In-Depth Analysis of HTTP Request Smuggling (HRS) Vulnerability Exploitation

1. Basics of Protocol Desynchronization (desync): Architectural Prerequisites for HRS HTTP Request Smuggling (HRS) is a protocol-level attack technique that primarily disrupts the way websites process sequences of consecutive HTTP requests. 1This vulnerability is characterized by “protocol desynchronization” rather than application logic errors, leading to potentially catastrophic consequences, such as bypassing security controls, unauthorized access … Read more

Analysis of Path Resolution Differences Between Windows and Linux Under CVE-2024-38816

Analysis of Path Resolution Differences Between Windows and Linux Under CVE-2024-38816

Introduction The payloads for the path traversal CVE-2024-38816 are primarily debugged and analyzed on the Windows platform. However, when it comes to the Linux platform, there are some differences in path handling that can lead to traversal failures. Vulnerability Location It is primarily located under the routing configuration of the website. WebConfig.class // Source code … Read more

Analysis of CVE-2020-12351: Linux Bluetooth Module DoS Vulnerability

Analysis of CVE-2020-12351: Linux Bluetooth Module DoS Vulnerability

This article is a featured article from the Kanxue Forum. Author of the Kanxue ForumID: Jimu Chutianshu 1. Vulnerability Information 1. Vulnerability Overview CVE-2020-12351 is a Bluetooth security vulnerability found by Google security researchers in the Linux kernel. The vulnerability is located in net/bluetooth/l2cap_core.c and is a heap-based type confusion vulnerability. An attacker can trigger … Read more

Analysis of Huawei HG532 Router Command Injection Vulnerability (CVE-2017-17215)

Analysis of Huawei HG532 Router Command Injection Vulnerability (CVE-2017-17215)

This article is a highlight from the Kanxue forum. Kanxue Forum Author ID: hlhow This is the author’s first analysis of an IoT device command injection vulnerability, with an architecture based on MIPS (as far as router devices are concerned, only Tenda and Netgear use ARM architecture). There are already several reproduction articles online, but … Read more

Comprehensive Guide to Kali Linux Penetration Testing: From OWASP Top 10 to Enterprise-Level Red Team Practices

Comprehensive Guide to Kali Linux Penetration Testing: From OWASP Top 10 to Enterprise-Level Red Team Practices

1. Core Value and System Features of Kali Linux Penetration Testing Kali Linux, as the benchmark operating system in the field of penetration testing, demonstrates its core value in three aspects: tool integration, coverage of testing scenarios, and legal compliance. The system comes pre-installed with over 600 specialized tools, covering 12 categories including information gathering, … Read more

CVE-2025-0566 Stack Overflow Vulnerability Reproduction on A15-MIPS Architecture

CVE-2025-0566 Stack Overflow Vulnerability Reproduction on A15-MIPS Architecture

Vulnerability Overview The wechatLoginHelper.do interface of Landray OA has an SQL injection vulnerability, allowing attackers to exploit the SQL injection to obtain information from the database (such as administrator backend passwords and user personal information). In high privilege situations, attackers can even write a trojan to the server, further gaining system permissions. Asset Mapping Search … Read more

Setting Up a Simulation Environment for IoT Vulnerability Analysis

Setting Up a Simulation Environment for IoT Vulnerability Analysis

AuthorForum Account: A-newFirst of all, I declare that I am just starting to play with IoT, learning about router firmware simulation and vulnerability reproduction. I am a beginner, mainly recording the pitfalls I have encountered. Configuring the dependency environment for running simulated firmware There are also one-click tools like FirmAE, firmware-analysis-toolkit, and firmware-analysis-plus that can … Read more

Pwndbg: A GDB Plugin Designed for Vulnerability Analysis

Pwndbg: A GDB Plugin Designed for Vulnerability Analysis

About Pwndbg Pwndbg is a GDB plugin specifically designed for security vulnerability analysis. This tool greatly simplifies the difficulty researchers face when using GDB for vulnerability analysis and debugging. It primarily focuses on the functionalities required by software developers, hardware hackers, reverse engineers, and vulnerability analysts. The original GDB is not suitable for reverse engineering … Read more

Pwndbg: A GDB Plugin Designed for Security Vulnerability Analysis

Pwndbg: A GDB Plugin Designed for Security Vulnerability Analysis

About Pwndbg Pwndbg is a GDB plugin specifically designed for security vulnerability analysis. This tool significantly simplifies the difficulty researchers face when using GDB for vulnerability analysis and debugging. It mainly focuses on the features required by software developers, hardware hackers, reverse engineers, and vulnerability analysts. The original GDB is not suitable for reverse engineering … Read more

Analysis of Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898)

Analysis of Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898)

CVE Number CVE-2020-16898 Vendor Microsoft/Windows Vulnerability Description Windows 10 version 1709 and above are affected by this vulnerability The vulnerability is caused by improper structure settings during the processing of the ICMPv6 protocol, leading to a stack overflow Vulnerability Impact Attackers can exploit this vulnerability to gain the highest system privileges R3(System) and kernel privileges … Read more