-
### Please describe your feature request:
Similar to [generate_java_gadget](https://docs.nuclei.sh/template-guide/helper-functions#deserialization-helper-functions), additional deserialization helper…
-
Hello,
Do you have any screenshots of this POC working? I'm having a hard time following your instructions to make everything work
-
## Summary
From @fzipi:
This should be valid ctl syntax: `ctl:ruleRemoveTargetById=123456;ARGS:/^mycookie_/`
It doesn't work on ModSecurity: longstanding unfixed issues https://github.com/Spi…
-
攻擊者學號:B10815052
被攻擊者學號與網址:B10815062 @yochan0412 https://demo.yochan.live/
漏洞類型:XSS(upload file)
漏洞描述
上傳php檔裡面使用
```
alert(1)
```
這樣php flag的檢查就會被掠過
PoC
```
alert(1)
```
…
-
Part of #98
Attempting to add RCE in a manner which might get past code review.
https://github.com/tintulip/web-application/commit/2cff27cabeb5aef4157f18fbf48bde830c25c814
Two REST endpoints…
-
The following is super hand-wavey and inspired largely by Chrome's approach to Linux Sandboxing: https://chromium.googlesource.com/chromium/src/+/master/docs/linux/sandboxing.md
Currently, Kibana r…
-
#### Could a mitigation or detection system be implemented in the replays unpacker, for [CVE-2022-31265](https://www.cve.org/CVERecord?id=CVE-2022-31265) ?
This vulnerability is currently affecting…
-
I use sqlmap to simulate the attack, both coraza and ModSecurity return 403
But ModSecurity logs the http response_code, cozara doesn't
The ModSecurity logging is "ModSecurity: Access denied with …
-
https://app.hackthebox.com/machines/Devvortex
```
$ nmap -sC -sV -Pn 10.10.11.242
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-08 07:05 JST
Nmap scan report for 10.10.11.242
Host is up…
-
When trying to analyze the spring4shell vulnerability and check if georchestra was affected (if you don't run georchestra with JDK >= 9 and don't use tomcat, then you are probably safe), I figured out…