I moved back to the school yesterday, and all kinds of articles used in the university for four years were packed with only two large cartons. After a while, the scene of opening the dormitory door with my parents carrying luggage four years ago can still clearly emerge in my mind, but it is time to leave. This period of time is always a little sad and reluctant. After work, I lay in bed and looked back on the four years of college. Some fragments were unforgettable for a long time, and I always thought it was necessary to sum up. So there is now. The last time I sat next to the empty desk in my bedroom and wrote words, I may not have any logic.
XSStrike may be the most advanced XSS scanner in the current open source projects. Reading such an excellent project, we can learn a lot of valuable experience in XSS automatic detection methods and project development.
Recently, for some reasons, I started to contact Golang reverse. It has to be said that the reverse analysis of Golang is much simpler than expected. Thank @ Ch1p sauce for its tireless guidance in this process. This article is mainly used to record some language/Golang compiler related features in Golang reverse, which will be updated continuously according to the features I encounter. Because the program used for analysis in the example is a small project written by myself that is not disclosed temporarily, I'm sorry, but this article has temporarily encrypted~
This article was first published by security passengers This hole is the 0day of arbitrary code execution on the front desk of Thinkcmf X that was dug up when Qiang Wang Cup did a real world question called yxtcms offline this year (after the game, I asked other teams mostly combined the characteristics of this question and the cache getshell of tp3, and could not be killed). At that time, the perception of the impact was limited, and I didn't care about it. The day before yesterday, I saw someone else sent it, But it's very general. Let me send a slightly more detailed analysis.
The article was first published in the Prophet Community: https://xz.aliyun.com/t/4688 Preface: I finished typing TCTF last week, and now I have time to sort out Write Up. There are only two questions in the Web direction, one of which is Java, which I can do nothing about so far, and the other is WallBreaker Easy. Without saying much, start to reappear:
This is a Hugo article encryption tool
This article is first published by security passengers: https://www.anquanke.com/post/id/170756 Foreword: The last article mentioned that Typora, which I dug from the output point through black box testing, can lead to XSS of remote command execution, and analyzed the cause of the vulnerability. Today, let's talk about the other two XSS I dug from the code.
The article was first published in the security guest: https://www.anquanke.com/post/id/170665 Foreword: In December last year, I saw an article on Zhihu titled How to Implement Remote Command Execution on Typora Editor, This is about the completion of command execution. The end user only needs to open the malicious document constructed by the attacker to be attacked. This article makes me very scared, because I usually use Typora to write Markdown documents, and many friends around me are also loyal users of Typora. So I decided to dig deeper to see if Typora has other vulnerabilities. So after finishing the final exam and preparing for the Hgame, I also found three Typora XSS vulnerabilities in two days, which can also cause RCE. Typora officially released two security updates for this purpose in two days. As of now (2019.2.4), the last vulnerability has not been repaired. Here we mainly share the process and vulnerability analysis of the three vulnerabilities I discovered.
Foreword: The homework of a water lesson recently was a ctf web topic, but most of the students had never learned php, let alone configuring the server. So I wondered if I could take the opportunity to make a wave of extra money for the benefit of the students, (in fact, I wanted to toss around). So I plan to divide my own vps into virtual spaces for everyone to use. However, the security of general virtual space is difficult to be guaranteed. If one space fails, other users may suffer, that is, stand by attacks. What's more, our virtual space is used for ctf web topics, so people can't easily get the flags of all topics by creating one topic. So I came up with the idea of using Docker to build a secure virtual space. I encountered many problems during this process. The following is the process of tossing and turning.
Preliminary exploration:
