Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

全部节点
时间 节点
2024年5月26日 13:23 wohin
作者:毛泽东
论认识和实践的关系——知和行的关系
(一九三七年七月)
马克思以前的唯物论,离开人的社会性,离开人的历史发展,去观察认识问题,因此不能了解认识对社会实践的依赖关系,即认识对生产和阶级斗争的依赖关系。
首先,马克思主义者认为人类的生产活动是最基本的实践活动,是决定其它一切活动的东西。人的认识,主要地依赖于物质的生产活动,逐渐地了解自然的现象、自然的性质、自然的规律性、人和自然的关系;而且经过生产活动,也在各种不同程度上逐渐地认识了人和人的一定的相互关系。一切这些知识,离开生产活动是不能得到的。在没有阶级的社会中,每个人以社会一员的资格,同其它社会成员协力,结成一定的生产关系,从事生产活动,以解决人类物质生活问题。在各种阶级的社会中,各阶级的社会成员,则又以各种不同的方式,结成一定的生产关系,从事生产活动,以解决人类物质生活问题。这是人的认识发展的基本来源。
人的社会实践,不限于生产活动一种形式,还有多种其它的形式,阶级斗争,政治生活,科学和艺术的活动,总之社会实际生活的一切领域都是社会的人所参加的。因此,人的认识,在物质生活以外,还从政治生活文化生活中(与物质生活密切联系),在各种不同程度上,知道人和人的各种关系。其中,尤以各种形式的阶级斗争,给予人的认识发展以深刻的影响。在阶级社会中,每一个人都在一定的阶级地位中生活,各种思想无不打上阶级的烙印。
马克思主义者认为人类社会的生产活动,是一步又一步地由低级向高级发展,因此,人们的认识,不论对于自然界方面,对于社会方面,也都是一步又一步地由低级向高级发展,即由浅入深,由片面到更多的方面。在很长的历史时期内,大家对于社会的历史只能限于片面的了解,这一方面是由于剥削阶级的偏见经常歪曲社会的历史,另方面,则由于生产规模的狭小,限制了人们的眼界。人们能够对于社会历史的发展作全面的历史的了解,把对于社会的认识变成了科学,这只是到了伴随巨大生产力——大工业而出现近代无产阶级的时候,这就是马克思主义的科学。
马克思主义者认为,只有人们的社会实践,才是人们对于外界认识的真理性的标准。实际的情形是这样的,只有在社会实践过程中(物质生产过程中,阶级斗争过程中,科学实验过程中),人们达到了思想中所预想的结果时,人们的认识才被证实了。人们要想得到工作的胜利即得到预想的结果,一定要使自己的思想合于客观外界的规律性,如果不合,就会在实践中失败。人们经过失败之后,也就从失败取得教训,
2024年5月26日 12:53 wohin
作者:毛泽东
(一九三七年八月)
事物的矛盾法则,即对立统一的法则,是唯物辩证法的最根本的法则。列宁说:“就本来的意义讲,辩证法是研究对象的本质自身中的矛盾。”列宁常称这个法则为辩证法的本质,又称之为辩证法的核心。因此,我们在研究这个法则时,不得不涉及广泛的方面,不得不涉及许多的哲学问题。如果我们将这些问题都弄清楚了,我们就在根本上懂得了唯物辩证法。这些问题是:两种宇宙观;矛盾的普遍性;矛盾的特殊性;主要的矛盾和主要的矛盾方面;矛盾诸方面的同一性和斗争性;对抗在矛盾中的地位。
苏联哲学界在最近数年中批判了德波林学派的唯心论,这件事引起了我们的极大的兴趣。德波林的唯心论在中国共产党内发生了极坏的影响,我们党内的教条主义思想不能说和这个学派的作风没有关系。因此,我们现在的哲学研究工作,应当以扫除教条主义思想为主要的目标。
一、两种宇宙观
在人类的认识史中,从来就有关于宇宙发展法则的两种见解,一种是形而上学的见解,一种是辩证法的见解,形成了互相对立的两种宇宙观。列宁说:“对于发展(进化)所持的两种基本的(或两种可能的?或两种在历史上常见的?)观点是:(一)认为发展是减少和增加,是重复;(二)认为发展是对立的统一(统一物分成为两个互相排斥的对立,而两个对立又互相关联着)。”列宁说的就是这两种不同的宇宙观。
形而上学,亦称玄学。这种思想,无论在中国,在欧洲,在一个很长的历史时间内,是属于唯心论的宇宙观,并在人们的思想中占了统治的地位。在欧洲,资产阶级初期的唯物论,也是形而上学的。由于欧洲许多国家的社会经济情况进到了资本主义高度发展的阶段,生产力、阶级斗争和科学均发展到了历史上未有过的水平,工业无产阶级成为历史发展的最伟大的动力,因而产生了马克思主义的唯物辩证法的宇宙观。于是,在资产阶级那里,除了公开的极端露骨的反动的唯心论之外,还出现了庸俗的进化论,出来对抗唯物辩证法。
所谓形而上学的或庸俗进化论的宇宙观,就是用孤立的、静止的和片面的观点去看世界。这种宇宙观把世界一切事物,一切事物的形态和种类,都看成是永远彼此孤立和永远不变化的。如果说有变化,也只是数量的增减和场所的变更。而这种增减和变更的原因,不在事物的内部而在事物的外部,即是由于外力的推动。形而上学家认为,世界上各种不同事物和事物的特性,从它们一开始存在的时候就是如此。后来的变化,不过是数量上的扩大或缩小。他们认为一种事物永远只能反复地产生为同样的事物,而不能变化为另
2024年5月26日 10:23 Github_POC
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" Dolibarr ERP CRM <= v18.0.1中的不当输入验证在创建网站时未能去除用户提供的某些PHP代码,允许攻击者注入并评估任意PHP代码。\n[GitHub] 这是一个来自CVE-2023-4197的简单脚本,由于最初在HTB的宽灯机器上无法正常工作,因此稍作修改以便使其符合文档所述的使用方法。"
2024年5月26日 09:50 Github_POC
[GitHub]Men Salon Management System Using PHP and MySQL

