-
Breaking out of Safe Mode: SharePoint Edition
- Access to sensitive server resources
CVE-2020-0974:https://mp.weixin.qq.com/s/FfHc8TFUs_4H8JHWbYv3FQ
- Access to sensitive server resources
- https://www.mdsec.co.uk/2020/03/a-security-review-of-sharepoint-site-pages/ (sharepoint)
- https://speakerdeck.com/pwntester/dot-net-serialization-detecting-and-defending-vulnerable-endpoints(net反序列化)
- https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf (xml反序列化)
- https://github.com/pwntester/ysoserial.net (yso.net)
- https://i.blackhat.com/USA-20/Wednesday/us-20-Munoz-Room-For-Escape-Scribbling-Outside-The-Lines-Of-Template-Security-wp.pdf 前25页是 c#的模板SSTI
- https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf json-attack