BestHub
Sign in
Tag

Vulnerability Exploitation

0 views collected around this technical thread.

Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Host headerSSRF
0 likes · 11 min read
The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)
IT Services Circle
IT Services Circle
Jul 25, 2023 · Information Security

Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels

This article explains how to combine reflected and stored cross‑site scripting attacks with same‑origin policy abuse to turn a low‑severity XSS vulnerability into a high‑severity issue, detailing discovery, exploitation steps, and a JavaScript payload that harvests user data.

Cross-Site ScriptingJavaScriptSame-Origin Policy
0 likes · 8 min read
Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels
Tencent Cloud Developer
Tencent Cloud Developer
Mar 10, 2017 · Information Security

Automated Exploitation of Common Vulnerabilities: MongoDB Ransomware, Struts2, Redis, and ElasticSearch Cases

The article shows how attackers automate mass exploitation of widely‑known flaws—scanning the Internet for open MongoDB, Redis, ElasticSearch or Struts2 services, using unauthenticated access or public PoCs to encrypt data, execute code, or build botnets, and stresses that timely patching and secure defaults are essential to stop such N‑day attacks.

ElasticsearchMongoDBRedis
0 likes · 11 min read
Automated Exploitation of Common Vulnerabilities: MongoDB Ransomware, Struts2, Redis, and ElasticSearch Cases