Public number article collection -2020 collation review

The public account has been operating for nearly a year, which is to record personal work records and share. I am also relatively Buddhist, so I think it is necessary to send. Recently, I sorted out the relevant public account tweets in the past year (and sorted out the relevant articles).

I. Vulnerability recurrence (original)

Cve-2020-13942 (Apache Unomi Remote Code Execution Vulnerability) reappears

Mp.weixin.qq.com/s/fQSRXk9Fi…

2. Cve-2020-9484 (Tomcat Cluster Sync-session) is displayed again

Mp.weixin.qq.com/s/z5Lo93UXP…

Axis1.4 Remote command execution (CVE-2019-0227) reappears

Mp.weixin.qq.com/s/9gnCHYcyg…

Apache Flink unauthorized access – Remote code command execution – replay

Mp.weixin.qq.com/s/aomCajnZV…

5, CVE-2020-8209 (Citrix Endpoint Management arbitrary file read)

Mp.weixin.qq.com/s/EiPdSw9d7…

Thinkadmin v6 Arbitrary file read vulnerability (CVE-2020-25540) reappears

Mp.weixin.qq.com/s/Gr5yE1GKS…

7, Pagoda server panel vulnerability – unauthorized access

Mp.weixin.qq.com/s/QVhaN7BRu…

8. Multiple 0day vulnerabilities of Tongda OA reappear

Mp.weixin.qq.com/s/oueVB5ztL…

9. Access OA V11.6- Delete the authentication file getShell reappear

Mp.weixin.qq.com/s/QCN209oNb…

10. The login vulnerability of any user at the front desk of Tongda OA reappears

Mp.weixin.qq.com/s/mY07eR6On…

11. Recurrence of login vulnerability of any user at the front desk of Tongda OA (update the process of obtaining cookies manually)

Mp.weixin.qq.com/s/P-LC0fosK…

12. The execution vulnerability of Tongda OA- command reappears

Mp.weixin.qq.com/s/w24wBsOR7…

Deep convinced EDR terminal detection platform – recurrence of any user login vulnerability

Mp.weixin.qq.com/s/oqEhMCWdf…

14, deeply convinced EDR terminal detection platform -RCE vulnerability recurrence

Mp.weixin.qq.com/s/KVhd7ifku…

CISCO ASA Arbitrary File Read Vulnerability reappears (CVE-2020-3452)

Mp.weixin.qq.com/s/i_x7gx_Vr…

16. Cve-2020-5902 (BIG-IP RCE) reappears

Mp.weixin.qq.com/s/twTCflFpx…

Saltstack CVE-2020-11651 and CVE-2020-11652 reappear

Mp.weixin.qq.com/s/ks9nCbVB-…

Fastjson1.2.47 deserialization vulnerability reappears

Mp.weixin.qq.com/s/69NCDDSaa…

19. PHP IMAP Remote command execution Vulnerability (CVE-2018-19518) reappears

Mp.weixin.qq.com/s/4ClmkKeT3…

Php-fpm (CVE-2019-11043) vulnerability reappears

Mp.weixin.qq.com/s/4giXc5mLu…

21, JoomlaRCE Remote code execution -CVE-2020-11890-10238-10239(three) reoccur

Mp.weixin.qq.com/s/siQrh0Zjb…

22. Joomla-3.4.6 Remote Code execution replay

Mp.weixin.qq.com/s/FYUMWy74l…

Cve-2020-7471 -Django SQL Injection vulnerability reappears

Mp.weixin.qq.com/s/CT5vM63UR…

Nexus Repository Manager OSS Pro EL expression remote code execution CVE-2020-10199_10204

Mp.weixin.qq.com/s/n-_tXXrGy…

Nexus Repository Manager 3 Remote Command Execution Vulnerability (CVE-2019-7238) reappears

Mp.weixin.qq.com/s/0FEu1-CKb…

26. Git certificate leakage vulnerability (CVE-2020-5260) reappears

Mp.weixin.qq.com/s/SP0SwK9e7…

27. Draytek Enterprise Network Device Command Injection Replay (CVE-2020-8515)

Mp.weixin.qq.com/s/exz2utSbA…

28. WebLogic deserialization vulnerability (CVE-2019-2890) reappears

Mp.weixin.qq.com/s/Ya9jCaPa2…

29, Jenkins-CI Remote Code Execution Vulnerability (CVE-2017-1000353) project encountered other methods of reoccurrence

