Intro The exploitation of this RCE consists of two parts, one being the lack of authentication validation to h5-vsan endpoint, and another being the unsafe reflection usage in Java which then caused a JNDI injection. I was not smart enough to come up with the JDNI attack chain, but certainly learned a lot while attempting … Continue reading Learning JNDI Injection From CVE-2021-21985
About this post Maybe it’s just a coincidence, but I have been noticing a lot of SQLite Injections lately. From last year’s Pico Mini Competition, to the recent concluded Pico 2021 and Angstrom CTF, they all have some degrees of SQLite filter bypassing problems in the event. I want to take the chance and talk … Continue reading Some SQLite Injection
Follow My Blog
Get new content delivered directly to your inbox.