Cool-Y.github.io/content.json

{"meta":{"title":"混元霹雳手","subtitle":null,"description":"没人比我更懂中医#MAGA","author":"Cool-Y","url":"https://cool-y.github.io","root":"/"},"pages":[{"title":"","date":"2019-04-15T07:35:38.084Z","updated":"2019-04-15T07:35:38.084Z","comments":true,"path":"baidu_verify_4WtqA1rZRc.html","permalink":"https://cool-y.github.io/baidu_verify_4WtqA1rZRc.html","excerpt":"","text":"4WtqA1rZRc"},{"title":"","date":"2019-04-15T07:35:38.085Z","updated":"2019-04-15T07:35:38.085Z","comments":true,"path":"googleacf4df440b4becc4.html","permalink":"https://cool-y.github.io/googleacf4df440b4becc4.html","excerpt":"","text":"google-site-verification: googleacf4df440b4becc4.html"},{"title":"关于我","date":"2019-03-17T10:55:11.000Z","updated":"2019-04-15T07:35:38.083Z","comments":false,"path":"about/index.html","permalink":"https://cool-y.github.io/about/index.html","excerpt":"","text":"一只想成为hacker的菜鸡的随笔自称混元霹雳手本科毕业于成都七中附属大学，EE专业现于街道口樱花大学攻读IS硕士偶尔分享踩过的坑以及一些乱七八糟的想法欢迎交流~"},{"title":"","date":"2019-03-28T05:39:07.000Z","updated":"2019-07-01T12:29:27.676Z","comments":false,"path":"bookmarks/index.html","permalink":"https://cool-y.github.io/bookmarks/index.html","excerpt":"","text":"将常用的一些网站汇总在此，便于浏览和查询 安全博客 360核心安全技术博客 &nbsp;phrake &nbsp; Sec-WIKI &nbsp; 绿盟科技 论坛 看雪 &nbsp;Paper&nbsp; XDA&nbsp; FreeBuf&nbsp; 安全客&nbsp; 吾爱破解&nbsp; 吾爱漏洞&nbsp; 漏洞银行exploit-db CTF CTF领域指南&nbsp; pwnhub&nbsp; 乌云知识库&nbsp; ctf维基&nbsp; pwn台湾&nbsp; pwn韩国 技能学习 思否 iot 智能家居百科&nbsp; HomeAssistant&nbsp; HomeBridge 编程 codeforces&nbsp; leetcode 工具 mitmproxy&nbsp; msfvenom&nbsp; shellphish&nbsp; KALItools&nbsp;valgrind-内存泄露扫描利器 资源下载 Emoji表情&nbsp; Apk镜像 服务提供 云图片存储&nbsp; shodan"},{"title":"文章分类","date":"2019-03-16T09:42:42.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"categories/index.html","permalink":"https://cool-y.github.io/categories/index.html","excerpt":"","text":""},{"title":"","date":"2019-08-08T12:35:31.000Z","updated":"2019-08-08T12:45:11.098Z","comments":false,"path":"hack之外/index.html","permalink":"https://cool-y.github.io/hack之外/index.html","excerpt":"","text":""},{"title":"文章标签","date":"2019-03-16T09:37:34.000Z","updated":"2019-04-15T07:35:38.085Z","comments":false,"path":"tags/index.html","permalink":"https://cool-y.github.io/tags/index.html","excerpt":"","text":""}],"posts":[{"title":"Netgear_栈溢出漏洞_PSV-2020-0211","slug":"Netgear-psv-2020-0211","date":"2021-01-08T05:26:26.000Z","updated":"2021-01-08T05:45:50.553Z","comments":true,"path":"2021/01/08/Netgear-psv-2020-0211/","link":"","permalink":"https://cool-y.github.io/2021/01/08/Netgear-psv-2020-0211/","excerpt":"","text":"固件模拟与UPnP栈溢出利用https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211 https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r8300-upnpd-preauth-rce/https://paper.seebug.org/1311/#1https://www.anquanke.com/post/id/217606 0x00 漏洞概要 漏洞编号： PSV-2020-0211 披露时间： 2020 -07-31 — Netgear 官方发布安全公告 2020-08-18 – 漏洞公开披露 影响厂商： Netgear 漏洞类型： 栈溢出漏洞 漏洞评分（CVSS）： 9.6, (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 利用条件： 该漏洞只需攻击者能够通过网络访问被攻击路由器的UPnP服务，无需身份验证。 漏洞成因： 该漏洞位于路由器的 UPnP 服务中， 由于解析 SSDP 协议数据包的代码存在缺陷，导致未经授权的远程攻击者可以发送特制的数据包使得栈上的 buffer 溢出，进一步控制 PC 执行任意代码。 0x01 威胁范围 影响范围： R8300 running firmware versions prior to 1.0.2.134 ZoomEye查询结果： Netgear R8300共有579台<39>