정짱의 작은 도서관

[CVE 취약점] Microsoft SQL Server 원격 코드 실행 취약점 (CVE-2020-0618) 참조> https://github.com/pwntester/ysoserial.net> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 Poc https://www.exploit-db.com/exploits/48816 개요SQL Server Reporting Services 란? SSRS(SQL Server Reporting Services)- 웹 브라우저, 모바일 및 메일 등을 통해 자주 참조되는 보고서를 배포 및 관리하는 일련의 온-프레미스 솔루션- 표, 차트, 지도 등 다양한 시각도구 지원 Micro..

[CVE 취약점] Oracle Weblogic 원격코드 실행 취약점(CVE-2020-14882) 참조> https://www.boannews.com/media/view.asp?idx=92226> https://blog.alyac.co.kr/3341?category=750247> https://blog.csdn.net/xuandao_ahfengren/article/details/109364543> https://blog.csdn.net/weixin_45728976/article/details/109359771?utm_medium=distribute.pc_relevant.none-task-blog-title-2&spm=1001.2101.3001.4242> https://www.youtube.com/watch..

[CVE 취약점] 윈도우 서버의 Netlogon 권한상승 취약점(CVE-2020-1472) 참조> https://github.com/dirkjanm/CVE-2020-1472/blob/master/cve-2020-1472-exploit.py> https://github.com/dirkjanm/CVE-2020-1472> https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472> https://portal.msrc.microsoft.com/ko-KR/security-guidance/advisory/CVE-2020-1472> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472 ..

[CVE 취약점] Apache Struts 2 취약점(CVE-2019-0230) 참조> https://github.com/PrinceFPF/CVE-2019-0230/blob/master/CVE-2019-0230.sh> https://www.4hou.com/posts/p7m2> https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability> https://cwiki.apache.org/confluence/display/WW/S2-059> https://cwiki.apache.org/confluence/display/WW/S2-060> https://struts.apache.org/dow..

[CVE 취약점] vBulletin 원격 코드 실행 취약점 우회 취약점(CVE-2020-17496) 참조> https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed> https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/> https://blog.alyac.co.kr/3180?category=750247> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17496> https://www.exploit-db.com/exploits/48743 Poc curl -s h..

[CVE 취약점] F5사 BIG-IP 제품군의 원격코드실행 취약점(CVE-2020-5902) 참조> https://github.com/yassineaboukir/CVE-2020-5902> https://www.youtube.com/watch?v=z8zyrVlKK-Q> https://support.f5.com/csp/article/K52145254> https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35498 Poc Proof of concepthttps:///tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd https:///tmui/login...

[CVE 취약점] Apache Tomcat AJP 원격코드 실행 취약점(CVE-2020-1938) 참조> https://github.com/Kit4y/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner/blob/master/CNVD-2020-10487-Tomcat-Ajp-lfi.py> https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC/blob/master/poc.py> https://github.com/xindongzhuaizhuai/CVE-2020-1938/blob/master/CVE-2020-1938.py Poc 패킷 생성{'name': 'req_attribute', 'value': ['javax.servlet.include..

[CVE 취약점] Apache Tomcat 서비스 거부 취약점(CVE-2020-11996) 참조> http://mail-archives.us.apache.org/mod_mbox/www-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E> http://tomcat.apache.org/security-8.html> http://tomcat.apache.org/security-9.html> http://tomcat.apache.org/security-10.html> https://sarc.io/index.php/tomcat/2051-tomcat-apache-tomcat-http-2-cve-2020-11996 개요Apache ..