Starbucks: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

@geek_jeremy, at the same time as other hackers who submitted their own reports, discovered a browsable WSDL service on an API endpoint under the starbucks.com.cn domain, running on a non-standard por ...

Continue Reading
ReadyAPI 2.5.0 2.6.0 – Remote Code Execution

ReadyAPI 2.5.0 2.6.0 - Remote Code ExecutionRead More ...

Continue Reading
ReadyAPI 2.5.0 / 2.6.0 Remote Code Execution

Post ContentRead More ...

Continue Reading
ReadyAPI 2.5.0 / 2.6.0 – Remote Code Execution Exploit

Exploit for multiple platform in category web applicationsRead More ...

Continue Reading
ReadyAPI 2.5.0 / 2.6.0 – Remote Code Execution

Post ContentRead More ...

Continue Reading
CVE-2018-20580

The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.Read More ...

Continue Reading
??????HTTP?.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net

One, overview In the NCC Group and most recent safety assessment, ??????.NET v2. 0 app, ???????.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of ...

Continue Reading
MTN Group: SharePoint exposed web services in a subdomain

Hi there I found a subdomain that is sharepoint configuration is poorly implemented Because of improper configuration an anonymous user can access to the SharePoint Web Services. POC: Go to the follow ...

Continue Reading

Back to Main

Subscribe for the latest news: