!

斗象未来之星就是我了

Learning JNDI Injection From CVE-2021-21985

Intro The exploitation of this RCE consists of two parts, one being the lack of authentication validation to h5-vsan endpoint, and another being the unsafe reflection usage in Java which then caused a JNDI injection. I was not smart enough to come up with the JDNI attack chain, but certainly learned a lot while attempting … Continue reading Learning JNDI Injection From CVE-2021-21985

by brandonshi123 June 4, 2021

Some SQLite Injection

About this post Maybe it’s just a coincidence, but I have been noticing a lot of SQLite Injections lately. From last year’s Pico Mini Competition, to the recent concluded Pico 2021 and Angstrom CTF, they all have some degrees of SQLite filter bypassing problems in the event. I want to take the chance and talk … Continue reading Some SQLite Injection

by brandonshi123 April 10, 2021

Follow My Blog

Get new content delivered directly to your inbox.