Aggregator

RASP检测能力提升的思考与实践

RASP安全技术
1 year 3 months ago
这里讲讲RASP目前的防护能力与检测思路,开文先讲述整体架构,后面挑一些重点讲讲,包括其中的部分防护策略以及目前的性能情况、运营中遇到的问题。

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Ransomware – Krebs on Security
1 year 3 months ago
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.
BrianKrebs

苹果cms后台特定情况getshell

90Sec - 专注于网络空间安全
1 year 3 months ago

苹果cms 更新日期2023年9月11日
未授权访问暴露网站根目录
/application/data/update/database.php
/extend/qiniu/src/Qiniu/functions.php
/vendor/karsonzhang/fastadmin-addons/src/common.php
/vendor/topthink/think-captcha/src/helper.php
/vendor/topthink/think-image/tests/autoload.php
/vendor/topthink/think-image/tests/CropTest.php
/vendor/topthink/think-image/tests/FlipTest.php
/vendor/topthink/think-image/tests/InfoTest.php
/vendor/topthink/think-image/tests/RotateTest.php
/vendor/topthink/think-image/tests/TestCase.php
/vendor/topthink/think-image/tests/TextTest.php
/vendor/topthink/think-image/tests/ThumbTest.php
/vendor/topthink/think-image/tests/WaterTest.php
/vendor/topthink/think-queue/src/common.php


特定条件获取服务器权限
此处功能有被利用的风险,获取服务器权限服务器。配合上一个条件在特定情况下可以达到

此功能似乎没起查询作用,查看源码

此处过滤了 select 所以正常语句查询被置空,导致代码显示成功,实际并没有执行,暂时不理解开发如何思考的逻辑开发这个功能

但是代码不够完善,可以利用mysql特性
注释/**/select 为开头绕过该匹配规则 ,进而执行Db::execute()
Sql注入如下


getShell如下





以上getShell是满足以下条件的假设

  1. 后台登录密码比较弱
  2. 数据库账号权限较高

免责申明
本文档仅供参考学习交流,请勿用于非法途径!否则后果自负。

1 个帖子 - 1 位参与者

阅读完整话题

who_where_what

Managed ad