Aggregator

网动统一通信平台ActiveUC代码审计分析

实战——记一次利用AI实现逆向绕过防重放、sgin值伪造，全数据包加密

当RAG赋能安全时，同时也会引入新的安全风险

最近通过某平台，抱着学习的态度下载了这套系统的源代码，随即开始对任意文件读取漏洞进行了一番审计学习，从漏洞函数关键点出发，逆向追踪其传参过程，最后定位漏洞关键点，如有描述错误请指正。

2025湖南省程序设计网络攻防线下赛部分赛题

域渗透，横向提权

简介基本知识Syzkaller 是 Google 的安全研究人员开发并维护的开源内核 Fuzz 工具，目前主要由 dvyukov 维护。它是使用 Go 语言编写的，也有少部分 C 代码，具有部署快速、使用简便的特点，同时还支持多种操作系统如：Linux、Android、Windows、openbsd、darwin 等系统。不过它支持最全面的还是 Linux 系统。众所周知内核是通过系统调用进行交互

高版本的限制decodeObject加了一个if判断绕过方法目的就是能够成功的调用NamingManager.getObjectInstance办法就是Ref.GetFactoryClassLocation() 返回空，让 ref 对象的 classFactoryLocation 属性为空，这个属性表示引用所指向对象的对应 factory 名称，对于远程代码加载而言是 codebase，即远程代码

A vulnerability, which was classified as critical, has been found in Auto Thumbnailer Plugin up to 1.0 on WordPress. This vulnerability affects the function uploadThumb. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2025-12154. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in WP-SOS-Donate Donation Sidebar Plugin up to 0.9.2 on WordPress. This affects an unknown part. The manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scripting. This vulnerability is identified as CVE-2025-13625. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in My Auctions Allegro Plugin up to 3.6.32 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument auction_id leads to sql injection. This vulnerability is referenced as CVE-2025-12850. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in Payaza Plugin up to 0.3.8 on WordPress. Affected by this vulnerability is the function wp_ajax_nopriv_update_order_status of the component AJAX Endpoint. Executing manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2025-12355. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Voidek Employee Portal Plugin up to 1.0.6 on WordPress. Affected is an unknown function. Performing manipulation results in missing authorization. This vulnerability was named CVE-2025-12093. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in EPROLO Dropshipping Plugin up to 2.3.1 on WordPress. This impacts the function wp_ajax_eprolo_delete_tracking of the component AJAX Endpoint. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-12133. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Live CSS Preview Plugin up to 2.0.0 on WordPress. This affects the function wp_ajax_frontend_save of the component AJAX Endpoint. This manipulation causes missing authorization. This vulnerability is handled as CVE-2025-12354. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Twitscription Plugin up to 0.1.1 on WordPress. The impacted element is an unknown function of the file admin.php. The manipulation of the argument PATH_INFO results in cross site scripting. This vulnerability is known as CVE-2025-13623. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Takeads Plugin up to 1.0.13 on WordPress. It has been rated as problematic. The affected element is an unknown function of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-12370. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Nouri.sh Newsletter Plugin up to 1.0.1.3 on WordPress. It has been declared as problematic. Impacted is an unknown function. Executing manipulation of the argument $_SERVER['PHP_SELF'] can lead to cross site scripting. This vulnerability appears as CVE-2025-13515. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Email Verification, Email OTP, Block Spam Email, Passwordless Login, Hide Login, Magic Login Plugin up to 2.0.39 on WordPress. It has been classified as critical. This issue affects the function user_verification_form_wrap_process_otpLogin. Performing manipulation results in improper authentication. This vulnerability is reported as CVE-2025-12374. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in My Auctions Allegro Plugin up to 3.6.32 on WordPress and classified as critical. This vulnerability affects unknown code. Such manipulation of the argument controller leads to file inclusion. This vulnerability is documented as CVE-2025-12851. The attack can be executed remotely. There is not any exploit available.