" [GitHub] 使用 PHP 和 MySQL 的男士沙龙管理系统"
2024年5月26日 09:50 Github_POC
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.
[GitHub]Using CVE-2023-21768 to manual map kernel mode driver

" 将下列文字翻译为中文,要求信达雅:Windows辅助功能驱动程序 WinSock权限提升漏洞。\n[GitHub] 使用CVE-2023-21768手动映射内核模式驱动程序。\n\n请注意,翻译中的CVE-2023-21768可能是一个未来的漏洞代号,实际漏洞信息可能与此不符。在实际应用中,请以官方发布的漏洞信息为准。"
2024年5月26日 09:50 Github_POC
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
[GitHub]Using CVE-2021-40449 to manual map kernel mode driver

" Win32k权限提升漏洞:此CVE ID与CVE-2021-40450、CVE-2021-41357不同。\n[GitHub]使用CVE-2021-40449手动映射内核模式驱动。"
2024年5月26日 09:50 Github_POC
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" [GitHub] 这是一份来自CVE-2023-4197的简单脚本,经过了一点修改。之所以进行修改,是因为它最初在HTB的宽灯机器上无法正常工作。这意味着我们需要对脚本进行一点调整,然后按照文档说明来使用它。"
2024年5月26日 01:43 Stories by SAFARAS K A on Medi
Are you capable of mastering the entire system and exploiting all vulnerabilities?
Continue reading on InfoSec Write-ups »

" 您有能力掌握整个系统并利用所有漏洞吗?\n继续阅读InfoSec Write-ups »"
2024年5月26日 01:35 Confessions of a Penetration T
Unfortunately, due to medical reasons within my immediate family, despite my plans and intentions, I will not be able to fly to Monday's/Tuesday's CONFidence'24, for which I would like to sincerely apologize to everyone. Don't worry, nothing bad has happened – it’s simply safer for me to be nearby at home for the next few days.

As a result:
- Paweł Maziarz will be giving our joint presentation on his own – fortunately, Paweł is an absolutely excellent speaker and has a ton of his own material in the presentation (although he will still get a few slides from me). I'll add that we considered a hybrid model (Paweł in the room, me remotely), but ultimately, we feared that it simply wouldn’t work well.
- I won't be able to sign books – I especially want to apologize to those who in recent months have asked where they can catch me to sign books, and to whom I said I would be at CONFidence. I will be in Krakow again in September, but you can always write to me (preferably on Discord) and ask about upcoming opportun
2024年5月25日 21:48 Github_POC
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
[GitHub]Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Incl
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A submodule to demonstrate CVE-2024-32002. Demonstrates arbitrary write into .git.

