Tencent Security Xuanwu Lab Daily News
• [Vulnerability] GitHub - 0xf4n9x/CVE-2023-0669: CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.:
https://github.com/0xf4n9x/CVE-2023-0669
・ GoAnywhere MFT反序列化漏洞(CVE-2023-0669)利用工具
– P4nda
• Shadowsocks 重定向攻击:
https://www.freebuf.com/articles/blockchain-articles/357051.html
・ 复现和分析2020年发现的Shadowsocks 重定向漏洞,利用已知明文攻击可能造成中间人攻击
– xmzyshypnc
• Vulns1002 04 UAF ð¥·CVE-2020-29661ðâï¸ 03 Exploit:
https://www.youtube.com/watch?v=96f8H48d-y8
・ Linux tty子系统UAF漏洞(CVE-2020-29661)详情与利用思路
– P4nda
• Firefly: a smart black-box fuzzer for web applications testing - Global Bug Bounty Platform:
https://blog.yeswehack.com/yeswerhackers/firefly-smart-black-box-fuzzer-web-applications/
・ Web 应用黑盒模糊测试工具 Firefly
– WireFish
• [Malware] Phylum Discovers Revived Crypto Wallet Address Replacement Attack:
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
・ 替换剪贴板中钱包地址的恶意软件再次活跃,使用了新的混淆方法。
– keenan
• mast1c0re: Introduction – Exploiting the PS4 and PS5 through a game save:
https://mccaulay.co.uk/mast1c0re-introduction-exploiting-the-ps4-and-ps5-through-a-gamesave/
・ PS4和PS5上的漏洞利用过程:修改游戏存档文件,利用栈溢出漏洞实现shellcode执行,利用越界写漏洞逃逸emulator。
– keenan
• Helping secure BNB Chain through responsible disclosure:
https://jumpcrypto.com/helping-secure-bnb-chain-through-responsible-disclosure/
・ BNB Beacon Chain 无限铸币漏洞
– WireFish
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab