404 English Paper

Author：Knownsec 404 Team Chinese Version: https://paper.seebug.org/346/ 1. Background Apache ActiveMQ is an open source Message-oriented middleware written in Java. Eclipse Jetty is a Java HT...

Author：w7ay@Knownsec 404 Team Time: November 20, 2019 Chinese version: https://paper.seebug.org/1078/ QL is an object-oriented query language used to retrieve data from relational database...

Author：Longofo@Knownsec 404 Team Time: October 16, 2019 This vulnerability is similar to several XXE vulnerabilities submitted by @Matthias Kaiser before, and EJBTaglibDescriptor should be the ...

Author：LoRexxar'@Knownsec 404 Team Chinese version: https://paper.seebug.org/1063/ In Real World CTF 2019 Quals, Andrew Danau, a security researcher, found that when the %0a symbol was sent to t...

Author：mengchen@Knownsec 404 Team Chinese version: https://paper.seebug.org/1048/ 1. Introduction I recently studied BlackHat's topic, and one of the topics - "HTTP Desync Attacks: Smashing into...

Author：Longofo@Knownsec 404 Team Time: September 4, 2019 Chinese version: https://paper.seebug.org/1034/ Origin I first learned about this tool through @Badcode, which was putted forward in an t...

Author：SungLin @ Knownsec 404 Team Date：2019/09/18 Chinese Version: https://paper.seebug.org/1035/ 0x00 Channel Creation, Connection and Release The channel's data packet is defined in the MCS Conn...

Author: Hcamael@Knownsec 404 Team Chinese Version: https://paper.seebug.org/479/ After I posted my last paper Exim UAF Vulnerability Analysis, I got some inspiration from @orange an...

Author: Badcode@Knownsec 404 Team Date: 2019/08/29 Chinese Version: https://paper.seebug.org/1025/ 1 Foreword In the afternoon @fnmsd sent me a Confluence warning. I studied this p...