Con của bạn tôi dùng Zalo

⚠ Lưu ý: Đây không phải là một lỗi bảo mật của Zalo. Từ khi thấy tôi được lên báo vì hack vào mấy website bên Mỹ, bạn bè tôi rất hay nhờ tôi hack hộ cái gì đấy. Nhờ hack Facebook thì lại quá tầm thường, có đứa tự nhiên một hôm đẹp trời… Continue reading Con của bạn tôi dùng Zalo

Published
Categorized as None

Leaking issues from linked Jira – Atlassian Confluence Server

Application Links (sometimes called “app links”) is a bundled app that allows you to set up links, share information, and provide access to certain resources or functionality across multiple Atlassian products. Linking Confluence to other applications allows you to include information from those applications in pages or blogs that you create in Confluence. For example,… Continue reading Leaking issues from linked Jira – Atlassian Confluence Server

CSRF Protection Bypass – Atlassian Confluence Server

The Server version of Atlassian Confluence comes with a built-in plugin named applinks-cors, with the following declaration in file atlassian-plugin.xml: The CorsFilter class is implemented as below: As we can see from the code, for all requests to URLs that match the defined patterns, Access-Control-Allow-Origin (ACAO) and Access-Control-Allow-Credentials (ACAC) headers will be added to the… Continue reading CSRF Protection Bypass – Atlassian Confluence Server

RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)

Two years ago, Progress released a security advisory about a cryptographic weakness issue in Telerik UI for ASP.NET AJAX components that can result in an arbitrary file upload, allowing unauthenticated attackers to compromise vulnerable websites via uploading a webshell. CMSes that use the component, such as DotNetNuke, Sitefinity, are also affected. While the issue is… Continue reading RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)