Aggregator

``0解鸿蒙逆向题`` 对于一个没有系统接触过鸿蒙逆向的小白，在线下比赛中做出来确实比较困难，这篇文章从鸿蒙小白的角度 探讨 鸿蒙hap包逆向的完整流程及重点难点 随着HarmonyOS NEXT在2024年底正式商用，纯鸿蒙应用的数量在过去一年多迅速增长，安全研究领域对鸿蒙逆向的需求也随之而来。与Android生态成熟的逆向工具链相比，鸿蒙逆向目前仍处于早期阶段，公开的分析资

Submit #836746 / VDB-366175

A vulnerability described as problematic has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. This vulnerability is known as CVE-2026-11534. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #836744 / VDB-366174

A vulnerability marked as critical has been reported in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. This vulnerability is traded as CVE-2026-11533. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as critical has been found in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. This vulnerability appears as CVE-2026-11532. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. This vulnerability is reported as CVE-2026-11531. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as critical has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. This vulnerability is documented as CVE-2026-11530. The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Submit #836743 / VDB-366173

Submit #836639 / VDB-369151

Submit #836636 / VDB-369150

Submit #836634 / VDB-369149

Submit #836633 / VDB-369148

Submit #836629 / VDB-369147

A vulnerability was found in designcomputer mysql-mcp-server up to 0.2.2. It has been rated as critical. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. This vulnerability is registered as CVE-2026-11529. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-11528. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #836490 / VDB-369146

以 Node-tar 的 CVE-2026-24842 为例，分析 hardlink path traversal 是如何绕过提取目录边界的，以及在常见业务场景下，如何一步步演变成任意文件读取、文件覆盖，甚至进一步的代码执行风险

Submit #836474 / VDB-369145

决赛一共有3个题目有解， 一个misc，两个逆向 ，misc考的是流量分析，逆向考的是 安卓native逆向，和 exe逆向 这个题目全场12解，也是感受到了CTF 线上和线下的巨大差异，在AI时代，线上貌似谁都可以成为全栈，大家都很浮躁，静下心来学东西的人变少了，线下一脱离ai，就原型毕露了 (当然也包括我)，还是想要劝勉一下自己，希望自己不要浮躁，踏实求学