Trang chủ » Quản trị mạng (page 4)

Quản trị mạng

Drupalgeddon2 (CVE-2018-7600)

Drupalgeddon2 (CVE-2018-7600)

Drupal là một mã nguồn mở content management system (CMS) được sử dụng bởi hơn một triệu website trên toàn thế giới, bao gồm các trang web chính phủ, bán lẻ, các doanh nghiệp, tài chính. Tuy nhiên 28/3/2018 team ... Xem thêm »

Word-based Malware Attack

Word-based Malware Attack

A while ago, a client informed us that they were likely being attacked. We came to assist and found out the key problem was this suspicious document. It’s written in Vietnamese with a “compelling” warning that user should click on ... Xem thêm »

Further attack surface of WordPress PHAR injection

Further attack surface of Wordpress PHAR injection

Summary In August 2018, Sam Thomas presented a new vulnerability of WordPress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I ... Xem thêm »

Another attack vector of CVE-2019-6340

Another attack vector of CVE-2019-6340

Summary In February 2019, Samuel Mortenson from Drupal security team discovered a critical vulnerability in this CMS, identified as CVE-2019-6340 or SA-CORE-2019-003. This vulnerability is a kind of object injection vulnerability which my colleague mentioned in a previous research. According to the original research, this vulnerability enables ... Xem thêm »

Multiple XSS vulnerabilities in i-librarian 4.10

Multiple XSS vulnerabilities in i-librarian 4.10

CYSTACK ADVISORY ID CSA-2019-01 CVE IDS CVE-2019-11359, CVE-2019-11428, CVE-2019-11449 SEVERITY Medium Recently, we decided to find and get some CVEs assigned. When looking for a web project to audit, we came upon i-librarian 4.10, a PHP web application that has over ... Xem thêm »