热点概要:WordPress Core <= 4.7.4全版本密码重置漏洞(0day)、WordPress <4.7.1 远程代码执行漏洞(非插件无需认证,附Poc,演示视频)、Pwning PHP mail() function For Fun And RCE 、bug bounty – 绕过限制劫持Skype账号、PHPCMS V9.6.1 任意文件读取漏洞分析(含PoC,已有补丁)
资讯类:
不要轻易点击您刚刚收到您的电子邮件中的Google文档链接,防止钓鱼
http://thehackernews.com/2017/05/google-docs-phishing-email.html
技术类:
WordPress Core <= 4.7.4全版本密码重置漏洞(0day)
https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
WordPress <4.7.1 远程代码执行漏洞(非插件无需认证,附Poc,演示视频)
https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
Pwning PHP mail() function For Fun And RCE
https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html
为什么mail函数在php中是危险的?
https://www.ripstech.com/blog/2017/why-mail-is-dangerous-in-php/
bug bounty – 绕过限制劫持Skype账号
http://blog.csdn.net/u011721501/article/details/71107858
Mirai, BrickerBot, Hajime攻击一个共同的IoT设备
https://securingtomorrow.mcafee.com/mcafee-labs/mirai-brickerbot-hajime-attack-common-iot-weakness
Reverse Engineering of Xbox Security Method 3
http://oct0xor.github.io/2017/05/03/xsm3/
针对KONNI恶意软件的分析
http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
CVE-2017-0563:Google Nexus 9 Cypress传感器固件可以通过I2C总线的方式注入
https://alephsecurity.com/vulns/aleph-2017009
通过Task Scheduler绕过UAC
https://pentestlab.blog/2017/05/03/uac-bypass-task-scheduler/
GDB 插件pwndbg
https://github.com/pwndbg/pwndbg
PHPCMS V9.6.1 任意文件读取漏洞分析(含PoC,已有补丁)
http://bobao.360.cn/learning/detail/3805.html
Fastjson Unserialize Vulnerability Write Up
https://ricterz.me/posts/Fastjson%20Unserialize%20Vulnerability%20Write%20Up
The slides of BFH2017 漏洞分析与利用培训课程 PPT