0cb2c9699d
8 changes to exploits/shellcodes/ghdb Roxy Fileman 1.4.5 - Arbitrary File Upload Paradox Security Systems IPR512 - Denial Of Service WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing BrainyCP V1.0 - Remote Code Execution Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE) ever gauzy v0.281.9 - JWT weak HMAC secret
40 lines
No EOL
1.2 KiB
Text
40 lines
No EOL
1.2 KiB
Text
## Title: Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability
|
|
## Author: nu11secur1ty
|
|
## Date: 04.10.2023
|
|
## Vendor: https://developer.microsoft.com/en-us/
|
|
## Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
|
|
## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
|
|
## CVE ID: CVE-2023-24892
|
|
|
|
## Description:
|
|
The Webview2 development platform is vulnerable to Spoofing attacks.
|
|
The attacker can build a very malicious web app and spread it to the
|
|
victim's networks.
|
|
and when they open it this can be the last web app opening for them.
|
|
|
|
STATUS: HIGH Vulnerability
|
|
|
|
[+]Exploit:
|
|
|
|
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892/PoC)
|
|
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892)
|
|
|
|
## Proof and Exploit:
|
|
[href](https://streamable.com/uk7l2n)
|
|
|
|
## Time spend:
|
|
03:00:00
|
|
|
|
|
|
--
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
Exploit developer at
|
|
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
|
|
https://www.exploit-db.com/
|
|
home page: https://www.nu11secur1ty.com/
|
|
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
|
|
nu11secur1ty <http://nu11secur1ty.com/> |