https://hackerpoet.com/tags/%E5%AE%89%E5%85%A8%E7%A0%94%E7%A9%B6/Recent content in 安全研究 on T4rn's blogHugozh-cnTue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/dataease-2.1.12-bypass/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/dataease-2.1.12-bypass/分析 Dataease 2.1.12 版本中 H2 类型未过滤导致的 JDBC RCE 绕过https://hackerpoet.com/posts/pyjail-challenge/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/pyjail-challenge/Python2/3 沙盒逃逸分析，利用 Unicode NFKC 标准化绕过字母黑名单https://hackerpoet.com/posts/express-engine-trick/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/express-engine-trick/分析 Express render 流程中引擎加载的一个有趣点，记录一种可用于 CTF 的利用思路