Article directory 1. Background 2. Method 2.1 Eureka Server adds security components 2.2 Eureka Server adding parameters 2.3 Restart Eureka Server 2.4 Eureka Server upgraded version 2.5 Eureka Client configuration 2.6 Eureka Server Add Code 2.7 Other issues 1. Background The Spring Boot used by the project team is relatively old, 1.5.4.RELEASE. An unauthorized access […]
Tag: unauthorized
One article to solve: Swagger API unauthorized access vulnerability problem
Swagger is an open source software framework for designing, building, documenting, and consuming RESTful style web services. It makes it easier for developers to view and test API interfaces by providing an interactive documentation page. However, in some cases, unauthorized access may result in a security breach. This article will describe how to resolve the […]
JAVA code audit-vertical unauthorized vulnerability analysis
View the page of this cms system background administrator to add users Click to add an administrator This module is only available to administrators, ordinary users do not have this module. Open the source code and analyze whether there are any unauthorized vulnerabilities. ————————————————– ————————————————– ——– Form code <form name=”adminForm” id=”adminForm”> <input type=”hidden” name=”item” value=”${item}” […]
JWT unauthorized access vulnerability
JWT unauthorized access vulnerability Article directory JWT unauthorized access vulnerability Original reference: [xiu](http://www.xiusafe.com/2023/02/08/JWT/) 1 Shooting range setup: 2 Header composition of JWT 2.1 Head 2.1.1 alg: 2.1.2 type: 2.2 payload 2.3 Signature 3 Vulnerability recurrence 3.1 Attack point token (third level) 3.2 Parse and encrypt the token value base64 encryption method, which can only be […]
Service security-application protocol rsync unauthorized & ssh vulnerability recurrence
Directory Service Attack and Defense – Application Protocol rsync &ssh Vulnerability Recurrence Vulnerability recurrence Improper configuration – unauthorized access – rsync file backup OpenSSH username enumeration vulnerability libssh authentication bypass vulnerability Service Attack and Defense – Application Protocol rsync & ssh Vulnerability Recurrence Vulnerability recurrence Improper configuration-unauthorized access-rsync file backup rsync default port: 873 rsync […]
E044-Service vulnerability exploitation and reinforcement-Using redis unauthorized access vulnerability to escalate privileges
Task implementation: E044-Service vulnerability exploitation and reinforcement-Using redis unauthorized access vulnerability to escalate privileges Task environment description: Server scenario: p9_kali-6 (username: root; password: toor) Server scenario operating system: Kali Linux 192.168.32.123 Server scenario: p9_linux-6 (username: root; password: 123456) Server scenario operating system: Linux 192.168.32.147 ————————————————– ————————————————– ————————– Experimental Level: intermediate Task scenario: 【Task Scenario】 Panshi […]
Database Security-Redis Unauthorized&Hadoop&Mysql&Unauthorized Access&RCE Vulnerability Recurrence
Directory Database Security – & amp;Redis & amp;Hadoop & amp;Mysql & amp;Unauthorized Access & amp;RCE definition Vulnerability recurrence Mysql-CVE-2012-2122 vulnerability Hadoop – Improper Configuration Unauthorized Trio & RCE Vulnerability Redis-Unauthorized Access-Webshell &Task &Key&RCE, etc. Vulnerability definition: Vulnerability causes Vulnerability hazards Vulnerability recurrence Redis-Unauthorized Access-Webshell & Scheduled Tasks &Keys &RCE redis command execution (RCE) redis sandbox […]
Unauthorized and code execution vulnerability characteristics and detection methods
Article directory 1. Unauthorized access to Redis 2. Unauthorized access to MongoDB 3. Unauthorized access to Elasticsearch 4. Unauthorized access to Rsync 5. Windows RDP remote code execution vulnerability (CVE-2019-0708) 6. Tomcat Web Console Weak Password 7. WebLogic console weak password & deserialization series vulnerabilities 8. WebLogic SSRF (no detection method) 9. WebLogic deserialization tool […]
Weblogic Unauthorized Remote Code Execution Vulnerability (CVE-2023-21839)
Foreword: Weblogic allows remote users to perform JNDI lookup operations through IIOP/T3 without authorization. When the JDK version is too low or javaSerializedData exists locally, this may lead to RCE vulnerabilities. 0x00 Environment Settings In this experiment, we used P God’s vulhub. Start environment: cd /vulhub-master/weblogic/CVE-2023-21839 docker compose up -d After the startup is complete, […]
[4-unacc] redis unauthorized access vulnerability
Experimental purpose Reproduce and analyze the [4-unacc] redis unauthorized access vulnerability, and exploit this vulnerability in multiple ways to achieve the effect of rebounding the shell. Skill growth Through this experiment, you can understand the redis unauthorized access vulnerability and learn the famous Redis unauthorized access vulnerability. Preliminary knowledge What is Redis Generally speaking, there […]