Y4er的博客 https://y4er.com/ Y4er的博客 Hugo -- gohugo.iozh-CNchuyusec@gmail.com (Y4er) chuyusec@gmail.com (Y4er)This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Thu, 26 Oct 2023 15:39:15 +0800 dnlib使用 https://y4er.com/posts/dnlib-usage/ Thu, 26 Oct 2023 15:39:15 +0800 Y4er https://y4er.com/posts/dnlib-usage/ Apache ActiveMQ RCE https://y4er.com/posts/apache-activemq-rce/ Thu, 26 Oct 2023 15:22:35 +0800 Y4er https://y4er.com/posts/apache-activemq-rce/ dotnet反序列化新链学习 https://y4er.com/posts/dotnet-new-gadget/ Mon, 23 Oct 2023 16:51:13 +0800 Y4er https://y4er.com/posts/dotnet-new-gadget/ @chudyPB在Hexacon 2023会议上发布了他的dotnet反序列化的研究白皮书,一个长达124页的pdf,这是我看过最强的一篇关于dotnet序列化漏洞的文章。

]]> CVE-2023-42793 JetBrains TeamCity 权限绕过 https://y4er.com/posts/cve-2023-42793-jetbrains-teamcity-auth-bypass-rce/ Tue, 26 Sep 2023 15:20:26 +0800 Y4er https://y4er.com/posts/cve-2023-42793-jetbrains-teamcity-auth-bypass-rce/ LG Simple Editor 的几个RCE漏洞 https://y4er.com/posts/lg-simple-editor-rce/ Sat, 09 Sep 2023 15:17:52 +0800 Y4er https://y4er.com/posts/lg-simple-editor-rce/ LG是一家专门搞LED的公司,旗下有一些产品,这次看的是zdi爆出来的LG Simple Editor,公网数量虽然不多,但是漏洞是未授权RCE。

https://www.zerodayinitiative.com/advisories/ZDI-23-1208/

]]> devtunnel 微软的隧道工具 https://y4er.com/posts/devtunnel-the-tunneling-tool-of-microsoft/ Fri, 01 Sep 2023 11:30:36 +0800 Y4er https://y4er.com/posts/devtunnel-the-tunneling-tool-of-microsoft/ CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization RCE https://y4er.com/posts/cve-2023-394760-inductive-automation-ignition-javaserializationcodec-deserialization-rce/ Tue, 29 Aug 2023 11:25:15 +0800 Y4er https://y4er.com/posts/cve-2023-394760-inductive-automation-ignition-javaserializationcodec-deserialization-rce/ 文章首发在先知社区 https://xz.aliyun.com/t/12813

]]> CVE-2023-2611 Advantech R-SeeNet 硬编码密码 https://y4er.com/posts/cve-2023-2611-advantech-r-seenet-hardcode/ Sat, 26 Aug 2023 11:22:48 +0800 Y4er https://y4er.com/posts/cve-2023-2611-advantech-r-seenet-hardcode/ CVE-2023-37895: Apache Jackrabbit RMI RCE https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/ Fri, 28 Jul 2023 11:11:10 +0800 Y4er https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/ CVE-2023-38646 Metabase pre-auth rce https://y4er.com/posts/cve-2023-38646-metabase-pre-auth-rce/ Wed, 26 Jul 2023 11:20:21 +0800 Y4er https://y4er.com/posts/cve-2023-38646-metabase-pre-auth-rce/