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前,带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建,这种方式可以让 Git 被愚弄,将文件写入 \".git/\" 目录,而不是子模块的工作树。这允许在克隆
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.

" Git是一种版本控制系统。在Git版本2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2和2.39.4之前,可以利用Git中的一个漏洞来构建具有子模块的仓库,从而将文件写入`.git/`目录,而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子,使用户无法检查正在执行的代码
2024年5月25日 16:33 Github_POC
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
[GitHub]Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution

" Hash Form – Drag & Drop Form Builder插件for WordPress由于在所有版本至1.1.0版的'file_upload_action'函数中缺少文件类型验证,存在 arbitrary file uploads 漏洞。这使得未授权的攻击者能够在受影响的网站服务器上上传任意文件,可能导致远程代码执行。\n[GitHub] Hash Form – Drag & Drop Form Builder <= 1.1.0 - 未授权任意文件上传至远程代码执行"
2024年5月25日 16:33 Github_POC
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.
[GitHub]Wordpress - Copymatic – AI Content Writer & Generator <= 1.6 - Unauthenticated Arbitrary File Upload

"  unrestricted(不受限制的)上传具有危险类型漏洞的文件到Copymatic Copymatic – AI 内容撰写器和生成器。此问题影响了Copymatic – AI 内容撰写器和生成器:从n/a(未知)到1.6版本。\n[GitHub] WordPress - Copymatic – AI 内容撰写器和生成器 <= 1.6 - 未经身份验证的任意文件上传。"
2024年5月25日 13:35 Marco Ramilli Web Corner
The realm of artificial intelligence (AI) continues to expand, revealing new depths and complexities. In a recent and pioneering development, Anthropic has released a groundbreaking paper that delves into the inner workings of a Large Language Model (LLM) for the very first time. This research represents a significant step forward in addressing the long-standing challenge […]

" 人工智能(AI)领域不断拓展,揭示了新境界和复杂性。在最近的一项开创性发展中,Anthropic发布了首篇深入探讨大型语言模型(LLM)内部运作的论文。这项研究在解决长期存在的挑战方面迈出了重要一步 […]"
2024年5月25日 10:02 Github_POC
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
[GitHub]Unauthenticated Path Traversal in Nexus Repository 3

" Sonatype Nexus Repository 3中的路径遍历漏洞允许未认证的攻击者读取系统文件。该问题已在3.68.1版本中修复。\n[GitHub] Nexus Repository 3中的未认证路径遍历漏洞"
2024年5月25日 05:36 CXSECURITY Database RSS Feed -
Topic: 4BRO Insecure Direct Object Reference / API Information Exposure Risk: High Text:SEC Consult Vulnerability Lab Security Advisory < 20240522-0 > == title: Broken access ...

" 主题:4BRO不安全直接对象引用/API信息泄露风险:高\n\n正文:SEC Consult 漏洞实验室安全公告 <20240522-0>\n\n== 标题:失效的访问控制导致严重安全风险 ==\n\n尊敬的用户,\n\n我们发现了一个高危漏洞,涉及4BRO的API接口。此漏洞可能导致敏感信息泄露,对用户的安全造成严重影响。现将相关情况通告如下:\n\n1. 漏洞概述\n\n该漏洞源于4BRO API中的不安全直接对象引用。攻击者可以通过构造恶意的请求参数,实现对敏感数据的访问和泄露。经测试,该漏洞的风险等级为高。\n\n2. 漏洞影响范围\n\n受影响的API接口可能包括用户信息、敏感数据、系统配置等。具体影响范围需进一步调查分析。\n\n3. 建议措施\n\n为避免潜在的安全风险,我们建议用户立即采取以下措施:\n\n- 对API接口进行安全审查,确保访问控制机制健全;\n- 更新相关代码,修复不安全直接对象引用问题;\n- 加强API接口的安全防护,预防潜在攻击。\n\n4. 漏洞披露程序\n\n我们已将该漏洞报告给4BRO团队,并得到了积极的回应。4BRO团队正在积极修复该问题,并将及时发布更新版本。\n\n感谢您的关注和支持,我们将持续关注此漏洞的修复进展,并第一时间向您通报。如有任何疑问,请随时与我们联系。\n\n敬请注意安全!\n\nSEC Consult 漏洞实验室\n2024年5月22日"
2024年5月25日 05:36 CXSECURITY Database RSS Feed -
Topic: Jcow Social Network Cross Site Scripting Risk: Low Text:# Exploit Title: Jcow Social Networking 14.2 < 16.2.1 | Stored XSS # Date: 2024-05-23 # Author: tmrswrr # Vendor Homepage: ...

