Vim 9.2.0321 stack-buffer-overflows Vulnerability report
Vim 9.2.0321 stack-buffer-overflows Vulnerability report Severity: Medium Affected Versions: Vim 9.2.0321 OverviewAttacker-controlled spell source files can trigger multiple stack-based buffer overflows in Vim’s spell file generation path during :mkspell. I confirmed two related vulnerabilities in spellfile.c: one in spell_read_aff() and one in store_aff_word(). Both are reachable from crafted .aff / .dic inputs, both involve attacker-controlled spell data being written into fixed-size...
FlareSolverr Server-Side Request Forgery (SSRF) Vulnerability Report
FlareSolverr Server-Side Request Forgery (SSRF) Vulnerability Report Severity: High Affected Versions: FlareSolverr ≤ v3.4.6 OverviewFlareSolverr is a proxy service designed to bypass Cloudflare protections by automating a Chrome browser. In its /v1 API, the request.get and request.post commands process user-supplied url parameters without any validation of protocol, hostname, or IP address. The application directly invokes driver.get(url) to navigate to the target URL. An attacker can...
腾讯游戏安全技术竞赛PC端初赛
...
虚仿平台
...
flare-on-12
The Flare-On Challenge 1 - DrillBabyDrill题目是python打包的exe,并给了源码,直接看py文件 找到生成flag的函数 1234567def GenerateFlagText(sum): key = sum >> 8 encoded = "\xd0\xc7\xdf\xdb\xd4\xd0\xd4\xdc\xe3\xdb\xd1\xcd\x9f\xb5\xa7\xa7\xa0\xac\xa3\xb4\x88\xaf\xa6\xaa\xbe\xa8\xe3\xa0\xbe\xff\xb1\xbc\xb9" plaintext = [] for i in range(0, len(encoded)): plaintext.append(chr(ord(encoded[i]) ^ (key+i))) return ''.join(plaintext) sum是未知量,其实可以直接爆破 1234567encoded =...
wx小程序
抓包使用yakit+proxifier可以抓包小程序 参考Yakit 配合 Proxifier 小程序抓包 | Yak Program Language 注意小程序的独立进程是 WeChatAppEx.exe,而不是 WeChat.exe 解包使用的工具:wxapkg(https://github.com/wux1an/wxapkg) wxapkg.exe scan 命令来扫描所有小程序,wxapkg.exe unpack 命令解包指定小程序 unveilr(https://github.com/junxiaqiao/unveilr-v2.0.0) npx unveilr --help命令查看使用方法 UnpackMiniApp(https://github.com/Angels-Ray/UnpackMiniApp) 小程序解密,选择__APP__.wxapkg