-
1.希望能开放更多POST传参的enctype,看上去好像默认只有json格式
2.做题的时候发现一个waf是倒序处理,将payload倒序即可,因此希望添加倒序payload到fuzz库
-
# 每日安全资讯(2023-06-04)
- HackerOne Hacker Activity
- [ ] [Regression on dest parameter sanitization doesn't check scheme/websafe destinations](https://hackerone.com/reports/1962951)
- Security Boulev…
-
TODO
python SSTI的环境实在是太过多样,不仅jinja和flask的版本可能不同,背后的python版本都可能不同。
比如说[这题](https://www.nssctf.cn/problem/3022/),其python版本是python2,这导致dict类型转成字符串后不是``而是``,从而导致生成任意字符串产生错误,最终导致获取到错误的属性而使环境产生HTTP 50…
-
BlackDuck scan reports medium security risk in ejs v3.1.8 (transitive dependency for oclif/core v2.15.0).
> Description
ejs is vulnerable to server-side template injection (SSTI) leading to remot…
-
绕过规则已经写好了,但是比赛还在进行中,暂时先放个Issue在这里。
比赛结束后会把对应的分析和新版本放出来。
-
# 每日安全资讯(2023-06-24)
- HackerOne Hacker Activity
- [ ] [Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links](https://hackerone.com/reports/1716016)
- [ ] [Exter…
-
-
Reference to https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI
-
Vulnerable Library - spring-boot-starter-thymeleaf-2.7.12.jar
Path to dependency file: /springboot/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.…
-
## CVE-2023-38286 - High Severity Vulnerability
Vulnerable Library - thymeleaf-3.1.1.RELEASE.jar
Library home page: http://www.thymeleaf.org
Path to dependency file: /pom.xml
Path to vulnerable lib…