Exploit Writing: CVE-2022-22733 Privilege Escalation & RCE
By Zeyad Azima IntroductionIn the previous blog from here, We have done analysis for CVE-2022-22733 and understand the root cause of the vulnerability & the issue in details. Now, It’s the time to develop an exploit for this vulnerability and take it more further than just escalating our privileges. The ExploitAs we know from the analysis that to explo..
Read more
CVE-2022-22733: Apache ShardingSphere ElasticJob-UI privilege escalation
By Zeyad Azima IntroductionA vulnerability discovered in Apache ShardingSphere ElasticJob-UI known as CVE-2022-22733, The vulnerability lead to exposure of sensitive informatiopns and as a results it allows an attacker who has guest account to do privilege escalation. Testing LabFor the testing lab the vulnerability affecting version 3.0.0 and prior versio..
Read more
CVE-2023-24815: Vert.x-Web Path Traversal Escape
By Zeyad Azima IntroductionA vulnerability discovered in Vert.x-Web known as CVE-2023-24815, a threat actor can exploit this vulnerability to escape the path filter leading to exfiltrate any class path resource or Path Traversal, When tunning on windows. CVE Information CVE-ID: CVE-2023-24815 NVD Published Date: 02/09/2023 NVD Last Modified: 02..
Read more
CVE-2021-42885: deviceMac Remote Command Injection
By Zeyad Azima IntroductionA vulnerability discovered in TOTOLINK EX1200T model known as CVE-2021-42885 which is a remote command injection through the deviceMac parameter, As a results a malicious user can control the device and achieve remote command execution RCE. (Note:Everything you obtain here is for educational purposes, Don't use or abuse any b..
Read more
CVE-2021-42889: Access Points information leak
By Zeyad Azima IntroductionA vulnerability discovered in TOTOLINK EX1200T model known as CVE-2021-42889 which lead to an exposure of sensitive information such as (wifikey, wifiname) and many more of the AP configurations, as a results anyone exploit this vulnerability can get access to the network. Note:(Everything you obtain here is for educational purpo..
Read more
CVE-2021-42890: Hostime Remote Command Injection
By Zeyad Azima IntroductionA vulnerability discovered in TOTOLINK EX1200T model known as CVE-2021-42889 which is a remote command injection through the HostTime parameter, As a results a malicious user can control the device and achieve remote command execution RCE. (Note:Everything you obtain here is for educational purposes, Don't use or abuse any bu..
Read more
CVE-2021-42886: TOTOLINK EX1200T Information disclosure vulnerability
By Zeyad Azima IntroductionA vulnerability discovered in TOTOLINK EX1200T model known as CVE-2021-42886 which lead to a leak of configurations file to unauthorized user, as a results anyone exploit this vulnerability can get the user name and password of the device. Note:(Everything you obtain here is for educational purposes, Don't use or abuse any bu..
Read more