從 SQL 到 RCE: 利用 SessionState 反序列化攻擊 ASP.NET 網站應用程式 | DEVCORE 戴夫寇爾
Tags
| attack-pattern: | Data Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 1f519776-6e2e-42a5-a2b6-0673b5101e46 |
| Fingerprint | 20783f1dd5077706 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 21, 2020, midnight |
| Added to db | Aug. 31, 2024, 1:28 a.m. |
| Last updated | Nov. 19, 2024, 3:58 p.m. |
| Headline | BLOG |
| Title | 從 SQL 到 RCE: 利用 SessionState 反序列化攻擊 ASP.NET 網站應用程式 | DEVCORE 戴夫寇爾 |
| Detected Hints/Tags/Attributes | 18/1/13 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 102 | ✔ | DEVCORE 戴夫寇爾 | https://devco.re/rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 398 | asp.net |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 12 | reader.read |
|
| Details | Domain | 32 | ysoserial.net |
|
| Details | File | 1 | dbo.asp |
|
| Details | File | 70 | web.config |
|
| Details | File | 1 | aspnet_regsql.exe |
|
| Details | File | 1 | convert.db |
|
| Details | File | 1 | aspstate.db |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 13 | ysoserial.exe |
|
| Details | File | 2 | o.asp |
|
| Details | IPv4 | 1443 | 127.0.0.1 |