0x01 accident background At 01:10 on November 26, 2021, Company P is deploying a certain business system in the production environment, but in fact, they have already completed a deployment as early as 00:30, but the strange thing is that no matter what If it failed the verification, I had no choice but to overthrow […]
Tag: appearance
16-3_Qt 5.9 C++ Development Guide_Using QStyle to set the appearance of the interface_Achieve the matching of interface effects under different systems
Article directory 1. The role of QStyle (to achieve the matching of interface effects under different systems) 2. Use of Qt built-in styles 3. Source code 3.1 Visual UI design 3.2 mainwindow.cpp 1. The role of QStyle (to achieve the matching of interface effects under different systems) Qt is a cross-platform class library, and the […]
Prototype Chain Pollution and Code-Breaking 2018 Thejs Reappearance
What is prototype chain pollution In the history of JavaScript development, there are few real private properties. All properties of a class are allowed to be accessed and modified publicly, including proto, constructor and prototype. An attacker can override or pollute these proto, constructor and prototype properties by injecting other values. Then, all objects that […]
Sandbox Escape and Competitive Vulnerability Reappearance
Directory sandbox escape principle When this points to window When this points to null and no other objects are available The first trigger method The second trigger method The third trigger method Vulnerability recurrence competitive vulnerability Sandbox escape Principle When this points to window 1. This directly points to the window, get the constructor of […]
JS Sandbox Bypass and Race Condition Vulnerability Reappearance
Directory 1. Sandbox bypass 1. Concept 2. Example analysis 2.1 Example 1 of the vm module (using the context object or this pointer) 2.2 Example 2 of the vm module (using the toString attribute) 2.3vm2 module example 1 (trigger call stack overflow exception) 2.4 Example of vm2 module (prototype chain pollution + import dynamic import) […]
Appearance mode – providing a unified entrance
1. Introduction 1.1, Overview In software development, sometimes in order to complete a more complex function, a class needs to interact with multiple other business classes, and these business classes that need to interact often appear as a complete whole, because there are many classes involved, The code is more complicated when used. At this […]
CVE-2022-22978 Spring Security Authentication Bypass Vulnerability Reappearance and Poc Exploitation
Directory foreword 1. Environment construction 2. Principle Analysis of Vulnerability Trigger Points 3. poc verification Summarize Foreword In Spring Security prior to 5.5.7, prior to 5.6.4, and older versions that were not supported, applications using RegexRequestMatchers that contained “. ), carriage return \\ (\r) bypass, this vulnerability can be exploited to bypass identity authentication without […]
Vulnhub Penetration Test DC-1 Vulnerability Reappearance
Shooting range download link: https://download.vulnhub.com/dc/DC-1.zip Experimental background: DC-1 is a vulnerable experimental environment, the ultimate goal is to allow attackers to gain root privileges and read flags. Attacker ip: 192.168.179.131 DC1 target ip: 192.168.179.7 Goal: Get 5 flags on the target 1. Intranet penetration First use namp to scan the entire network segment to find […]
Vulnhub Penetration Test DC-2 Vulnerability Reappearance
Shooting range download link: https://download.vulnhub.com/dc/DC-2.zip Experimental background: DC-2 is a vulnerable experimental environment like DC-1. The ultimate goal is to allow attackers to obtain root privileges and read flags. Attacker ip: 192.168.179.131 kali DC1 target ip: 192.168.179.8 ubantu Goal: Obtain 5 flags on the target Difficulty: Low 1. Intranet penetration First use namp to scan […]
Fastjson Remote Code Execution Vulnerability (CNVD-2019-22238) Vulnerability Reappearance
For your reading convenience, click on the blue font below to jump ↓↓↓ 01 Vulnerability description 02 Scope of influence 03 Verification method 04 How to use 05 Practical cases 06 Repair plan 01 Vulnerability description Fastjason is Alibaba’s open-source JSON parsing library, which can parse JSON-formatted strings, support serialization of Java Beans into JSON […]