声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。
今日导读:Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate文件写入远程代码执行漏洞、Microsoft SharePoint Server TOCTOU ControlParameter绑定信息泄露漏洞、渗透测试中python审计0day(pgadmin4)组合拳、从小程序到服务器Shell、DOMPurify < 2.2.2 bypass等。
【病毒区】
1、A new skimmer uses WebSockets and a fake credit card form to steal sensitive data
https://blogs.akamai.com/2020/11/a-new-skimmer-uses-websockets-and-a-fake-credit-card-form-to-steal-sensitive-data.html
【漏洞分析区】
2、Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability(CVE-2020-17083) https://srcincite.io/pocs/cve-2020-17083.ps1.txt
3、Microsoft SharePoint Server TOCTOU ControlParameter Binding Information Disclosure Vulnerability(CVE-2020-17017)
https://srcincite.io/pocs/cve-2020-17017.py.txt
4、Firefox Vulnerability Research Part 2
5、Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898)
【技术分享区】
6、渗透测试中python审计0day(pgadmin4)组合拳
7、从小程序到服务器Shell
https://xz.aliyun.com/t/8489
8、From SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypass
9、Intel Converged Security and Management Engine (Intel CSME) Security White Paper
#工具#XPCSniffer will dump XPC information to a file and the console.