๐ฅGeoServer SQL Injection Vulnerability Analysis (CVE-2023-25157)
SQL Injection Vulnerabilities have been found with:
๐พ
๐พ
๐พ
๐พ
๐พ
๐พ
๐CVE-2023-25157 - GeoServer SQL Injection - PoC
Usage:
SQL Injection Vulnerabilities have been found with:
๐พ
PropertyIsLike filter, when used with a String field and any database DataStore, or with a PostGIS DataStore with encode functions enabled๐พ
strEndsWith function, when used with a PostGIS DataStore with encode functions enabled๐พ
strStartsWith function, when used with a PostGIS DataStore with encode functions enabled๐พ
FeatureId filter, when used with any database table having a String primary key column and when prepared statements are disabled๐พ
jsonArrayContains function, when used with a String or JSON field and with a PostGIS or Oracle DataStore (GeoServer 2.22.0+ only)๐พ
DWithin filter, when used with an Oracle DataStore๐CVE-2023-25157 - GeoServer SQL Injection - PoC
Usage:
python3 CVE-2023-25157.py <URL>๐4
๐ฅRCE in GitLab's CLI tool
Attack scenario:
1๏ธโฃAttacker creates a repository. They create a branch named "
2๏ธโฃTo make the attack more convincing, they set this branch as the default branch.
3๏ธโฃVictim clones the repository on their machine.
4๏ธโฃVictim tries to create an MR using
Attack scenario:
1๏ธโฃAttacker creates a repository. They create a branch named "
@|calc".2๏ธโฃTo make the attack more convincing, they set this branch as the default branch.
3๏ธโฃVictim clones the repository on their machine.
4๏ธโฃVictim tries to create an MR using
glab mr create --web
5๏ธโฃThe following command is run: cmd.exe /c "start https://gitlab.com/test-user/test-repo/-/merge_requests/new?merge_request[title]=%s^&merge_request[description]=%s^&merge_request[source_branch]=%s^&merge_request[target_branch]=@|calc^&merge_request[source_project_id]=%d^&merge_request[target_project_id]=%d".
6๏ธโฃThe pipe character allows to break out of the URL context and launch calc.Forwarded from ๐พ.๐ฟ.๐ (๐๐๐๐๐๐๐พ๐๐) ๐ฉ
AAJ INTEHAAN HAI SABKA BADA SHIKAR HAI ISKO SAZA DILWANI HAI ISNE KYA KIYA WO KHUD JAKE TWEET PE DEKHLENA VIDEO HAI
JITNE RETWEETS HO SKE KRWA DO MUMBAI POLICE KO TAG KRK
LINK - RETWEET
JITNE RETWEETS HO SKE KRWA DO MUMBAI POLICE KO TAG KRK
LINK - RETWEET
๐1
If you Need TryHackMe Voucher At a Cheapest Rate in the Market...โ
1 Month Voucher = 1.25$ & 100โน
2 Month Voucher = 3$ & 250โน
3 Month Voucher = 5$ & 415โน
Payment Method๐
BTC๐ธ , USDt๐ธ , UPI ๐
Dm๐ผ @lexlegion๐ผ
Limited 2 & 3 month Vouchers Remains...
Grab Your Oppertunity Fast๐
1 Month Voucher = 1.25$ & 100โน
2 Month Voucher = 3$ & 250โน
3 Month Voucher = 5$ & 415โน
Payment Method
BTC
Dm
Limited 2 & 3 month Vouchers Remains...
Grab Your Oppertunity Fast
Please open Telegram to view this post
VIEW IN TELEGRAM
โคโ๐ฅ2
Join our exclusive General Discussion on OSINT, where knowledge meets innovation! Unleash the power of open-source intelligence and dive into cutting-edge strategies with like-minded enthusiasts. Don't miss this opportunity to expand your horizons and stay ahead of the game. Join us now on Telegram and let's unlock the secrets of the digital world together!
โฑTiming: 9pm IST
๐At: https://t.me/osintambition
๐ต๐ฟโโ๏ธBy: @hacklathon
๐Date: July 8, 2023 ( Saturday)
โฑTiming: 9pm IST
๐At: https://t.me/osintambition
๐ต๐ฟโโ๏ธBy: @hacklathon
๐Date: July 8, 2023 ( Saturday)
Forwarded from ๅฝกแด
แดสแด ๊ฐษชสแดๅฝก
๐DIGITAL OCEAN WINDOWS VPS AVAILABLE๐
๐ONLY 8GB 4CORE VPS
๐ธPRICE :- 300/-RS
โ 20DAYS WARRENTY AND 1MONTH VALIDITYโ
๐ฆVPS SERVER AND ANTIBAN SO YOU CAN DO CRACKING OR OTHER THINGS BUT NO MINNING .
๐คฉIB :- @Darkweb_x1
โ PERFOMENCE AND SPEED BETTER THEN RDPโ
โ๏ธINTERNET SPEED 1GBPS+
๐ONLY 8GB 4CORE VPS
๐ธPRICE :- 300/-RS
โ 20DAYS WARRENTY AND 1MONTH VALIDITYโ
๐ฆVPS SERVER AND ANTIBAN SO YOU CAN DO CRACKING OR OTHER THINGS BUT NO MINNING .
๐คฉIB :- @Darkweb_x1
โ PERFOMENCE AND SPEED BETTER THEN RDPโ
โ๏ธINTERNET SPEED 1GBPS+
๐1
๐ฅKramer Enterprises Leak : https://system32.ink/kramer-enterprises-leak/
๐ฅFHR Electric Data Leak : https://system32.ink/fhr-electric-data-leak/
๐ฅManjaro LPE 0day root LPE Exploit : https://system32.ink/manjaro-lpe-0day-root-lpe-exploit/
๐ฅRhadamanthys Stealer : https://system32.ink/rhadamanthys-stealer/
๐ฅFHR Electric Data Leak : https://system32.ink/fhr-electric-data-leak/
๐ฅManjaro LPE 0day root LPE Exploit : https://system32.ink/manjaro-lpe-0day-root-lpe-exploit/
๐ฅRhadamanthys Stealer : https://system32.ink/rhadamanthys-stealer/
๐1
Forwarded from BlackDragonSec ๐ฎ๐ณ
Some Pedophile Activists claimed to hack Indian satalite database UwU. Here's the very sensitive database Link but public :'(
https://aerospaceweb.org/question/weapons/q0187.shtml
POV: what's this sir..
UwU ๐
Good Job ICF ๐
https://aerospaceweb.org/question/weapons/q0187.shtml
POV: what's this sir..
UwU ๐
Good Job ICF ๐
๐คฃ3๐1
Forwarded from BlackDragonSec ๐ฎ๐ณ
When Pedophiles see something advance chapters for the first time and don't understand anything. Just seeing the rocket, aircraft images on chapters they named it they hacked the "INDIAN SATALITE" ๐๐๐
This is not the first time. They claimed it earlier also but after I showed them the truth they deleted their messages LoL
This is not the first time. They claimed it earlier also but after I showed them the truth they deleted their messages LoL
๐คฃ3
Forwarded from Parth Narula
Anyone want bug hunting and owasp top 10 vulnerabilities tips so visit https://scriptjacker.in/owasp.php
You need to first get signup then login to visit this page. Very awesome content and I bet you that you can't find it at one place on entire internet. It's free.
You need to first get signup then login to visit this page. Very awesome content and I bet you that you can't find it at one place on entire internet. It's free.