d4e68dbb7e
39 changes to exploits/shellcodes/ghdb ProLink PRS1841 PLDT Home fiber - Default Password Nacos 2.0.3 - Access Control vulnerability sudo 1.8.0 to 1.9.12p1 - Privilege Escalation sleuthkit 4.11.1 - Command Injection Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS) ManageEngin AMP 4.3.0 - File-path-traversal SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) AmazCart CMS 3.4 - Cross-Site-Scripting (XSS) Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS) Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated ChiKoi v1.0 - SQL Injection ERPGo SaaS 3.9 - CSV Injection GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE) GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS) MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated) Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Prizm Content Connect v10.5.1030.8315 - XXE SLIMSV 9.5.2 - Cross-Site Scripting (XSS) WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) Roxy WI v6.1.0.0 - Improper Authentication Control Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload Solaris 10 libXm - Buffer overflow Local privilege escalation Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path Windows 11 10.0.22000 - Backup service Privilege Escalation Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode (373 bytes)
41 lines
No EOL
1.4 KiB
Text
41 lines
No EOL
1.4 KiB
Text
## Title: Windows 11 10.0.22000 - Backup service Privilege Escalation
|
|
## Author: nu11secur1ty
|
|
## Date: 01.13.2023
|
|
## Vendor: https://www.microsoft.com/
|
|
## Software: https://www.microsoft.com/en-us/software-download/windows11
|
|
## Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-21752
|
|
|
|
## Description:
|
|
Windows 11 Pro build 10.0.22000 Build 22000 suffers from Backup
|
|
service - Privilege Escalation vulnerability.
|
|
An attacker who successfully exploited this vulnerability could gain
|
|
SYSTEM privileges.
|
|
and could delete data that could include data that results in the
|
|
service being unavailable.
|
|
|
|
|
|
## STATUS: HIGH Vulnerability - CRITICAL
|
|
|
|
[+] Exploit:
|
|
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-21752/PoC)
|
|
|
|
## Reference:
|
|
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21752)
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-21752/PoC)
|
|
|
|
## Proof and Exploit:
|
|
[href](https://streamable.com/f2dl3m)
|
|
|
|
|
|
|
|
--
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
Exploit developer at https://packetstormsecurity.com/
|
|
https://cve.mitre.org/index.html https://0day.today/
|
|
https://cxsecurity.com/ and https://www.exploit-db.com/
|
|
home page: https://www.nu11secur1ty.com/
|
|
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
|
|
nu11secur1ty <http://nu11secur1ty.com/> |