Sabitlenmiş Tweet
昨天文章发出后访问量太大,导致阿里云oss不断告警欠费,因此干脆关了博客,文章开源至github:github.com/W01fh4cker/Lea…
中文
W01fh4cker
351 posts
W01fh4cker retweetledi
[2]After our failed competition, we headed to Apple Store and bought the mbp m5 and spent less than half an hour to set it up and found a fixed offset is changed 1 bit on it, so we just change 1 bit on our exp and it worked with a 100% success rate. Yes just 1 bit change, 1 to 2.
TrendAI Zero Day Initiative@thezdi
Unfortunately, Tao Yan & Edouard Bochin of Palo Alto Networks could not get their exploit of Apple Safari – Renderer Only working within the time allotted. #Pwn2Own #P2OBerlin
English
W01fh4cker retweetledi
@bestswngs @Y4tacker 尝试用evil-opencode+gpt5.2分析coldfusion,把diff丢给它让它写poc,直接拒绝了🌚有没有好的解决办法哇
中文
看到 @Y4tacker 用他的Agent 复现了一下 CVE-2025-67303
我也尝试用了一下 github.com/WinMin/evil-op… 进行了简单复现,从环境搭建到漏洞分析和 PoC 编写全由 evil-opencode 和GLM4.7 完成, 中间人为接管了一次。
去除了LLM guarded (opencode 内置了防火墙提示词: raw.githubusercontent.com/sst/opencode/r…
中文
@SimoKohonen Your computer allows authorized users to execute commands.👏
English
W01fh4cker retweetledi
My research regarding .NET Framework HTTP client proxies and WSDL imports just dropped.
Long story short: those proxies can be forced to write HTTP body to the local files, instead of sending them over HTTP. Leads to shells 😅
watchTowr@watchtowrcyber
Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions. Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances. labs.watchtowr.com/soapwn-pwning-…
English
终于看到了一个非AI生成CVE-2025-55182的PoC,感兴趣的大家可以去试试🧐
Github地址:github.com/msanft/CVE-202…
真实场景下,利用应该是不带回显的,带命令执行结果的应该都是AI生成的测试😂
Moritz Sanft@stdoutput
Full RCE PoC is now live @ github.com/msanft/CVE-202… Credit goes to @maple3142. Great job! Brilliant idea for the root reference. Felt like a CTF challenge indeed. Writing the full breakdown now.
中文
W01fh4cker retweetledi
My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc @FearsOff
English
W01fh4cker retweetledi
This was hella fun, together with my colleague Jake (@inkmoro) we worked on this target, chaining pre-auth XXE(s) that allowed for limited file read to leak the plain-text admin password! After that, a post-auth command injection for RCE as NT SYSTEM (^_^)
watchTowr@watchtowrcyber
Back in December, we disclosed numerous vulnerabilities to SysAid (who struggle to use email, it seems..) - eventually building a full pre-auth RCE chain. Join us on yet another journey..... labs.watchtowr.com/sysowned-your-…
English
wait a minute
John Hammond@_JohnHammond
Some confusion I've seen on CVE-2025-30406, where seemingly "patched" hosts (upgraded to the latest version 16.4.10315.56368 or 16.4.10317.56372) are still exploited. The core of this vulnerability is the hardcoded machineKey values that lead to the typical ASP ViewState deserialization and remote code execution. At least at the time of this post, I've seen the official Gladinet release page offer these download options for both CentreStack and Triofox: 1. ✅ "Express Web Installer" that includes a GUI tool exe that DOES properly change the machineKey values. 2. ❌ "Package for Manual Upgrade" that is a ZIP archive with new files and instructions to copy the files and overwrite the installation directory. The files and instructions do NOT properly change the machineKey values, and leaves the server vulnerable. 3. ✅ "Standalone ISO Package" that include a GUI tool exe for a fresh install that DOES properly change the machineKey values If you "patched" via the 2nd link and manual upgrade, the server is likely still vulnerable. With that route, a host "upgraded to the latest version" can still be exploited. For what it's worth, our @HuntressLabs blog post from last week includes easy copy-paste PowerShell to test if the machineKeys are properly changed, and mitigate & change the machineKeys to speedrun a proper patch. 👀 huntress.com/blog/cve-2025-…
English
wh1t3p1g/tabby in .NET vulnerability?🤩
trustedsec.com/blog/discoveri…
English
@HLTVorg Sick kaze, sick Summer, sick somebody, sick ChildKing, sick L1haNg, lets fucking go! Send them home!
English
Rare Atom secure home Major berth in Shanghai hltv.org/news/40245/rar…
Română
🔥💀After 40 hours of constant reversing of weird looking c++ and no sleep, I Finally cooked the
CVE-2024-47575 fortimanager unauthenticated RCE 🩸
watchTowr@watchtowrcyber
we’re back, and despite all the buzz about FortiManager - the saga is about to continue. Please, remove this from the Internet *even if fully patched* speak soon.
English