" 主题:Jcow社交网络跨站脚本风险:低\n\n文本:# 漏洞名称:Jcow社交网络14.2 < 16.2.1 | 存储XSS漏洞\n# 日期:2024-05-23\n# 作者:tmrswrr\n# 厂商官网:...\n\n翻译:\n主题:Jcow社交网络跨站脚本风险:低\n\n内容:# 漏洞名称:Jcow社交网络14.2 < 16.2.1存储跨站脚本漏洞\n# 日期:2024年5月23日\n# 作者:tmrswrr\n# 厂商官网:..."
2024年5月25日 05:36 CXSECURITY Database RSS Feed -
Topic: Debezium UI 2.5 Credential Disclosure Risk: Medium Text:# Exploit Title: Debezium UI - Credential Leakage # Google Dork: N/A # Date: [2024-03-11] # Exploit Author: Ihsan Ceti...
2024年5月25日 05:34 Hacking Dream
Need a Power-Up in Solo Leveling: Arise? Unlock Free Rewards with These Codes Want to level up your characters faster? Get the inside scoop on working Solo Leveling Arise redeem codes and how to use them in this regularly updated blog post.


Solo Leveling Arise Redeem Codes


Play on Mobile and PC!
This is where things get awesome – Solo Leveling: Arise is available for both mobile and PC. Plus, you can use the same account on both platforms! Progress at home, continue your adventure on the go!


Multiplayer Raids on the Horizon?
Rumors are swirling that a co-op multiplayer mode for challenging raids might be on the way. Imagine taking down epic bosses alongside your friends - the hype is real!


How to Redeem Solo Leveling Codes for Free
Open Solo Leveling Arise Game
Login to Solo Leveling Arise game
Click on Options, then go to Settings (Gear Icon)
Click on Account, then click on "Redeem Codes"
Pop up box appears, enter the below codes in it.
Exclusive Solo Leveling Arise Redeem Codes – Limited Time!
To ce
2024年5月25日 04:03 Github_POC
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).
[GitHub]POC for CVE-2023-46442 Denial of Service vulnerability found within Soot

" 在Java 8下的Soot v4.4.1之前的retrieveActiveBody函数中存在一个无限循环,这允许攻击者导致拒绝服务(DoS)。\n[GitHub] 在Soot中发现了CVE-2023-46442拒绝服务漏洞的证明漏洞。"
2024年5月25日 04:02 Github_POC
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
[GitHub]test CVE

" 在PHPGurukul紧急救护车租赁门户1.0中发现了一个漏洞,并被分类为有问题。此问题影响了组件添加救护车页面中的/admin/add-ambulance.php文件的一些未知处理。参数Ambulance Reg No/Driver Name的操作可能导致跨站脚本攻击。攻击可能从远程发起。该漏洞已公之于众,可能被利用。此漏洞的相关标识符为VDB-258683。\n[GitHub]测试CVE"
2024年5月25日 04:02 Github_POC
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
[GitHub]𓃌 - Atlassian Jira Information Disclosure SLA & Field names

" 受到影响的Atlassian Jira Server和Data Center版本允许远程未认证的攻击者通过/secure/QueryComponent!Default.jspa端点的信息泄露漏洞查看自定义字段名称和自定义服务级别协议(SLA)名称。受影响的版本是在8.5.8版本之前,以及从8.6.0版本到8.11.1版本之间。"
2024年5月25日 03:38 nccgroup
Let’s kick this off with some examples. Here’s a seamless loop illustrating CBC-mode encryption: Here’s a clip showing a code block being rewritten to avoid leaking padding information in error messages: Here’s an illustration of a block cipher operating in CTS mode: You may be surprised to learn that each of these illustrations was generated […]

