RT raptor: Spring4Shell: Security Analysis of the latest Java RCE ‘0-day’ vulnerabilities in Spring

Re @rodoassis

Re @LinusVanPelt83 @pen3t3r do you have the gf files? have the pattern files on github

spring-cloud-function SpEL RCE, Vultarget & Poc

pocsploit is a lightweight, flexible and novel open source poc verification framework:- file python3 single website python3

Re @bsysop @Bugcrowd Congrats brother. All the best.

Re @OriginalSicksec @hd_421 @wish_iwas Thank you very much.

Re @wdormann Excellent research.

Re @masteringburp We've reproduced this issue. We'll get this fixed. Thanks for the heads-up.

Re @masteringburp Thanks for following up. We'll investigate and get back to you.

Re @masteringburp Are you experiencing infinite redirections because the request is not modified with the correct headers from the redirection respons...

Ostorlab - A Security Scanning Platform That Enables Runnin...

CVE-2022-27254 - PoC For Vulnerability In Honda's Remote Keyless System

回复@适合开suv: 可能就是单纯的“菜” 或者说 没见过啥世面 等等 也是可能的嘛//@适合开suv:对于某些人来说乱才能赚大钱啊

老板 隔离都那么充实 羡慕～

充其量也就是一个手榴弹，硬是被带节奏成啥子核弹！

哎呦，短剑！好看！

从硬盘里把古老的"SnadBoy's Revelation"翻出来，在Win10上还能用，确认了几个密码。现在其他靠谱点的星号查看器还有啥？

回复@斐1238: 参考阅读：网页链接 //@斐1238:@来去之间 释放 @河森堡//@tombkeeper:2004年有一部电影《寻堡奇遇》，这部电影的情节非常荒谬。而如果你尝试探寻河森堡为什么被禁言，就会发现这件事和《寻堡奇遇》一样荒谬。

回复@Stardustsky: 参考阅读1：生儿但愿愚且鲁 参考阅读2：几件大事——是非观 //@Stardustsky:回复@tombkeeper:唉，明白，就是心理始终过不去

2004年有一部电影《寻堡奇遇》，这部电影的情节非常荒谬。而如果你尝试探寻河森堡为什么被禁言，就会发现这件事和《寻堡奇遇》一样荒谬。

那个120拒绝处理病人的事儿，其实我想起之前几天一个医生写的微博（我也转发了），大意就是一个高风险病人来问诊，行政调度让这位大夫自行判断，其实就是没出事儿大家都好，出事儿了大夫自己担。大夫明知如此，还是叹着气决定为这位病人处理，幸好没出事儿。具体到那位120的现场人员，我也觉得会面临 ...全文

如果你被丢到猴群里，可以把自己当成猴，也可以把自己当成人，都没问题。重要的是得把猴当成猴。只要不把猴当成人，就不会绝望。

友邦人士请勿担心，这边已经不让学了。

“五十之年，只欠一死；经此世变，义无再辱” //@来去之间://@金尘_:小时候不懂为什么他要在二战结束前自杀，后来接触了他的生平，有种注定发生的悲凉，开始理解了作家内心的绝望

RT Silcovist: Who's trying for a Black Badge this year @defcon #DEFCON30, and what event? Anyone looking for a partner MP/IG or an invaluable team add...

RT La Rs: Happy to be back @defcon and @BlackHatEvents in Person!! Together with my buddy @spodiary I will travel to @ParisVegas! Hope to meet some of...

RT WIRED: What happens when an old satellite is no longer in use but can still broadcast? Hacker shenanigans, that's what.

Re @AyZdll 感染した先生

We are beginning our next operation soon. April 1st, 2022 vx-underground will be renamed to vx-anime-middle-floor. vx-anime-middle-floor will be the l...

In other news, earlier today LAPSUS$ extortion group called out AgainstTheWest (alternatively referred as to ATW), a group of hackivists from Breached...

Re @HaboubiAnis Neat

Re @ihaveerektion @krabsonsecurity It is popular to hate on any widely used programming language.

"Now I am become Death, the destroyer of worlds." - Java, probably

Re @0xdestroyworlds @imn000f The password is in our bio

Re @cyb3rops Hahahahahaha

We have passed 100,000 followers 🥳 Thank you for this achievement. We look forward to continually serving the community with more malware and malwa...

Re @metantz1 @alwayswannahack @imn000f what

Re @alwayswannahack @imn000f The password is: - Listed on vx-underground - Memed on every comment - Listed in the Twitter bio - Can be Googled

RT frycos: Here it is: my blog post for a Pre-Auth RCE on the famous 3CX Phone Management System.

RT Jason Haddix: Another crypto hack due to "access" to systems. Sounds like web 2.0 to me ¯\_(ツ)_/¯ Crypto companies: invest heavily in web 2 secu...

CVE-2021-43663 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check...

CVE-2021-43662 totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource con...

CVE-2021-43661 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the componen...

CVE-2022-26646 Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.

CVE-2022-26645 A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a craf...

CVE-2022-26644 Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user...

CVE-2022-25008 totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.

CVE-2021-46010 Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. A...

CVE-2021-46009 In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurati...