pyn3rd

@pyn3rd

Pop-up Calculator. Tweets are my own.

China
Vrijeme pridruživanja: veljača 2016.

Tweetovi

Blokirali ste korisnika/cu @pyn3rd

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pyn3rd

  1. 2. velj

    -2020-7799 FusionAuth RCE via Apache Freemarker Template

    Poništi
  2. proslijedio/la je Tweet
    20. sij

    CVE-2020-2655: TLS/DTLS client authentication bypass in Java 11 & 13 (JSSE) Details & PoC

    Prikaži ovu nit
    Poništi
  3. 20. sij

    -2020-5398 Reflected File Download Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application

    Poništi
  4. 16. sij

    Please take care of your Weblogic Server, cause the Oracle Critical Patch is only released for 12.2.1.4, other versions are unprotected until Jan. 31.

    Poništi
  5. 16. sij

    -2020-2551 Weblogic RCE via iiop protocol, funny bug:D

    Poništi
  6. 16. sij

    Which IDE do you use now?

    Poništi
  7. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  8. 11. sij

    If looking back for the old vulnerabilities, I will obtain new knowledge, as you know, some vulnerability in past time not a critical one ,even it should not be called “vulnerability”, but someday maybe it will be renascent. : D

    Poništi
  9. 10. sij

    About CVE-2019-12086, jackson-databind read arbitrary local files, at that time, I only use the gadget [com.mysql.cj.jdbc.admin.MiniAdmin] to read arbitrary local file of the target, but now it can be made a remote code execution.: )

    Poništi
  10. 10. sij

    JDBC Unserialization RCE, when target using mysql-connector-java-8.0.x which I posted yesterday, the trigger is [queryInterceptors]. However when mysql-connector-java-5.1.x in the CLASSPATH, [statementInterceptors] can be a trigger.

    Poništi
  11. 9. sij

    Spring Boot + SnakeYmal unserialization RCE, old but good.

    Poništi
  12. 9. sij

    MySQL-JDBC unserialization RCE, disclosed in BlackHat Europe 2019.The attack controls the target to connect an evil MySQL Server, make it unserialize the evil Java Serialized Stream.Nice work!

    Poništi
  13. 8. sij

    Apache AXIS RCE with freemakerService, old but good.

    Poništi
  14. 31. pro 2019.

    The first shot in 2020, Apereo CAS 4.2.1 RCE, old but good, some guys ought to say it’s a backdoor.Happy new year and have fun! :D

    Poništi
  15. 31. pro 2019.

    Today is the last day of 2019, one decade is vanished, another decade is on the way, next year keep on popping up Calculator : D

    Poništi
  16. 30. pro 2019.
    Poništi
  17. 26. pro 2019.
    Poništi
  18. 24. pro 2019.

    -2019-17571 Apache Log4j 1.2.x RCE via Socket Server Deserialization

    Poništi
  19. 10. pro 2019.

    An ancient Struts2 RCE vulnerability, CVE-2012-1592, the statement was updated by RedHat several days ago.

    Poništi
  20. proslijedio/la je Tweet
    5. pro 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·