Outer Web | Explore

Explore >> Select a destination

You are here		www.thezdi.com Zero Day Initiative - From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell!
\|	\|	code-white.com CODE WHITE \| Red Teaming & Attack Surface Management	11.9 parsecs away Travel
\|	\|	Although already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web applications, both on-premises and on Azure. In this blog post, we will elaborate on an hidden attack surface in ASP.NET web applications that might unknowingly leak internal object URIs, which can be used to perform .NET Remoting attacks via HTTP, possibly allowing unauthenticated remote code execution.	11.9 parsecs away Travel
\|	\|	y4y.space My Steps of Reproducing ProxyShell - !	7.9 parsecs away Travel
\|	\|	?????TCC??????????????????????????? Preface A few days ago, Orange dropped another two Microsoft Exchange attack chains on his BlackHat presentation. The two new attacks are ProxyOrcale, which focuses on the Padding Orcale Attack, and ProxyShell, which exploits a Path Confusion vulnerability to achieve arbitrary file write and eventually code execution. This blog assumes readers have read Orange's...	7.9 parsecs away Travel
\|	\|	www.zerodayinitiative.com Policy \| Zero Day Initiative	12.5 parsecs away Travel
\|	\|		12.5 parsecs away Travel
\|	\|	claroty.com New Critical Vulnerabilities in Unitronics Unistream Devices Uncovered \| Claroty	76.0 parsecs away Travel
\|		Team82 uncovered eight vulnerabilities that not only bypassed the authentication and authorization features in Unitronics UniStream PLCs, but also were able to chain to gain remote code execution on the device.	76.0 parsecs away Travel