inhann's blog
https://inhann.top/icon.png
Night gathers, and now my watch begins.
2026-02-25T15:17:04.008Z
https://inhann.top/
inhann
inhannsec@gmail.com
Hexo
Browser-use Agent based on Graph-Spec and JS-in-Jupyter Meta Tooling
https://inhann.top/2026/02/25/browser-agent/
2026-02-25T13:50:05.000Z
2026-02-25T15:17:04.008Z
<p><em>How I built a spec-driven browser automation agent by extending OpenCode with dynamic task graphs and stateful JavaScript
360 MCP 生态安全风险治理实践与思考
https://inhann.top/2025/05/28/360%20MCP%20%E7%94%9F%E6%80%81%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9%E6%B2%BB%E7%90%86%E5%AE%9E%E8%B7%B5%E4%B8%8E%E6%80%9D%E8%80%83/
2025-05-28T16:45:02.000Z
2026-02-25T15:17:04.006Z
<p><img src="/Pasted%20image%2020250529113310.png"></p>
<h1 id="一、背景概述"><a href="#一、背景概述" class="headerlink"
红队视角:Gitlab已知攻击面与潜在风险
https://inhann.top/2025/03/27/%E7%BA%A2%E9%98%9F%E8%A7%86%E8%A7%92%E7%9A%84gitlab%E5%B7%B2%E7%9F%A5%E6%94%BB%E5%87%BB%E9%9D%A2%E4%B8%8E%E6%BD%9C%E5%9C%A8%E9%A3%8E%E9%99%A9/
2025-03-27T06:48:33.000Z
2026-02-25T15:17:04.008Z
<h1 id="红队视角的Gitlab已知攻击面与潜在风险"><a href="#红队视角的Gitlab已知攻击面与潜在风险" class="headerlink"
指针分析与Java反序列化利用链挖掘实践(一)
https://inhann.top/2024/10/07/%E6%8C%87%E9%92%88%E5%88%86%E6%9E%90%E4%B8%8EJava%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8%E9%93%BE%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5%EF%BC%88%E4%B8%80%EF%BC%89/
2024-10-07T06:48:33.000Z
2026-02-25T15:17:04.008Z
<blockquote>
<p>本系列文章将以SAST引擎开发者的视角,讲述笔者如何在实际的漏洞挖掘场景下,利用指针分析等程序分析手段,实现半自动化的Java反序列化利用链挖掘方案。<br>本文是该系列文章的第一篇,主要讲述必要的概念、核心原理、核心思路和算法。</p>
</bl
CVE-2023-22518 Confluence 未授权恢复站点
https://inhann.top/2023/11/13/confluence-json-restore/
2023-11-13T06:45:02.000Z
2026-02-25T15:17:04.008Z
<blockquote>
<p>之后多写漏洞分析</p>
</blockquote>
<h1 id="0x00-概述"><a href="#0x00-概述" class="headerlink"
ejs RCE CVE-2022-29078 bypass
https://inhann.top/2023/03/26/ejs/
2023-03-26T06:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="ejs-RCE-CVE-2022-29078-bypass"><a href="#ejs-RCE-CVE-2022-29078-bypass" class="headerlink" title="ejs RCE CVE-2022-29078
Thinkphp多语言RCE
https://inhann.top/2022/12/12/thinkphp_lang/
2022-12-12T04:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="Thinkphp-多语言-RCE"><a href="#Thinkphp-多语言-RCE" class="headerlink" title="Thinkphp 多语言 RCE"></a>Thinkphp 多语言
原生反序列化链 jdk8u20 的新构造
https://inhann.top/2022/09/11/8u20/
2022-09-11T06:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="原生反序列化链-jdk8u20-的新构造"><a href="#原生反序列化链-jdk8u20-的新构造" class="headerlink" title="原生反序列化链 jdk8u20 的新构造"></a>原生反序列化链 jdk8u20
Linux jdk8 tomcat 使用 lib 的随机性
https://inhann.top/2022/06/28/tomcat_random_lib/
2022-06-28T10:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="Linux-jdk8-tomcat-使用-lib-的随机性"><a href="#Linux-jdk8-tomcat-使用-lib-的随机性" class="headerlink" title="Linux jdk8 tomcat 使用 lib
