly: the 1. Affected products: Hewlett-Packard, Amazon, apache, Pivotal, etc.; 2. The affected programming languages: JavaScript, Python, Ruby,. NET, Go,...

For ASP. NET resource files. RESX and deserialization vulnerability research-exploit warning-the black bar safety net

ASP. NET application resource files are typically used as a localized storage, they can be used to store user interface elements or can be easily translated string to1. These resource files are generally used. resx as the file expansion name, and when they are in. resources as files to expand the...

Ethernet place the JSON-RPC Interface to a variety of stolen currency technique big secret-vulnerability warning-the black bar safety net

In 2010, Laszlo the use of 10,000 bitcoin to buy a $ 25 pizza is considered bitcoin in the real world in the first transaction. In 2017, the block chain technology as the digital currency's price soared and standing on the air above. Who could have imagined that in 2010 that two pieces of pizza,...

To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net

! Write in front of words Recently we found a to attempt to exploit CVE-2018-4878 Flash Player vulnerability, vulnerability to attack, its sequence and we currently find any loopholes to use the tool are not the same. After investigation, we found that this is a Chinese security company qihoo 360...

Router vulnerability reproduce the ultimate Upanishads--based on the MIPS shellcode writing-vulnerability warning-the black bar safety net

Foreword Today we talk about how in the MIPS architecture to write shellcode for. In the previous two articles, we were introduced based on the MIPS buffer overflow practice, and further how to use learn to the overflow of knowledge reproduction and verification of router vulnerabilities. But in...

The first Spark REST API is not authorized to exploit analysis-exploit warning-the black bar safety net

2018 7 on 7 May, Ali Cloud Security for the first time to capture the Spark REST API unauthorized RCE vulnerability to attack of real samples. 7 on number 9 plays, Ali Cloud Platform has been able to the default of Defense the vulnerability of the large-scale use. This is the first time in...

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

A large number of Bluetooth devices and systems will be protected by encryption Vulnerability CVE-2018-5383 impact-vulnerability warning-the black bar safety net

Recently, a security research expert in a certain Bluetooth device is found in a high-risk encryption Vulnerability CVE-2018-5383, and an unauthenticated attacker in physical proximity to the target device, this vulnerability will allow them to intercept, monitor or tamper with equipment of the...

Note DedeCMS a hash length of the expanding attacks caused by unauthorized vulnerability-vulnerability warning-the black bar safety net

Vulnerability impact: Dedecmsweaving dreams CMS V5. 7. 72 the official version of the 20180109 latest version The vulnerability principle DedeCMS user authentication by the authentication Cookie in the DedeUserID and DedeUserIDckMd5 carried out, as follows: ! Where$cfgcookieencode is installed wh...

Router vulnerability reproduction: from the principle to the first verification-vulnerability and early warning-the black bar safety net

The IOT vulnerability to reproduction and the traditional system vulnerabilities to reproduce the different point is that the physical network vulnerability depends on the hardware, almost every vulnerability all have to buy a new piece of hardware to reproduce, which is different from the...

Ethernet place more than one contract there is unlimited additional high-risk vulnerabilities-vulnerability warning-the black bar safety net

Recently, the Internet broke the AMR contract in the presence of high-risk security risk trading, through the study found that the AMR contract in the presence of batch transfer overflow vulnerability: when the contract to achieve the batch transfer function, it is easy to in the calculation of t...

See how I found the Apple official website Apple. com Unrestricted File Upload vulnerability-vulnerability warning-the black bar safety net

! Previous article, I shared the Amazon websiteXSSvulnerability and Bol. com open redirection vulnerability, today I and everyone talk about insecure server configuration problem, a lot of times, the server configuration errors will cause some columns to the directory or unrestricted file upload...

Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net

0×1 Overview Many business websites use the Apache open source project to build a http server, which is most of the use of the Apache sub-project of Struts in. But since the Apache Struts2 Product code there are more risks, beginning in 2007, Struts2 will frequently broke multiple high-risk...

Analysis antivirus BitDefender of an integer overflow vulnerability, the first part-the vulnerability warning-the black bar safety net

In software vulnerabilities“Pantheon”, the security software vulnerability is considered other than software vulnerabilities in more serious. We rely on security software to defend against attackers, so our defensive system in the vulnerability only allows an attacker to cause harm, but also will...

Analysis antivirus BitDefender integer overflow vulnerabilities Part II--exploit-vulnerability warning-the black bar safety net

Our last article reviewed from Pagefault submitted content, detailed description of the Bitdefender antivirus product of the integer overflow problem. Although only rely on the content of these is sufficient to the supplier to submit a bug report, but the Pagefault by providing a...

The MIPS buffer overflow vulnerability practice-vulnerability warning-the black bar safety net

This practice from the learn-decrypt router vulnerability notes, and summaries. Mainly used to review and consolidate the entire process, the entire process is not very smooth, the main problem in the point that the overflow function of the address determination. This write your own exploit code ...

See how I dig in and successfully exploited India's Popular Sports company web site Host header SQL injection vulnerability-vulnerability warning-the black bar safety net

Today I want to share one I'm doing bugbounty project, discovered a very interesting vulnerability, and this vulnerability appeared in India, a popular sports company website. This article is about“how do I use the host header to find out theSQL injectionvulnerabilities, and the use of sqlmap...