Suanve - Blog
https://susec.me/icon.png
2022-06-23T01:48:01.897Z
https://susec.me/
Suanve
Hexo
时空智友企业信息管理 V11.0 文件上传漏洞
https://susec.me/2022/06/23/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8B%E4%BC%81%E4%B8%9A%E4%BF%A1%E6%81%AF%E7%AE%A1%E7%90%86-V11-0-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E/
2022-06-23T01:44:26.000Z
2022-06-23T01:48:01.897Z
Here's something encrypted, password is required to continue reading.
一次php代码审计(复习)
https://susec.me/2022/06/22/%E4%B8%80%E6%AC%A1php%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1-%E5%A4%8D%E4%B9%A0/
2022-06-22T09:06:35.000Z
2022-06-22T09:09:50.118Z
<h3 id="0x0-背景"><a href="#0x0-背景" class="headerlink" title="0x0 背景"></a>0x0 背景</h3><p>源于ciscn2022华东北赛区的一道题<code>ezphp</code></p>
舆情分析系统RCE
https://susec.me/2022/06/22/%E8%88%86%E6%83%85%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9FRCE/
2022-06-22T08:26:39.000Z
2022-06-22T08:28:08.455Z
Here's something encrypted, password is required to continue reading.
泛微9.5后台SQL注入
https://susec.me/2022/06/22/%E6%B3%9B%E5%BE%AE9-5%E5%90%8E%E5%8F%B0SQL%E6%B3%A8%E5%85%A5/
2022-06-22T08:24:15.000Z
2022-06-23T01:47:48.414Z
Here's something encrypted, password is required to continue reading.
帆软v10后台getshell
https://susec.me/2022/06/22/%E5%B8%86%E8%BD%AFv10%E5%90%8E%E5%8F%B0getshell/
2022-06-22T08:20:58.000Z
2022-06-23T01:47:46.312Z
Here's something encrypted, password is required to continue reading.
禅道后台rce_getshell思路(需配合adminer)
https://susec.me/2022/06/22/%E7%A6%85%E9%81%93%E5%90%8E%E5%8F%B0rce-getshell%E6%80%9D%E8%B7%AF-%E9%9C%80%E9%85%8D%E5%90%88adminer/
2022-06-22T08:11:24.000Z
2022-06-23T01:47:58.101Z
Here's something encrypted, password is required to continue reading.
PDO-dsn_from_uri-phar反序列化
https://susec.me/2022/05/09/PDO-dsn_from_uri-phar%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/
2022-05-09T03:41:28.000Z
2022-05-09T04:10:17.827Z
<h3 id="0x0-前言"><a href="#0x0-前言" class="headerlink" title="0x0 前言"></a>0x0 前言</h3><p>X月受邀给某春秋出题,因为没有这么多时间去研究点好玩的新技术,就随便把之前发现的phar利用点给出成了题。</p>
*CTF2022-web-writeup
https://susec.me/2022/04/18/*CTF202-lotto-writeup/
2022-04-18T02:09:05.000Z
2022-04-18T02:42:56.991Z
<p>周末看了*ctf2022的题目 web依旧没活硬整 总体打个3🌟吧<br>这里写一个我觉得还蛮有意思的<code>oh-my-lotto</code>题<br>其他题解请移步EDI安全公众号</p>
dash分析-0x0环境搭建
https://susec.me/2022/03/21/dash%E5%88%86%E6%9E%90-0x0%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/
2022-03-21T02:32:18.000Z
2022-03-21T02:34:16.100Z
<h3 id="0x0前言"><a href="#0x0前言" class="headerlink" title="0x0前言"></a>0x0前言</h3><p>虎符比赛遇到了一题极其类似p神做过的题,只是底层操作系统是Debian,无法使用p神的思路解决。</p>
<p>本着遇到了就调一调的精神 尝试了一下调试 验证p神的操作 也试着“完成p神未完成之路”</p>
<p>调试所需环境:</p>
<ol>
<li><p>Macos</p>
</li>
<li><p>CLion</p>
</li>
<li><p>Vscode</p>
</li>
</ol>
phpok6.0-前台反序列化漏洞getshell
https://susec.me/2022/03/13/phpok6-0-%E5%89%8D%E5%8F%B0%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9Egetshell/
2022-03-13T06:09:40.000Z
2022-03-13T06:11:44.286Z
<h3 id="0x0-前言"><a href="#0x0-前言" class="headerlink" title="0x0 前言"></a>0x0 前言</h3><p>这两天来杭州打西湖论剑了,一个低版本的phpok一个高版本的phpok</p>
<p>低版本nday通了 高版本一直没审计出来</p>
<p>今天上午在安恒大厦听了讲解 </p>
<p>主办方说不公开了 但是有人做出来了 互联网上很快就会有题解了。</p>
<p>看到了poc大概的样子 回合肥路上调了一下</p>
SUSCTF2022-web-writeup
https://susec.me/2022/03/01/SUSCTF2022-web-writeup/
2022-03-01T02:02:28.000Z
2022-03-01T02:30:36.586Z
<p>Auth: EDISEC Team<br>本场比赛可谓是”非预期的非预期次方”</p>
pboot cms V3.1.2 "虚假的无文件落地RCE"
https://susec.me/2021/11/22/pboot-cms-V3-1-2-%E8%99%9A%E5%81%87%E7%9A%84%E6%97%A0%E6%96%87%E4%BB%B6%E8%90%BD%E5%9C%B0RCE/
2021-11-22T03:49:14.000Z
2022-03-01T02:24:05.497Z
<p> Auth: EDI安全/suanve</p>
<h3 id="0-前言"><a href="#0-前言" class="headerlink" title="0 前言"></a>0 前言</h3><p>上次电脑送修我就买了个mini 一直用macmini 结果 本子修好以后拿回来也忘了看</p>
<p>苹果售后把我系统分区重装了 导致没有php环境 brew在macos 12上也不能正常工作 </p>
<p>这就直接导致西湖比赛的时候我vardump调试也没调出个所以然(还被大佬喷 (确实 挺简单的一个漏洞</p>
<p>今天回XX以后 调试了一下</p>
<p><img src="https://github.com/suanve/files/blob/main/image-20211121212638508.png?raw=true" alt="image-20211121212638508"></p>