Tag: Cybersecurity

Spring Could Config Server has a directory traversal vulnerability CVE-2020-5410. The vulnerability is due to the direct splicing of the obtained name and label in the MVC architecture without any filtering. It can be performed with the base address in the configuration file. Backtrack at any position and read the file.

The execution of malicious code on the target host can be divided into uploading/downloading and executing malicious code and fileless remote malicious code execution. Next, let's summarize some methods of downloading and executing malicious code in Linux and Windows.