Aggregator

强网杯2024 solve2-apk-赛题解析

不安全
1 year 5 months ago
我们首先使用jeb进行分析,搜索关键词success定位到逻辑。外层函数是一个魔改tea,过了前32字节检测才能进入下一个函数进行判断。#include #include

CVE-2024-13140 | Emlog Pro up to 2.4.3 Cover Upload article.php?action=upload_cover image cross site scripting

VulDB Recent Entries
1 year 5 months ago
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. This vulnerability is traded as CVE-2024-13140. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-13139 | wangl1989 mysiteforme 1.0 FileController doContent content server-side request forgery

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The identification of this vulnerability is CVE-2024-13139. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-13138 | wangl1989 mysiteforme 1.0 LocalUploadServiceImpl upload test unrestricted upload

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. This vulnerability was named CVE-2024-13138. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-13137 | wangl1989 mysiteforme 1.0 SiteController RestResponse cross site scripting

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13137. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-13136 | wangl1989 mysiteforme 1.0 ShiroConfig.java rememberMeManager deserialization

VulDB Recent Entries
1 year 5 months ago
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-13136. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad