每日安全动态推送(9-2)

文章预览

Tencent Security Xuanwu Lab Daily News •  0824: Safe Notes: https://bugology.intigriti.io/intigriti-monthly-challenges/0824    ・   介绍了Intigriti八月挑战的一个安全笔记的赛题  –  SecTodayBot •  Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN: https://sudhanshur705.medium.com/bypassing-csp-via-url-parser-confusions-xss-on-netlifys-image-cdn-755a27065fd9    ・   在Netlify的图像CDN上发现XSS漏洞并说明了如何绕过内容安全策略  –  SecTodayBot •  IIS welcome page to source code review to LFI!: https://medium.com/@omarahmed_13016/iis-welcome-page-to-source-code-review-to-lfi-23ec581049f5    ・   本文介绍了通过IIS欢迎页面到源代码审查再到LFI的过程，发现了eStreamChat开源软件存在LFI和盲SSRF漏洞。  –  SecTodayBot •  CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE: https://securityonline.info/cve-2024-42815-cvss-9-8-buffer-ove ………………………………