Mp.weixin.qq.com/s/cNYqAXGaJ…

30, Yonyou GRP-U8 injection -RCE vulnerability recurrence

Mp.weixin.qq.com/s/0QRywDw5I…

(CVE-2020-17530) Struts2 S2-061 Remote Command Execution Vulnerability Reoccurrence

Mp.weixin.qq.com/s/KyOTJtRvU…

32. (CVE-2020-7961)Liferay Portal RCE deserialization command Execution Vulnerability

Mp.weixin.qq.com/s/Jni6hoqMV…

SaltStack Shell injection (CVE-2020-16846) vulnerability reappears

Mp.weixin.qq.com/s/NEeGbPM2A…

PHPMailer remote command execution vulnerability reappears

Mp.weixin.qq.com/s/iYUGj-iOO…

Ii. Code Audit Learning Record (original)

1. Jsp mining (1)- environment building

Mp.weixin.qq.com/s/cOVmceXUh…

2. Jsp mining (2)- SQL injection and protection

Mp.weixin.qq.com/s/ee7_IOGmj…

3. Jsp mining (3)-XSS vulnerability and protection

Mp.weixin.qq.com/s/M-o2tl78k…

Jsp mining (4)- build your own Jsp defense code

Mp.weixin.qq.com/s/Hv1vSUCJD…

5. Jsp mining (5)-OWASP Webgoat Vulnerability platform

Mp.weixin.qq.com/s/wnFfRmYw6…

Jsp mining (6)- Jsp command execution vulnerability

Mp.weixin.qq.com/s/6it0sMCS3…

Jsp mining (7)- Jsp upload vulnerability

Mp.weixin.qq.com/s/u5A-z7hTe…

Jsp mining (8)- Jsp thread safety

Mp.weixin.qq.com/s/kwH7cRkES…

9, vulnerability code debugging (I): STRTUS2-048 code analysis debugging -(CVE-2017-9791)

Mp.weixin.qq.com/s/rknk46VxX…

10. Vulnerability code debugging (II):Strtus2-001 code analysis and debugging

Mp.weixin.qq.com/s/001phESFH…

Java Development & Python Scripting & others (original)

1. Java ThelostWorld DBcrack development (I)

Mp.weixin.qq.com/s/IcqBDhILA…

2, Java POI parsing Word extract data stored in Excel

Mp.weixin.qq.com/s/4ieaida3L…

Java crawler & HTML Parsing -Jsoup(Green Alliance Aurora Report)

Mp.weixin.qq.com/s/4cRkEB1p9…

4,The java-list collection removes the implementation of duplicate objects

Mp.weixin.qq.com/s/LTzBXbV5F…

5, 【 programming 】Python -nmap scan parameters (1)

Mp.weixin.qq.com/s/5pVUm0Jgb…

6. Hydra is configured with oracle scan blasting module

Mp.weixin.qq.com/s/1dvOL47Uu…

7. Vim organizes learning notes

Mp.weixin.qq.com/s/tTkVZPXbb…

8. Hfish honey pot construction (docker&ubuntu)

Mp.weixin.qq.com/s/StHxdrmkR…

4. CTF target (reproduced)

1. Solution idea of DC-1 target machine

2. Solution idea of DC-2 target aircraft

3. Solution idea of DC-3 target aircraft

4. Solution idea of DC-4 target aircraft

5. Dc-5 target aircraft

6. Dc-6 target aircraft

7. Solution idea of DC-7 target aircraft

8. Solution idea of DC-8 target aircraft

Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!

Disclaimer: Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please indicate the source.

Subscribe for more revisited articles and study notes

thelostworld

Safe road, side by side with you ！！！！

Personal knowledge: www.zhihu.com/people/fu-w…

Brief personal book: www.jianshu.com/u/bf0e38a8d…

Personal CSDN: blog.csdn.net/qq_37602797…

Personal blog garden: www.cnblogs.com/thelostworl…

FREEBUF homepage: www.freebuf.com/author/thel…

Welcome to add the author of this public account to communicate on wechat. Please note the “public account” when adding.

Public number article collection -2020 collation review

Related Posts

What is a Bloom filter?!

Test platform series (3) adds logs to Hello World

LSSVM prediction Based on whale optimization algorithm LSSVM data prediction MATLAB source code