记录阅读过的一些安全漏洞分析的文章或者论文。
- Smashing the state machine:the true potential of web race conditions
- PHP FILTER CHAINS: FILE READ FROM ERROR-BASED ORACLE
- SMTP Smuggling - Spoofing E-Mails Worldwide
- Exploiting HTTP Parsers Inconsistencies
- Three New Attacks Against JSON Web Tokens
- HTTP Request Splitting vulnerabilities exploitation
- More Haste, Less Speed: Cache Related Security Threats in Continuous Integration Services
- Devfile file write vulnerability in GitLab
- An Exploration of JSON Interoperability Vulnerabilities
- CVE-2024-32002 Git 远程代码执行漏洞分析
- Modern WAF Bypass Techniques on Large Attack Surfaces
- h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
- Smudged Fingerprints: Characterizing and Improving the Performance of Web Application Fingerprinting
- MongoDB NoSQL Injection with Aggregation Pipelines
-
eBPF’s Abilities and Limitations: The Truth
-
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities
-
Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS
-
TrustSketch: Trustworthy Sketch-based Telemetry on Cloud Hosts
-
Untangle: Multi-Layer Web Server Fingerprinting
-
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences
-
SoK: State of the Krawlers – Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements