代码审计 - 分类 - Y4er的博客

代码审计

2023

CVE-2023-28432 Minio信息泄露导致RCE 03-24

CVE-2023-27532 Veeam Backup & Replication leaked credentials 03-17

DongTai IAST 实现分析 02-24

Apache Geode/VMware GemFire Deserialize RCE 02-17

GoAnywhere 未授权反序列化RCE 02-06

Java静态分析框架Tai-e的简单使用 01-18

dotnet host startup hook 01-03

2022

CVE-2022-43781 Bitbucket Server & Data Center 环境变量注入导致RCE 11-28

ZK框架权限绕过导致R1Soft RCE并接管Agent 11-17

对ZDI公布的InfraSuite Device Master一揽子漏洞的分析 11-08

CVE-2022-41828 Amazon Redshift JDBC Driver RCE 10-28

CVE-2022-42889 Apache Commons Text RCE (Text4Shell) 10-13

fastjson 1.2.80 漏洞分析 09-20

Doop学习 part 1 09-08

ByteCodeDL 学习 09-01

CVE-2022-36923 ManageEngine OpManager getUserAPIKey Authentication Bypass 09-01

网鼎杯2022 BadBean Hessian2反序列化 08-27

Tomcat Upgrade Memshell 08-24

CVE-2022-22955 VMware Workspace ONE Access OAuth2TokenResourceController Auth Bypass 08-14

CVE-2022-31656 VMware Workspace ONE Access UrlRewriteFilter 权限绕过 08-14

1
2
3
4
7