Aggregator

JNDI注入攻防全解析:从低版本RCE到高版本绕过分析

先知技术社区
1 hour 51 minutes ago
前言我们将从最经典的低版本 RMI/LDAP + 远程 Codebase 利用切入,剖析 Reference 如何触发远程类加载、静态块如何成为 RCE 的第一落点;继而聚焦高版本 JDK 的防护逻辑——为何 trustURLCodebase 默认关闭后传统利用失效?又如何通过“本地工厂”这一合法身份实现权限跃迁?文中详细拆解了三种主流绕过路径:Tomcat 的 BeanFactory:借 EL

面向强加固 Android 应用的 Intent-aware 灰盒 fuzzer

先知技术社区
1 hour 55 minutes ago
AHA-Fuzz 是首个针对 Android 加固应用的 Intent 感知灰盒模糊测试框架,基于 eBPF 技术开发。它通过有效 Intent 生成器、选择性覆盖反馈机制和增强检测能力三大创新,解决了加固应用难以分析的问题。实验表明,AHA-Fuzz 比现有方法多触发 92.3% 的 Intent、速度快 3.45 倍、执行方法数多 23.9%,并发现了 47 个新漏洞(其中 6 个已被 Goo

DOM Clobbering:前端隐蔽攻击的“变量劫持”术与防御解析

先知技术社区
1 hour 55 minutes ago
在Web前端安全防护体系中,XSS、CSRF等传统威胁的防御已形成成熟方案,但DOM Clobbering(DOM篡改攻击)这类依托浏览器原生解析特性的攻击,因隐蔽性较高常被忽视。其核心原理是通过构造特定HTML元素,覆盖页面全局变量或函数,进而篡改业务逻辑。相较于需注入脚本的XSS,该技术仅利用DOM解析默认行为即可实现攻击,具备独特的绕过优势。本文将以“原理拆解+代码实战+防御落地”的结构,聚

Apache Causeway (CVE-2025-64408) 反序列化远程代码执行漏洞分析

先知技术社区
1 hour 56 minutes ago
Apache Causeway 是 Apache 基金会开源的 Java 企业级领域建模框架,基于 Spring Boot 架构,能够为实体类、领域服务和 ViewModel 自动生成 Web 界面与 API 接口,广泛应用于企业级管理系统的构建。 在受影响的版本中,框架在处理 ViewModel 的书签(bookmark)与 URL 片段时存在严重的安全缺陷:**系统将客户端可控的内容直接作为

Wasm边界逃逸:前端二进制模块的隐蔽攻击与防御深度研判

先知技术社区
1 hour 56 minutes ago
WebAssembly(Wasm)作为前端二进制执行技术,其设计初衷是通过接近原生的执行效率弥补JS在计算密集型场景的不足,目前已广泛应用于加密算法实现、视频编解码、3D游戏引擎等核心领域。与传统前端脚本不同,Wasm通过二进制格式存储指令与数据,虽具备抗篡改能力提升的表象,但由于需与JS环境通过特定API完成交互,其安全边界由“Wasm内存隔离机制”与“JS运行时环境”共同界定,形成了独特的边界

Fastjson2 RCE 深度剖析:从黑名单绕过到双代理链利用

先知技术社区
1 hour 58 minutes ago
前言本文深入剖析 Fastjson2 ≤2.0.26 的序列化触发机制,并重点揭秘在 ≥2.0.27 版本下如何巧妙利用 Spring AOP 代理(JdkDynamicAopProxy) 与 ObjectFactoryDelegatingInvocationHandler 双重动态代理链,绕过黑名单限制,实现稳定 RCE 环境搭建Fastjson2<=2.0.26在tostring打个断点

CVE-2025-14697 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3 /ExportFiles/ file access

VulDB Recent Entries
2 hours ago
A vulnerability categorized as problematic has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. This vulnerability is cataloged as CVE-2025-14697. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-14696 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3 UpdatePasswordBatch password recovery

VulDB Recent Entries
2 hours ago
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. This vulnerability is listed as CVE-2025-14696. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-14695 | SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b Inter-plugin API index.js html_renderer action dynamically-managed code resources

VulDB Recent Entries
2 hours 8 minutes ago
A vulnerability was found in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. It has been declared as critical. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code resources. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-14695. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

记一次从容器到域控得渗透过程

先知技术社区
2 hours 12 minutes ago
主要攻击链路: 信息泄露->CVE-2025-2945 ssh横向->隧道搭建 NFS no_root_squash漏洞->docker ca 接管 ldap 配置篡改 -> Responder 进行ldap投毒 域凭证捕获 -> gMSA 密码检索 AD CS 滥用 -> 证书身份冒充 域管理员

Managed ad