Jumpserver -(CVE-2023-42820)
Jumpserver随机数种子泄露导致账户劫持漏洞(CVE-2023-42820) 靶场环境: vulhub 在其3.6.4及以下版本中,存在一处账户接管漏洞。攻击者通过第三方库django-simple-captcha泄露的随机数种子推算出找回密码时的用户Token,最终修改用户密码。 复现 点击
Kubernetes Goat 16 - RBAC least privileges misconfiguration
categories: [] date: '2023-10-31T15:05:46.254047+08:00' tags: [] title: Kubernetes Goat 16 - RBAC least privileges misconfiguration updated: 2023-10-3
Kubernetes Goat 17 & 18 & 19 & 20
categories: [] date: '2023-10-31T15:11:52.381454+08:00' tags: [] title: Kubernetes Goat 17 & 18 & 19 & 20 updated: 2023-10-31T15:11:52.74+8:0 KubeAudi
Kubernetes Goat 08 & 09 & 10
categories: [] date: '2023-10-30T15:05:01.546413+08:00' tags: [] title: Kubernetes Goat 08 & 09 & 10 updated: 2023-10-30T15:26:37.653+8:0 08:NodePort
Kubernetes Goat 15 - Hidden in layers
categories: [] date: '2023-10-30T17:27:18.805137+08:00' tags: [] title: Kubernetes Goat 15 - Hidden in layers updated: 2023-10-30T17:27:18.416+8:0 Hid
Kubernetes Goat 11 -
categories: [] date: '2023-10-30T15:46:04.128311+08:00' tags: [] title: Kubernetes Goat 11 - Kubernetes namespaces bypass updated: 2023-10-30T15:57:22
Kubernetes Goat 12 & 13 & 14
categories: [] date: '2023-10-30T16:10:18.450067+08:00' tags: [] title: Kubernetes Goat 12 & 13 & 14 updated: 2023-10-30T16:10:18.114+8:0 12: Gaining
Kubernetes Goat 03 - SSRF in the Kubernetes (K8S) world
categories: [] date: '2023-10-28T14:27:50.621257+08:00' tags: [] title: Kubernetes Goat 03 - SSRF in the Kubernetes (K8S) world updated: 2023-10-28T14
Kubernetes Goat 04 - Container escape to the host system
categories: [] date: '2023-10-28T15:15:52.766760+08:00' tags: [] title: Kubernetes Goat 04 - Container escape to the host system updated: 2023-10-28T1