Aggregator

这篇文章分享了作者作为漏洞赏金猎人和网络安全爱好者的经验，探讨如何通过系统性方法发现和利用常见漏洞类别来获得收益，并通过实际案例展示了如何将小问题转化为重大成果。文章适合零基础读者，并提供了持续学习的资源。

OAuth是一种允许第三方应用在不共享密码的情况下代表用户访问资源的框架。其核心组件包括授权服务器、客户端应用、授权码和访问令牌。通过令牌交换机制实现用户身份验证和资源访问控制。然而，配置错误或攻击（如CSRF和开放重定向）可能导致敏感信息泄露或账户接管（ATO），严重威胁用户安全。

小米召回超 11.6 万辆 SU7 标准版，雷军回应；特斯拉 Optimus AI 团队负责人离职加入 Meta；比亚迪仰望 U9 赛道版汽车官宣，超 3000 匹性能猛兽

当前环境出现异常，需完成验证后才能继续访问。

作者于2024年4月发现印度国家考试机构NTA的一个子域名使用Laravel框架，并通过目录遍历访问到.env文件，获取了数据库敏感信息。随后向CERT-In报告该漏洞并获确认。

作者通过回顾之前的安全测试报告，在某个子域名中发现了一个关键漏洞，并详细记录了这一过程。

作者通过回顾之前的渗透测试报告，在整理旧数据时发现了一个被遗忘的关键漏洞，并成功利用该漏洞进行攻击。

Active Directory中的Tombstone lifetime（TSL）决定了删除对象的保留时间，默认值为60天，Windows 2003 SP2后改为180天。此设置影响备份有效性、数据恢复及域控制器复制。建议将旧环境更新为180天以增强数据恢复能力。

点击查看更多本周网络安全大事件。

当前环境出现异常提示，需完成验证后才能继续访问。

A vulnerability has been found in Adobe Experience Manager AEM Cloud Service/6.5.18.0 and classified as problematic. This impacts an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2023-48440. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Adobe Experience Manager AEM Cloud Service/6.5.18.0 and classified as problematic. Affected is an unknown function. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-48441. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager AEM Cloud Service/6.5.18.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2023-48442. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Adobe Experience Manager AEM Cloud Service/6.5.18.0. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2023-48443. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Adobe Experience Manager AEM Cloud Service/6.5.18.0. Impacted is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2023-48557. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Adobe Experience Manager AEM Cloud Service/6.5.18.0. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2023-48558. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Adobe Experience Manager AEM Cloud Service/6.5.18.0. The impacted element is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2023-48559. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Adobe Experience Manager AEM Cloud Service/6.5.18.0. This affects an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2023-48560. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Adobe Experience Manager AEM Cloud Service/6.5.18.0. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-48561. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Adobe Experience Manager AEM Cloud Service/6.5.18.0. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2023-48562. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.