Aggregator

前几天AK了个腾讯的T-Star高校挑战赛，题目比较偏向Misc和Web，这里记录一下解题过程。

It?s all too common that IT security tools and practices come at the cost of productivity. Even physical security has this trade-off. There would be no rush to arrive at the airport an hour early if it weren?t for the extensive security measures that flying entails. As a result of this trade-off, our concern often isn?t if we can increase security in our networks ? rather, it?s if the increased security is worth the impact on the business.

Summary A critical flaw in Atlassian's Jira software that could be used to bypass authentication has been identified. Atlassian has issued an advisory detailing the versions vulnerable to the exploit. Threat Type Vulnerability Overview Be advised that X-Force Incident Command is tracking the disclosure of an authentication bypass vulnerability in Jira's web authentication framework, Seraph. Tracked as CVE-2022-0540 , the vulnerability scores a 9.9 CVSS score. A specially crafted HTTP request sent to vulnera

WSO2 proxy SSRF漏洞 WSO2-2019-0598

前言 CVE-2022-22947是Spring Cloud Gateway的一个SpEL命令注入漏洞，前一阵 …

继续阅读“CVE-2022-22947 注入哥斯拉内存马”

生擒0Day，活捉Botbet

前言

师兄们曾在牛客上总结了自己的秋招，在反复阅读的过程中深受鼓舞，所以在我的秋招基本告一段落之后也是选择记录下来，为社区贡献一点微薄之力。

We have big news this month. You may have already heard that we acquired Linode, creating the world?s most distributed compute platform. In addition, we have release announcements and new developer content to share with you!

A technical analysis of a new variant of the SparrowDoor malware.

WSO2 fileupload 任意文件上传漏洞 CVE-2022-29464