" 让我们通过一些示例来开始。以下是一个展示CBC模式加密的无缝循环:以下是一个展示代码块被重写以避免在错误信息中泄漏填充信息的片段:以下是一个展示块密码以CTS模式运行的示意图:您可能会惊讶地发现,这些示意图中的每一个都是通过生成 […]"
2024年5月25日 03:35 Trustwave Blog
Organizations of all sizes need to be proactive in identifying and mitigating vulnerabilities in their networks. To help organizations better understand the value and process of a vulnerability scan, Trustwave’s Philip Pieterse, Managing Consultant for the Americas division of SpiderLabs and Dhervesh Singh, senior Security Consultant with SpiderLabs conducted a webinar exploring key offensive security testing methodologies: vulnerability scanning, penetration testing, and purple teaming.

" 无论组织规模大小,都需要积极主动地识别并减轻其网络中的漏洞。为了帮助组织更好地了解漏洞扫描的价值和过程,Trustwave的Philip Pieterse(美洲分公司SpiderLabs的管理顾问)和Dhervesh Singh(SpiderLabs的高级安全顾问)举办了一场探讨关键进攻性安全测试方法论的研讨会:漏洞扫描、渗透测试和紫队演练。"
2024年5月25日 03:02 nccgroup
Hello and welcome back to the Cryptopals Guided Tour (previously, previously)! Today we are taking on Challenge 17, the famous padding oracle attack. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks on them. You can read more about Cryptopals at https://cryptopals.com/. There’s a […]

" 您好,欢迎回到密码学之旅(之前,再之前!)!今天我们将挑战第17关,那就是著名的填充密码攻击。对于不知道的人来说,Cryptopals是一系列八个挑战,涵盖了常见的密码学构建和针对它们的常见攻击。您可以在https://cryptopals.com/了解更多关于Cryptopals的信息。这是一个……"
2024年5月25日 00:26 Stories by SAFARAS K A on Medi
Discover the technical breakdown of CVE-2024–4761, an out-of-bounds write vulnerability in Chrome’s V8 JavaScript engine, its impact…
Continue reading on InfoSec Write-ups »

" 探索CVE-2024-4761,这是Chrome的V8 JavaScript引擎中的一个越界写入漏洞,了解其技术细节和影响……\n继续阅读Infosec Write-ups »"
2024年5月25日 00:26 Stories by SAFARAS K A on Medi
Long time no see! I’ve been a bit preoccupied with other tasks besides bug bounty hunting, so I haven’t had the chance to post any blogs. But setting all that aside, today I want to share how I achieved every beginner bug hunter’s dream: scoring that first bounty. Still gives me chills just thinking about it!
So, without further ado, let’s dive into the details of this exhilarating experience.
Let’s get Started
The most important takeaway from this blog is simple:
Keep learning about different vulnerabilities and, more importantly, put that newly gained knowledge into practice. There are hundreds and thousands of websites out there waiting to be hunted, with millions of vulnerabilities just waiting to be discovered by someone.
Further Details
Here’s how it all went down. The bug that landed me my first bounty was actually a combination of two bugs:
GraphQL API key leak & cache poisoning.
The target? A private one I stumbled upon using some good ol’ Google dorking. (Psst, here’s a handy repo for some similar G
2024年5月25日 00:25 Stories by SAFARAS K A on Medi
How Search Engines Operate and Utilize Hidden Content
Continue reading on InfoSec Write-ups »

" 搜索引擎的运作原理及利用隐藏内容\n继续阅读InfoSec Write-ups »"
2024年5月25日 00:25 Stories by SAFARAS K A on Medi
In the Name of Allah, the Most Beneficent, the Most Merciful.
All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).
Let’s just begin with what brings us here today (giggled amusingly).
Portswigger SQLi labs con’td(Link to the First writeup)
Lab3: SQL injection attack, listing the database contents on non-Oracle databases
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.
The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.
To solve the lab, log in as the administrator user.
Solution
Most database types (except Oracle) have a set of views called the information schema. This provides inf