Latest Infosec News and Articles
- Ipsourcebypass – This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers https://www.kitploit.com/2022/02/ipsourcebypass-this-python-script-can.html
- Multiple HTTP Redirects to Bypass SSRF Protections https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c
- Linux内核利用资料精选 https://github.com/0x0021h/pwnlinux
- A technique to semi-automatically find vulnerabilities in WordPress plugins https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
- wmiexec-RegOut – Modify Version Of Impacket https://t.co/L1A1nZ7Ucb , Get Output(Data,Response) From Registry, Don’T Need SMB Connection, Also Bypassing Antivirus-Software In Lateral Movement Like WMIHACKER https://www.kitploit.com/2022/02/wmiexec-regout-modify-version-of.html
- Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html
- Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware https://www.sentinelone.com/labs/moving-from-manual-reverse-engineering-of-uefi-modules-to-dynamic-emulation-of-uefi-firmware/
- ROP Chaining: Return Oriented Programming https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming
- Program for determining types of files for Windows, Linux and MacOS https://github.com/horsicq/Detect-It-Easy
- CVE-2022-21882 https://github.com/L4ys/CVE-2022-21882
Latest Vulnerabilities, POCs, and Exploit
- Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit) https://www.exploit-db.com/exploits/50714
- Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit) https://www.exploit-db.com/exploits/50713
- Servisnet Tessa – Privilege Escalation (Metasploit) https://www.exploit-db.com/exploits/50712
- WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50707
- PHP Unit 4.8.28 – Remote Code Execution (RCE) (Unauthenticated) https://www.exploit-db.com/exploits/50702
- WordPress Plugin 404 to 301 2.0.2 – SQL-Injection (Authenticated) https://www.exploit-db.com/exploits/50698
- Fetch Softworks Fetch FTP Client 5.8 – Remote CPU Consumption (Denial of Service) https://www.exploit-db.com/exploits/50696
- WordPress Plugin Download Monitor WordPress V 4.4.4 – SQL Injection (Authenticated) https://www.exploit-db.com/exploits/50695