A new way to bypass __wakeup() and build POP chain
https://inhann.top/2022/05/17/bypass_wakeup/
2022-05-17T08:12:05.000Z
2026-02-25T15:17:04.008Z
<h1 id="A-new-way-to-bypass-wakeup-and-build-POP-chain"><a href="#A-new-way-to-bypass-wakeup-and-build-POP-chain" class="headerlink"
Shiro Padding Oracle Attack (shiro-721)
https://inhann.top/2022/04/29/shiro721/
2022-04-29T16:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="Shiro-Padding-Oracle-Attack-shiro-721"><a href="#Shiro-Padding-Oracle-Attack-shiro-721" class="headerlink" title="Shiro Padding
pwnhub 胖哈勃春季赛 web
https://inhann.top/2022/04/25/pwnhub_spring_2022/
2022-04-25T16:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="pwnhub-胖哈勃春季赛-web"><a href="#pwnhub-胖哈勃春季赛-web" class="headerlink" title="pwnhub 胖哈勃春季赛 web"></a>pwnhub 胖哈勃春季赛
hfctf2022 ezphp writeup
https://inhann.top/2022/03/26/hfctf2022_ezphp/
2022-03-26T11:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="hfctf2022-ezphp-writeup"><a href="#hfctf2022-ezphp-writeup" class="headerlink" title="hfctf2022 ezphp writeup"></a>hfctf2022 ezphp
Java Serialization Format
https://inhann.top/2022/03/15/java_serialization_format/
2022-03-15T08:12:05.000Z
2026-02-25T15:17:04.008Z
<h1 id="Java-Serialization-Format-mapping"><a href="#Java-Serialization-Format-mapping" class="headerlink" title="Java Serialization Format
HTTPS 学习
https://inhann.top/2022/01/29/https/
2022-01-29T12:45:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="HTTPS-学习"><a href="#HTTPS-学习" class="headerlink" title="HTTPS 学习"></a>HTTPS 学习</h1><h2 id="运行-https-server-:"><a
CVE-2021-41773 复现
https://inhann.top/2021/10/06/CVE-2021-41773/
2021-10-06T14:45:02.000Z
2026-02-25T15:17:04.008Z
<h2 id="CVE-2021-41773-复现"><a href="#CVE-2021-41773-复现" class="headerlink" title="CVE-2021-41773 复现"></a>CVE-2021-41773 复现</h2><h3
深入 FTP 攻击 php-fpm 绕过 disable_functions
https://inhann.top/2021/09/24/ftp_disable_functions/
2021-09-24T11:59:02.000Z
2026-02-25T15:17:04.008Z
<h1 id="深入-FTP-攻击-php-fpm-绕过-disable-functions"><a href="#深入-FTP-攻击-php-fpm-绕过-disable-functions" class="headerlink" title="深入 FTP 攻击
redis 主从复制 RCE
https://inhann.top/2021/09/13/redis_master_slave_rce/
2021-09-13T16:45:02.000Z
2026-02-25T15:17:04.008Z
<p>[toc]</p>
<h1 id="redis-主从复制-RCE"><a href="#redis-主从复制-RCE" class="headerlink" title="redis 主从复制 RCE"></a>redis 主从复制 RCE</h1><h2
nodejs session-file-store session 伪造
https://inhann.top/2021/08/15/session-forge-express-nodejs/
2021-08-15T12:45:02.000Z
2026-02-25T15:17:04.008Z
<p>[toc]</p>
<h2 id="express-session-生成-Cookie"><a href="#express-session-生成-Cookie" class="headerlink" title="express-session 生成
web复现之buu二号弹
https://inhann.top/2021/04/20/buu_web_2/
2021-04-20T05:34:05.000Z
2026-02-25T15:17:04.008Z
<p>[toc]</p>
<blockquote>
<p>菜鸡又在buu上刷了点题,这里记录一下30道web的解题思路。。。。。。</p>
</blockquote>
<h2 id="0x01-BJDCTF-2nd-xss之光"><a