迅雷客户端被称存在多个高危漏洞
迅雷客户端被称存在多个高危漏洞
摸鱼的小A WIN哥学安全 2024-03-12 18:19
朋
友发给我的一篇文章,标题是《
Numerous vulnerabilities in Xunlei Accelerator application
》,也就是“在迅雷的加速器应用中发现数个漏洞”。
文章原文链接
我放在这里了:
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
出于吃瓜群众本众的警惕心理,对
此文章发布的网站与作者进行了一番调查。
文章出自https://palant.info/,看上去像是一个个人博客:
看About,是个大牛,不过苯人梯子最近过期了没法找
领英
看是不是假冒网站(99.9%不是啦,我也懒得白费功夫):
这大哥原来是
AdBlock
的作者,那没事了嗷
文章中提到迅雷客户端存在多个RCE:
The XML response was parsed using libexpat 2.1.0. With that version being released more than ten years ago, there are numerous known vulnerabilities, including a number of critical remote code execution vulnerabilities.
并且,在告知迅雷方后,虽然他们承诺复现后会联络,但“一直没有回音”(经典):
Just like most companies, they did not actually contact me again. I saw my proof of concept pages being accessed, so I assumed that the issues are being worked on and did not inquire further.
不过本文并没有提到漏洞的具体细节,所以不是很实际的实锤,虽然八九不离十了。
再次祝各位吃瓜快乐~溜了。
来源:
朋
友发给我的一篇文章,标题是《
Numerous vulnerabilities in Xunlei Accelerator application
》,也就是“在迅雷的加速器应用中发现数个漏洞”。
文章原文链接
我放在这里了:
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
出于吃瓜群众本众的警惕心理,对
此文章发布的网站与作者进行了一番调查。
文章出自https://palant.info/,看上去像是一个个人博客:
看About,是个大牛,不过苯人梯子最近过期了没法找
领英
看是不是假冒网站(99.9%不是啦,我也懒得白费功夫):
这大哥原来是
AdBlock
的作者,那没事了嗷
文章中提到迅雷客户端存在多个RCE:
The XML response was parsed using libexpat 2.1.0. With that version being released more than ten years ago, there are numerous known vulnerabilities, including a number of critical remote code execution vulnerabilities.
并且,在告知迅雷方后,虽然他们承诺复现后会联络,但“一直没有回音”(经典):
Just like most companies, they did not actually contact me again. I saw my proof of concept pages being accessed, so I assumed that the issues are being worked on and did not inquire further.
不过本文并没有提到漏洞的具体细节,所以不是很实际的实锤,虽然八九不离十了。
再次祝各位吃瓜快乐~溜了。
来源:
重生之成为赛博女保安
Tips:
HVV招聘:
投递到–>https://send2me.cn/BD1nNMFo/RA24cM-ZmOVxkw
考证咨询:
全网最低最优惠报考NISP/CISP/CISSP/PTE/PTS/IRE/IRS
等证书,后台回复“好友”加V私聊。