【2019/9/26】Road to Researcher in Security 3

f:id:NickShadows:20190926205228j:plain

Last Time
www.nicksecuritylog.com

Blog

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

blog.sucuri.net


oh,PHP template injection RCE.
I want to verify someday.
today?
tommoroww?


Bug fixed

Jenkins Security Advisory 2019-09-25

jenkins.io


Jenkins had many many XSS.
Recognized that XSS is a major vulnerability.


many many many WordPress CVE

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9442

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9443

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9444

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9445

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9446

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9448

Yeah yeah ! ? Where did it come from! ?


How is the name of CVE decided?

Tool

Server-Side Request Forgery (SSRF) vulnerable Lab

github.com


Just right!
I wanted to verify SSRF.


Japan

MOTEX CylancePROTECT

prtimes.jp


How do you use it personally?


think enginner and programmer type

otihateten.hatenablog.com


which my enginner type?
uh... love technology ?